IBM Support

IZ41887: EVENT LOG MONITORING ERRORS

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • After enabling Security Audit settings on Windows, Event Log
    Monitoring
    of the Windows agent displays errors. The agent at ITM 6.2 FP1
    LA4 level
    will show errors in the log, while the agent at 6.2.1 level will
    also
    display errors in the TEP (System workspace, Security link of
    the
    Monitored Logs data view).
    
    Detailed Recreation Procedure:
    
    On the Windows operating system, enable the Security Audit
    settings, for
    instance "Success" and "Failure" of "Audit account logon"
    events.
    (Start -> Programs --> Administrative Tools --> Local Securit
    Policy)
    Generate some logon events (log several times into the system,
    also
    simulating some failures, for instance by entering a wrong
    password).
    
    On the TEP, in the Windows OS agent section, click on the System
    workspace, then click on Monitored Logs data view, and finally
    click on
    the Security Link.
    
    6.2.1 TEP error:
    Category (Unicode) will display "(2) Not found" and Description
    will
    display an error ("Not located in
    C:\WINDOWS\System32\MsAuditE.dll").
    
    Logs errors
    (49394817.075A-C8C:knlfuncs.cpp,2100,"DisplayRecord") Category 2
    (0x00000002) not found in C:\WINDOWS\System32\MsAuditE.dll
    (49394817.075B-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL")
    FormatMessage() unexpected error.  Error code 1812.
    (49394817.075C-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL")
    FormatMessage() unexpected error.  Error code 1812.
    (49394817.075D-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL")
    FormatMessage() unexpected error.  Error code 317.
    
    Related Files and Output: trace level should be set as ERROR
    (UNIT: KNL
    ALL)
    

Local fix

Problem summary

  • After enabling the Security Audit settings on Windows, the
    EventLog Monitoring of Security Events of the Monitoring agent
    for Windows OS may display on the Tivoli Enterprise Portal a
    "Not found" category, and the following error in the
    description:
    
    "Not located in C:\WINDOWS\System32\MsAuditE.dll"
    
    The user might not see any problem in the Tivoli Enterpise
    Portal, but the agent log file will always report a great number
    of errors.
    

Problem conclusion

  • With the fix to this APAR the error is no more displayed and
    logged.
    
    The fix for this APAR is contained in the following maintenance
    package:
          | LA interim fix | 6.2.0.1-TIV-ITM_WIN-IF0007
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ41887

  • Reported component name

    ITM AGENT WINDO

  • Reported component ID

    5724C040W

  • Reported release

    620

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2009-01-16

  • Closed date

    2009-02-27

  • Last modified date

    2010-09-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    ITM AGENT WINDO

  • Fixed component ID

    5724C040W

Applicable component levels

  • R620 PSY

       UP

  • R621 PSY

       UP

[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSRM2J","label":"Tivoli OMEGAMON XE for Distributed Systems"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620"}]

Document Information

Modified date:
04 October 2021