Fixes are available
APAR status
Closed as program error.
Error description
After enabling Security Audit settings on Windows, Event Log Monitoring of the Windows agent displays errors. The agent at ITM 6.2 FP1 LA4 level will show errors in the log, while the agent at 6.2.1 level will also display errors in the TEP (System workspace, Security link of the Monitored Logs data view). Detailed Recreation Procedure: On the Windows operating system, enable the Security Audit settings, for instance "Success" and "Failure" of "Audit account logon" events. (Start -> Programs --> Administrative Tools --> Local Securit Policy) Generate some logon events (log several times into the system, also simulating some failures, for instance by entering a wrong password). On the TEP, in the Windows OS agent section, click on the System workspace, then click on Monitored Logs data view, and finally click on the Security Link. 6.2.1 TEP error: Category (Unicode) will display "(2) Not found" and Description will display an error ("Not located in C:\WINDOWS\System32\MsAuditE.dll"). Logs errors (49394817.075A-C8C:knlfuncs.cpp,2100,"DisplayRecord") Category 2 (0x00000002) not found in C:\WINDOWS\System32\MsAuditE.dll (49394817.075B-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL") FormatMessage() unexpected error. Error code 1812. (49394817.075C-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL") FormatMessage() unexpected error. Error code 1812. (49394817.075D-C8C:knlfuncs.cpp,3136,"FormatMessageFromDLL") FormatMessage() unexpected error. Error code 317. Related Files and Output: trace level should be set as ERROR (UNIT: KNL ALL)
Local fix
Problem summary
After enabling the Security Audit settings on Windows, the EventLog Monitoring of Security Events of the Monitoring agent for Windows OS may display on the Tivoli Enterprise Portal a "Not found" category, and the following error in the description: "Not located in C:\WINDOWS\System32\MsAuditE.dll" The user might not see any problem in the Tivoli Enterpise Portal, but the agent log file will always report a great number of errors.
Problem conclusion
With the fix to this APAR the error is no more displayed and logged. The fix for this APAR is contained in the following maintenance package: | LA interim fix | 6.2.0.1-TIV-ITM_WIN-IF0007
Temporary fix
Comments
APAR Information
APAR number
IZ41887
Reported component name
ITM AGENT WINDO
Reported component ID
5724C040W
Reported release
620
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-01-16
Closed date
2009-02-27
Last modified date
2010-09-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
ITM AGENT WINDO
Fixed component ID
5724C040W
Applicable component levels
R620 PSY
UP
R621 PSY
UP
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSRM2J","label":"Tivoli OMEGAMON XE for Distributed Systems"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620"}]
Document Information
Modified date:
04 October 2021