# Solved: VB Script not calling remote server



## snufse (Nov 9, 2010)

I am very new to vb scripting and have folowing issue:

On my desktop I have a vb script where I need to call a .bat file on a remote server. As far as I can see it does not work. Maybe someone can point out what is wrong:


```
Option Explicit
Dim strComputer, strCommand, objWMIService, objProcess, intProcessID, errReturn
strComputer = "vgiwpw03-sql3"
strCommand = "MMC Event Viewer Remote Server.bat"
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
errReturn = objProcess.Create(strCommand, null, null, intProcessID)
If errReturn = 0 Then
Wscript.Echo "Remote Event Viewer was started with a process ID: " & intProcessID
Else
Wscript.Echo "Remote Event Viewer could not be started due to error: " & errReturn
End If
```
When I run the script I get message " Remote event viewer was started with process id 5200"


----------



## TheOutcaste (Aug 8, 2007)

The message says it was successful:
"Remote event viewer* was started* with process id 5200"

What does the batch file do?
If you go to the Remote machine, is the batch file not running?
Check the Task Manager Processes list on the Remote Machine, you should see the process with *Process ID 5200* running, unless the batch file closes right away.


----------



## snufse (Nov 9, 2010)

Hmm - thank you for pointing this out. Here is the script for the .bat file. I see an entry in the task manager for mmc.exe that has memory useage but no CPU useage. However, the vb script does not place any entries in the .txt file.


```
@ECHO OFF
cscript "MMC EVent Viewer Remote Server.vbs"
```
It calls a vb script like this. Note: If a call the .bat direcetly on the remote server it is working fine. I get entries in the .txt file.


```
' This script makes a report of all Error events in the Event
' Viewer logs. The script uses the MMC 2.0 application object model and
' the Event Viewer snap-in.
Option Explicit
 
public objFso, objTextFile
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("C:\MMC Event Viewer Log File.txt", ForAppending, True)
 
' Create the MMC Application object.
Dim objMMC
Set objMMC = Wscript.CreateObject("MMC20.Application")
' Load a console file.
' The console file in this case contains the Event Viewer snap-in.
' This console file ships with the operating system.
objMMC.Load("eventvwr.msc")
 
' Retrieve the Document object. The Document object provides access
' to the ScopeNamespace and ActiveView objects.
Dim objDoc
Set objDoc = objMMC.Document
' Retrieve the ScopeNamespace object. The ScopeNamespace object
' will be used when navigating the scope tree.
Dim objSN
Set objSN = objDoc.ScopeNamespace
' Get the console root node.
Dim objRoot
Set objRoot = objDoc.RootNode
' Using the console Root Node, get the Event Viewer node.
Dim objEvtVwrNode
Set objEvtVwrNode = objSN.GetChild(objRoot)
' Expand the Event Viewer Node.
objSN.Expand(objEvtVwrNode)
' Get the ActiveView, which is a View object.
' This object is used to access the list of nodes and column data.
Dim objView
Set objView = objDoc.ActiveView
' Get the first child node of the Event Viewer node.
On Error Resume Next
Dim objNode
Set objNode = Nothing
Set objNode = objSN.GetChild(objEvtVwrNode)
if (objNode Is Nothing) then
    ' Unexpected condition.
    objTextFile.WriteLine("Unable to get Event Viewer child node.")
    'Wscript.echo "Unable to get Event Viewer child node."
    'Wscript.quit 
end if
Dim objSib  ' Used when moving to the next child (sibling) node.
' Loop through each Event Viewer's child nodes.
Do Until (objNode is Nothing)
    ' Expand the Event Viewer's child node.
    objSN.Expand(objNode)
    ' Display text stating which node is being examined.
    objTextFile.WriteLine("Error events in the " + objNode.Name + " log")
    'Wscript.echo "Error events in the " + objNode.Name + " log"
    objTextFile.WriteLine("=====================================")
    'Wscript.echo "====================================="
    ' Set the active scope node to the child node.
    objView.ActiveScopeNode = objNode
    ' Access the view's list of nodes.
    ' objView.ListItems represents the nodes in the list view.
    Dim objList
    Set objList = objView.ListItems
 
    ' Iterate through the list of nodes.
    Dim objItem
    For Each objItem In objList
        Dim str
        ' Retrieve the data in the first column. In the Event Viewer
        ' snap-in, the first column is for the Event type.
        str = objView.CellContents(objItem, 1)
        ' Determine if the event type is for an Error event.
        If (str = "Error") Then
            ' The node is for an Error event.
            ' Output the details of this Error event, with 
            ' a comma separating each data field.
 
        dim myVariable   
        myVariable = objView.CellContents(objItem, 1) & "," & _
                         objView.CellContents(objItem, 2) & "," & _
                         objView.CellContents(objItem, 3) & "," & _ 
                         objView.CellContents(objItem, 4) & "," & _ 
                         objView.CellContents(objItem, 5) & "," & _ 
                         objView.CellContents(objItem, 6) & "," & _ 
                         objView.CellContents(objItem, 7) & "," & _ 
                         objView.CellContents(objItem, 8)  
 
 
        objTextFile.WriteLine(myVariable)
        End If
    Next
    ' Print a blank line before the next child node is processed.
 
    objTextFile.WriteLine("")
    ' Move to the next node under the Event Viewer node.
    Set objSib = Nothing
    Set objSib = objSN.GetNext(objNode)
    Set objNode = objSib
Loop
objTextFile.Close
```


----------



## TheOutcaste (Aug 8, 2007)

Change the batch file to write both STDOUT and STDERR to a text file so you can see any errors:

```
@ECHO OFF
cscript "MMC Event Viewer Remote Server.vbs">"C:\MMCBatErrors.txt" 2>&1
```
See if you get anything in the *C:\MMCBatErrors.txt* file.


----------



## snufse (Nov 9, 2010)

I get no entries in the MMCBatErrors file. 

When I click the .bat file on the remote server directly I get entry in the Error.txt file:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


And also entries in the Log.txt file: 


Error events in the Application log
=====================================
Error,11/9/2010,2:22:21 PM,Application Hang,(101),1002,N/A,VGIWPW03-SQL3
Error,11/9/2010,10:00:05 AM,SQLAgent$EQUENTIALPROD,Alert Engine ,318,N/A,VGIWPW03-SQL3
Error events in the Security log
=====================================
Error events in the System log
=====================================
Error events in the Internet Explorer log
=====================================
Error events in the Microsoft-Windows-Forwarding/Operational log
=====================================
Error events in the Windows PowerShell log
=====================================


----------



## Squashman (Apr 4, 2003)

I guess I would just use Psexec from Pstools to accmplish the task you are trying to do.


----------



## snufse (Nov 9, 2010)

I changed the calling script file to read as per below. It is now working, why I have no clue. Anyway, thank you very much for your help.

PS. Question, is it possible to copy the script file that retrieves the events to remote servers every time (from desktop) and delete if exists. I will have to run this procedure for 30+ servers and I would like to have just one master copy that I need to maintain. This way I maintain only one copy and it gets distributed every time??? Also, is it possible to consolidate the Event Log files, to have result come back to desktop from all servers (instead of having a log file on each server)?


```
Option Explicit
Dim strComputer, strCommand, [COLOR=red]strPath[/COLOR], objWMIService, objProcess, intProcessID, errReturn
strComputer = "vgiwpw03-sql3"
[COLOR=red]strPath = "c:\"[/COLOR]
[COLOR=red]strCommand = "c:\MMC Event Viewer Remote Server.bat"[/COLOR]
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set objProcess = objWMIService.Get("Win32_Process")
[COLOR=red]errReturn = objProcess.Create(strCommand, strPath, null, intProcessID)[/COLOR]
'WScript.Sleep(10000)
If errReturn = 0 Then
Wscript.Echo "Remote Event Viewer was started with a process ID: " & intProcessID
Else
Wscript.Echo "Remote Event Viewer could not be started due to error: " & errReturn
End If
```


----------



## TheOutcaste (Aug 8, 2007)

OK, first problem, the batch file name has spaces, and it isn't being quoted.
*MMC Event Viewer Remote Server.bat* is seen as just MMC pluse 4 more parameters. It will run MMC.exe as that is on the path, and will give an error for the rest. If you have errors sounds enabled you'd hear it.
I suspect you'll find a bunch of mmc.exe processes running on the remote system.

Second, you are not specifying a path to the batch file, so it must either be in a folder specified in the path variable, or must be in *%Windir%\System32* (usually *C:\Windows\System32*)
The *MMC Event Viewer Remote Server.vbs* file name is being quoted, but you haven't specified a path, so it must be in %Windir%\System32 or it won't be found. cscript will not search the path for a file, it only looks in the Current Directory, which is *%Windir%\System32*.

To quote the name, use this:

```
strCommand = """" & "MMC Event Viewer Remote Server.bat" & """"
```
The MMC Event Viewer Remote Server.bat needs to specify the path to the VBS file:

```
@Echo Off
cscript "[COLOR=Red][B]C:\Scripts\[/B][/COLOR]MMC Event Viewer Remote Server.vbs"
```


----------



## TheOutcaste (Aug 8, 2007)

Or specify the path on the objProcess.Create Command. Looks like that helps with the spaces in the name as well.:up:

You can add the commands to copy and delete the file to one on the server to the batch file, though you actually want to append it:

```
@Echo Off
cscript "C:\Scripts\MMC Event Viewer Remote Server.vbs"
PushD \\Server\LogFileShare
(Echo.
Echo.================================
Echo.
Echo.Event Viewer Error log from %Computername%
Echo.
Echo.================================
Echo.)>>ErrorLogFile.txt
Type "C:\Scripts\MMC Event Viewer Log File.txt">>ErrorLogFile.txt
PopD
Del "C:\Scripts\MMC Event Viewer Log File.txt"
```
Might want to add some error checking to make sure the Server is available, etc, and adjust paths to match your setup of course. You could get the date and use it in the main logfile name so a new file is created each day. Have to remove the / if they are part of your date format, something like this:

```
Set _Date=%date%
Set _Date=%_Date:/=-%
```
Then use *%_Date%ErrorLogFile.txt* as the log file name on the server


----------



## snufse (Nov 9, 2010)

Hello

This is great and been very helpful for me, I've been working on this for a couple of days (mainly due to the lack of understanding of vb script). I shall take the advice and modify my code accordingly.

Instead of having an Event Log file on every server is it possible to have the script update a centrally located common file that will contain info from all servers (actually that is what they want). Also it would be nice if only one script could be run from a central point, connectiong to each server and then collecting the same information.

Again, thank you VERY much.....


----------



## TheOutcaste (Aug 8, 2007)

What operating systems will this be run on? Might be a lot easier to use *eventquery.vbs* that comes with XP and Windows 2003.

Vista and later don't have *eventquery.vbs*, but do have the *wevtutil.exe* (Windows Events Command Line Utility), and the *Event Subscription* feature to have specified events forwarded to one system to be collected in one log automatically.
Then there is Sysinternals PsLogList, part of the PsTools collection.

Type *cscript %windir%\system32\eventquery.vbs /?* or *wevtutil.exe /?* in a Command Prompt for a list of the available options.
See Event Subscription in the Event Viewer Help file on Vista or later for info on configuring that feature.

The current script runs under the Default User profile, so has no Network access. The files would have to be collected from the server side, so it would need to be able to make sure the script has finished creating the file.

It also dumps the entire log from the beginning. It can be modified so it only collects errors that happened after the last time it was run. Really depends on what you want in the final log, and how you want it grouped.

One advantage is you can run this script simultaneously on multiple systems, where *eventquery.vbs* and Sysinternals tool would do each System sequentially, waiting for each to finish.


----------



## snufse (Nov 9, 2010)

Running XP on all servers. Would PowerShell or .Net (vb Windows application) make a difference? I think the final issue will be (the way it is set up now) to copy all the log files into a central file somewhere. They would like to be able to query just one log containing all events from all servers as a daily ops check. 

Thank you for your patience working with me!


----------



## Squashman (Apr 4, 2003)

snufse said:


> I will have to run this procedure for 30+ servers ]





snufse said:


> Running XP on all servers.


You have 30 Windows XP workstations running as some type of file server?


----------



## TheOutcaste (Aug 8, 2007)

If they are all running XP I'd just use eventquery.vbs.

Give this a try. Edit the three lines in red as needed.
It generates a report file named *YYYYMMDD - Error Report.txt* and creates a new file each day. If ran more than once a day, it will append.
If you want to manually archive the file just use a filename without the *_fdate* variable.
After geetting the info from all the systems, it saves the date and time it was started, and uses that on the next run so it will only get new events. Use the /all switch to get all events.

List the PC Names you want to check in the file specified on the *Set _PCNames=* line, one name per line.

If you are not on a domain, you'll probably need to run this from an admin account that exists on all the workstations (with the same password as well)


```
@Echo Off
Echo.%*|>Nul Findstr /I /R /C:"[-/]\?" /C:"[-/]help"&& Goto _Usage || Goto _Start
:_Start
Set _GetAll=False
Echo.%1|>Nul Findstr /I /R /C:"[-/]all" && Set _GetAll=True
Setlocal
Call :_GetDate
Set _Date=%_fdate:~4,2%/%_fdate:~6,2%/%_fdate:~0,4%
For /F "Tokens=1,2 Delims= " %%I In ('Time /T') Do Set _Time=%%I:00%%J
::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: Edit these three variables as needed. Use %_fdate% to add date in YYYYMMDD format
::::::::::::::::::::::::::::::::::::::::::::::::::::::
[B][COLOR=Red]Set _Logs=C:\Scripts\Logs
Set _OutFile=%_Logs%\%_fdate% - Error Report.txt
Set _PCNames=%_Logs%\PCNames.txt[/COLOR][/B]
::::::::::::::::::::::::::::::::::::::::::::::::::::::
Set _vbs=%Systemroot%\System32\eventquery.vbs
Set _Runtime=%_Date%,%_Time%
Set _Datetime=
Set _LastRun=
If Exist "%_Logs%\LastRun.txt" Set /P _LastRun=<"%_Logs%\LastRun.txt"
If %_GetAll%==False If Defined _LastRun Set _Datetime=/FI "Datetime ge %_LastRun%"
(Echo.
Echo.
Echo.==================== Report Generated on %_Date% at %_Time% ====================)>>"%_OutFile%"
For /F "Usebackq Tokens=* Delims=" %%I In ("%_PCNames%") Do (
>>"%_OutFile%" 2>&1 CScript //nologo %_vbs% /S %%I /FI "Type eq Error" %_Datetime%
)
>"%_Logs%\LastRun.txt" Echo.%_Runtime%
Goto :EOF
::::::::::::::::::::::::::::::::::::::::::::::::::::::
::           Subroutines
::::::::::::::::::::::::::::::::::::::::::::::::::::::
:_Usage
Echo.
Echo.Usage:
Echo.
Echo.Call %~n0 [/all]
Echo.
Echo.     /all    If specified (or the LastRun file is missing) gets all errors.
Echo.             If not specified, only gets errors dated after the last run time
Goto :EOF
::::::::::::::::::::::::::::::::::::::::::::::::::::::
:_GetDate
:: This batch file will always display the same results,
:: independent of "International" settings.
:: This batch file uses REG.EXE from the NT Resource Kit
:: (already installed with WinXP and Vista)
:: to read the "International" settings from the registry.
:: Date is returned as yyyymmdd in variable _fdate
:: Modified by TheOutcaste http://forums.techguy.org from
:: SortDate Written byRob van der Woude http://www.robvanderwoude.com
:: to check for two digit years
::
Set _Date=%Date%
If "%_Date%A" LSS "A" (Set _NumTok=1-3) Else (Set _NumTok=2-4)
:: Default Delimiter of TAB and Space are used
For /F "Tokens=2*" %%A In ('Reg Query "HKCU\Control Panel\International" /v iDate') Do Set _iDate=%%B
For /F "Tokens=2*" %%A In ('Reg Query "HKCU\Control Panel\International" /v sDate') Do Set _sDate=%%B
Set _TDYM=
If %_iDate%==0 For /F "Tokens=%_NumTok% Delims=%_sDate% " %%B In ("%_Date%") Do Set _fdate=%%D%%B%%C
If %_iDate%==1 For /F "Tokens=%_NumTok% Delims=%_sDate% " %%B In ("%_Date%") Do Set _fdate=%%D%%C%%B
If %_iDate%==2 For /F "Tokens=%_NumTok% Delims=%_sDate% " %%B In ("%_Date%") Do Set _fdate=%%B%%C%%D
If "%_fdate:~7,1%"=="" For /F "Tokens=3 skip=3" %%I In ('Reg Query "HKCU\Control Panel\International\Calendars\TwoDigitYearMax" /V 1 2^>Nul') Do Set _TDYM=%%I
If Defined _TDYM (Set _MaxY=%_TDYM:~2%&Set _Cent=%_TDYM:~0,2%) Else (Set _MaxY=29&Set _Cent=20)
Set /A _Cm1=_Cent-1
If "%_fdate:~7,1%"=="" If %_fdate:~0,2% LEQ %_MaxY% (Set _fdate=%_Cent%%_fdate%) Else (Set _fdate=%_Cm1%%_fdate%)
Goto:EOF
```


----------



## snufse (Nov 9, 2010)

Correction: We have 52+ servers mix of 2003./2005/2008.

Someone told me there is something called EventCollector that might do the job?

Also someone has following query in a .bat file that seems to collect server events.


```
REM Debary
eventquery /s RGDBFS /fi "type eq warning or type eq error" /fi "ID gt 1000" /fi "id ne 1501 or id ne 1108 or id ne 1517" /v /fo CSV  >>"c:\ops check stuff\events.csv"
```
You guys have any comments? Thank you.


----------



## Squashman (Apr 4, 2003)

snufse said:


> Correction: We have 52+ servers mix of 2003./2005/2008.


2005? Never heard of Windows 2005 server.


----------



## snufse (Nov 9, 2010)

In the c:\scripts folder I now have files, a 20101110 - Error Report and a LastRun file. I have added an entry to the PCNames file.

After I run the content of the Error report is:

==================== Report Generated on 11/10/2010 at 10:55:00AM ====================

but no further entries. I guess I need to insert my script for the venets somewhere? Thank you.


----------



## snufse (Nov 9, 2010)

Should be 2003 / 2008


----------



## TheOutcaste (Aug 8, 2007)

snufse said:


> Correction: We have 52+ servers mix of 2003./2005/2008.
> 
> Someone told me there is something called EventCollector that might do the job?
> 
> ...


That's the same *eventquery.vbs* file that the batch file I posted uses.
You have to properly configure VBScript to be able to run it without specifying CScript and the .vbs extension. It does not need any other scripts/files.

It will only work on XP or Win 2003. Eventquery does not exist on Win 2008 systems.
Open a Command Prompt
type this line and see if you get an error, or get results (use a real PC name for PCName of course):
*CScript //nologo %windir%\System32\eventquery.vbs /S PCName /FI "Type eq Error"*
Or just type this and see if you get the help screen:
*cscript %windir%\system32\eventquery.vbs /?*

If the PC name you chose was for a Win 2003 server, it could take several minutes to run depending on the sizes of the different log files.


----------



## snufse (Nov 9, 2010)

Now, I think I got your code working. I have added a couple if server names and getting records in the ErrorReport. However, I am not seeing any details like server name or error details, I know that one of the servers I entered has at least one error. This is what I see. Think we are getting very close:


```
==================== Report Generated on 11/10/2010 at 11:48:00AM ====================
 
INFO: No records available for the 'application' log with the specified criteria.
 
INFO: No records available for the 'internet explorer' log.
 
INFO: No records available for the 'microsoft-windows-forwarding/operational' log.
 
INFO: No records available for the 'security' log with the specified criteria.
 
INFO: No records available for the 'system' log.
 
INFO: No records available for the 'windows powershell' log.
 
 
INFO: No records available for the 'application' log with the specified criteria.
 
INFO: No records available for the 'forwardedevents' log.
 
INFO: No records available for the 'hardwareevents' log.
 
INFO: No records available for the 'internet explorer' log.
 
INFO: No records available for the 'microsoft-windows-eventcollector/operational' log.
 
INFO: No records available for the 'microsoft-windows-forwarding/operational' log.
 
INFO: No records available for the 'security' log with the specified criteria.
 
INFO: No records available for the 'system' log.
 
INFO: No records available for the 'windows powershell' log.
```
PCNames file:

vgiwpw03-sql3
vgibesql


----------



## TheOutcaste (Aug 8, 2007)

If you didn't use the */All* switch, or delete the *LastRun* file, it will only list errors that occurred since you last ran the batch file. Do if you run it with one name, then add a name and run it again, it will not get errors for the 2nd PC unless that happened in that short time frame while you added the name.

While testing, comment out the line that checks for that file and delete the file, that way it will always get all errors.
Just add *::* to the start of the line:

*:: If Exist "%_Logs%\LastRun.txt" Set /P _LastRun=<"%_Logs%\LastRun.txt"*


----------



## snufse (Nov 9, 2010)

Ok I deleted the LastRun file and re-ran the .bat. Here is the result:


```
==================== Report Generated on 11/10/2010 at 12:23:00PM ====================
 
------------------------------------------------------------------------------
Listing the events in 'application' log of host 'VGIWPW03-SQL3'
------------------------------------------------------------------------------
 Type          Event  Date Time                Source            ComputerName  
 ------------- ------ ------------------------ ----------------- --------------
 Error         1000   11/10/2010 12:21:46 PM   Application Error VGIWPW03-SQL3 
 Error         318    11/10/2010 10:00:02 AM   SQLAgent$EQUENTIA VGIWPW03-SQL3 
 
INFO: No records available for the 'internet explorer' log.
 
INFO: No records available for the 'microsoft-windows-forwarding/operational' log.
 
INFO: No records available for the 'security' log with the specified criteria.
 
------------------------------------------------------------------------------
Listing the events in 'system' log of host 'VGIWPW03-SQL3'
------------------------------------------------------------------------------
 Type          Event  Date Time                Source            ComputerName  
 ------------- ------ ------------------------ ----------------- --------------
 Error         7034   11/10/2010 12:21:47 PM   Service Control M VGIWPW03-SQL3 
 
INFO: No records available for the 'windows powershell' log.
 
 
INFO: No records available for the 'application' log with the specified criteria.
 
INFO: No records available for the 'forwardedevents' log.
 
INFO: No records available for the 'hardwareevents' log.
 
INFO: No records available for the 'internet explorer' log.
 
INFO: No records available for the 'microsoft-windows-eventcollector/operational' log.
 
INFO: No records available for the 'microsoft-windows-forwarding/operational' log.
 
INFO: No records available for the 'security' log with the specified criteria.
 
INFO: No records available for the 'system' log with the specified criteria.
 
INFO: No records available for the 'windows powershell' log.
```
1. It looks like a couple of lines are being repeated, like:


```
INFO: No records available for the 'microsoft-windows-forwarding/operational' log.
```
2. In the PCName file I have 2 entries and it picks up only one server. They now tell me that there are a few of 2008 and I guess that is why this server is not being picked up. Will the appraoch be totally different if we need to include 2008 as well?

Thank you.


----------



## TheOutcaste (Aug 8, 2007)

Actually it looks like there are two PCs in the output, just there were no errors on the 2nd one so the name isn't displayed.
I'd say the first PC's info ends with the *windows powershell log*, and the next PC starts right after that, I'd say it's the WIn 2008 system.

The *'forwardedevents' log* is a Win 2008 feature (Vista and later actually), that uses Event Subscription to gather info from other systems. Those items are considered "Forwarded" to this system, so are put in the *forwardedevents* log.

It's possible that there are simply no errors in the logs on that system, or it may be an issue of Win2K8 simply not responding to the *eventquery.vbs* script. I don't have a 2K8 system setup at the moment to test.

Let's add some lines to output the Computer name to make sure it's always in the report.
The lines in red are the new ones, this is about line 26:

```
For /F "Usebackq Tokens=* Delims=" %%I In ("%_PCNames%") Do (
[COLOR=Red](Echo.
Echo.====== Checking logs on Computer %%I ======
Echo.)>>"%_OutFile%"[/COLOR]
>>"%_OutFile%" 2>&1 CScript //nologo %_vbs% /S %%I /FI "Type eq Error" %_Datetime%
)
```


----------



## snufse (Nov 9, 2010)

Hello TheOutcaste,

WOW, this looks great. I've checked against the event viewers and it matches up. Great job!

PS. We do not have any 2008 so we should be OK.

I don't know how to thank you, you been very supportive and have done a great job. Saved me alot of hours and besides I learned so much.

Thanks again.....


----------



## snufse (Nov 9, 2010)

Is it possible to have the script create the Error Report with date and time as prefix. They plan to run the report several times during the day (instead of appending to existing file within the same day)? Also we would like to list both Error and Warning. Not sure about the syntax:


```
"Type eq Error or Type eq Warning" Correct ???
```
Also when we run the script we are getting several error like:


```
ERROR: Please check the system name, credentials and WBEM Core.
```
Not sure what these are and why.

Thank you.


----------



## TheOutcaste (Aug 8, 2007)

To get Error or Warning that's the correct format:
"Type eq Error or Type eq Warning"

You can add the time to the log file name, we just have to remove the *:* as it's not allowed in file names:


```
Set _OutFile=%_Logs%\%_fdate%[COLOR=Red][B]-%_Time::=%[/B][/COLOR] - Error Report.txt
```



snufse said:


> ERROR: Please check the system name, credentials and WBEM Core.


This error means it was unable to connect with that particular PC, the one named just above the error. Could be any number of reasons, these are the most common that I can think of:
Mistyped PC name
PC is offline
Firewall is blocking the connection:Turn off firewall, or configure it for Remote Administration.
For the Windows firewall, see this article
Connecting Through Windows Firewall
Usually just need to enable the service through Group Policy, or netsh:
*netsh firewall set service **RemoteAdmin** enable*
I've not had to open ports​Username and Password not accepted:Depends on if this is a Domain or Workgroup setup, or two different Domains that do not have a trust relationship established.
If running the batch file using a Domain Admin account, and the target PC is a member of the Domain, or a Trusted Domain, it should work.
See the Securing a Remote WMI Connection link in the previous article if the PC is in an untrusted domain.
If the target PC is in a Workgroup, then it must have an Admin account with the same username and password as the account that is running the batch file.​WMI Service not running
On the target PC, Click *Start | Run* (or press *WinKey+R*), type *services.msc*, press *Enter*.
Make sure these services are set as follows:

```
DCOM Server Process Launcher              - Automatic
Remote Procedure Call (RPC)               - Automatic
Remote Procedure Call (RPC) Locator       - Manual
Windows Management Instrumentation        - Automatic
Windows Management Instrumentation Driver Extensions - Manual
```
The ones set to *Automatic* should show a status of *Started*.
Also try to ping the PC by name. You might not get a reply, but ping should be able to resolve the IP address of the system.


----------



## snufse (Nov 9, 2010)

The error below was due to security and now running as serveradmin corrected that (as suggested).


```
ERROR: Please check the system name, credentials and WBEM Core
```
_._

I could be wrong but I remember reading that selection on Type can either be eq / ne and that it is not possible to select on Type using "or" statement. The suggested approach to include error and warning would be to set Type ne Information, however thould will include audit messages for the security log. If this is the case, is it possible to set "Type ne Information and then omit the Security Log?

I tried to run with "Type eq Error or Type eq Warning" but output was not correct.

I could be totally wrong (as I am most of the time!!).

Also, where would I insert a print line saying *** End of Report *** in the script?


----------



## TheOutcaste (Aug 8, 2007)

Hmm, "Type eq Error or Type eq Warning" gives both Error and Warning messages for me. Last example in the help output (Eventquery.vbs /?) shows that OR is allowed. It shows it upper case, but lower case worked for me:

*EVENTQUERY.vbs /FI "Type eq error OR Id gt 1000 "*

You can add an End of Report message right after the For loop that outputs the Report:

```
For /F "Usebackq Tokens=* Delims=" %%I In ("%_PCNames%") Do (
(Echo.
Echo.====== Checking logs on Computer %%I ======
Echo.)>>"%_OutFile%"
>>"%_OutFile%" 2>&1 CScript //nologo %_vbs% /S %%I /FI [COLOR=Blue]"Type eq Error or Type eq Warning"[/COLOR] %_Datetime%
)
[COLOR=Red]Echo.
Echo.================================ End of Report ================================>>"%_OutFile%"
[/COLOR]
```
Here's what I get using the about settings for the Report:

```
==================== Report Generated on 11/12/2010 at 10:37:00AM ====================

====== Checking logs on Computer XP-SP3 ======

 
------------------------------------------------------------------------------
Listing the events in 'application' log of host 'XP-SP3'
------------------------------------------------------------------------------
 Type          Event  Date Time               Source            ComputerName   
 ------------- ------ ----------------------- ----------------- ---------------
 error         1054   11/12/2010 9:40:36 AM   Userenv           XP-SP3
 error         1054   11/12/2010 9:54:59 AM   Userenv           XP-SP3
 error         15     11/12/2010 9:56:19 AM   AutoEnrollment    XP-SP3
 error         1053   11/12/2010 10:09:20 AM  Userenv           XP-SP3
 error         1000   11/12/2010 10:09:43 AM  UserInit          XP-SP3
 error         15     11/12/2010 10:10:03 AM  AutoEnrollment    XP-SP3
 error         1053   11/12/2010 10:13:57 AM  Userenv           XP-SP3
 
INFO: No records available for the 'security' log with the specified criteria.
 
------------------------------------------------------------------------------
Listing the events in 'system' log of host 'XP-SP3'
------------------------------------------------------------------------------
 Type          Event  Date Time               Source            ComputerName   
 ------------- ------ ----------------------- ----------------- ---------------
 error         29     11/12/2010 9:53:56 AM   W32Time           XP-SP3
 warning       14     11/12/2010 9:53:56 AM   W32Time           XP-SP3
 error         5719   11/12/2010 9:54:10 AM   NETLOGON          XP-SP3
 warning       14     11/12/2010 9:54:45 AM   W32Time           XP-SP3
 error         29     11/12/2010 9:54:45 AM   W32Time           XP-SP3
 warning       40960  11/12/2010 9:57:55 AM   LSASRV            XP-SP3
 warning       40961  11/12/2010 9:57:55 AM   LSASRV            XP-SP3
 warning       14     11/12/2010 10:01:13 AM  W32Time           XP-SP3
 error         29     11/12/2010 10:01:13 AM  W32Time           XP-SP3
 warning       14     11/12/2010 10:02:02 AM  W32Time           XP-SP3
 error         29     11/12/2010 10:02:02 AM  W32Time           XP-SP3
 error         5719   11/12/2010 10:02:12 AM  NETLOGON          XP-SP3
 warning       40961  11/12/2010 10:30:26 AM  LSASRV            XP-SP3
 
================================ End of Report ================================
```


----------



## snufse (Nov 9, 2010)

I shall try it out. Thanks again for ALL the help.


----------

