DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 973995 - Last Review: October 15, 2009 - Revision: 1.0

Hotfix Download Available
View and request hotfix downloads
 

On This Page

SYMPTOMS

An application or service subscribes to some events that are in multiple event logs by using Windows Management Instrumentation (WMI) or Windows APIs on a computer that is running Windows Server 2008 or Windows Vista.

In this scenario, the application or service may miss some expected events. This issue causes function failure in the application or service.

For example, an application subscribes to an event to monitor the user accounts that are created. Because of this issue, some newly created user accounts are not detected by this application.

CAUSE

This issue occurs because the Windows Event Log service misses some events when the service sends the notifications.

The Windows Event Log service maintains a unique view for all event logs. By using the unique view, the service retrieves newly added records from different event log channels and then sends notification to subscribers. Some examples of some event log channels are the security, application, and system event logs.

If no more records are found, the Windows Event Log service enters into an EOF state. When a new record arrives, the state is reset and the service continues to read new record.

When the state is reset, the Windows Event Log service does not scan all event log channels to detect all new records. The service only scans the current event log channel. This behavior causes the service to miss the new records in the other event log channels.

RESOLUTION

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, the computer must be running one of the following operating systems:
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For all supported x86-based versions of Windows Server 2008 and of Windows Vista SP1
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6001.225241,015,29616-Sep-200912:26x86
For all supported x86-based versions of Windows Server 2008 SP2 and of Windows Vista SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6002.222271,017,85616-Sep-200911:57x86
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6001.225242,700,80016-Sep-200912:08IA-64
For all supported Itanium-based versions of Windows Server 2008 SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6002.222272,702,33616-Sep-200914:32IA-64
For all supported x64-based versions of Windows Server 2008 and of Windows Vista SP1
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6001.225241,491,45616-Sep-200912:50x64
For all supported x64-based versions of Windows Server 2008 SP2 and of Windows Vista SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Wevtsvc.dll6.0.6002.222271,491,96816-Sep-200912:03x64

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/ ) Description of the standard terminology that is used to describe Microsoft software updates


Additional file information for Windows Server 2008 and for Windows Vista


Additional files for all supported x86-based versions of Windows Server 2008 and of Windows Vista

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb973995_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,36717-Sep-200903:55Not Applicable
Package_for_kb973995_client_2~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,69417-Sep-200903:55Not Applicable
Package_for_kb973995_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,71317-Sep-200903:55Not Applicable
Package_for_kb973995_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42117-Sep-200903:55Not Applicable
Package_for_kb973995_sc_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,69017-Sep-200903:55Not Applicable
Package_for_kb973995_sc~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,70117-Sep-200903:55Not Applicable
Package_for_kb973995_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42517-Sep-200903:55Not Applicable
Package_for_kb973995_server_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,69417-Sep-200903:55Not Applicable
Package_for_kb973995_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,71317-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42217-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43017-Sep-200903:55Not Applicable
X86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.22524_none_dd3c61cd2c036128.manifestNot Applicable47,71516-Sep-200917:34Not Applicable
X86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6002.22227_none_df25d49329270251.manifestNot Applicable47,71516-Sep-200913:32Not Applicable

Additional files for all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.22524_none_dd3e05c32c016a24.manifestNot Applicable47,97316-Sep-200913:36Not Applicable
Ia64_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6002.22227_none_df27788929250b4d.manifestNot Applicable47,97316-Sep-200919:32Not Applicable
Package_for_kb973995_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42517-Sep-200903:55Not Applicable
Package_for_kb973995_sc_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,53017-Sep-200903:55Not Applicable
Package_for_kb973995_sc~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,70617-Sep-200903:55Not Applicable
Package_for_kb973995_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42917-Sep-200903:55Not Applicable
Package_for_kb973995_server_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,53317-Sep-200903:55Not Applicable
Package_for_kb973995_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,71817-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42617-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43417-Sep-200903:55Not Applicable

Additional files for all supported x64-based versions of Windows Server 2008 and of Windows Vista

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.22524_none_395afd50e460d25e.manifestNot Applicable47,98316-Sep-200920:39Not Applicable
Amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6002.22227_none_3b447016e1847387.manifestNot Applicable47,98316-Sep-200913:37Not Applicable
Package_for_kb973995_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,37517-Sep-200903:55Not Applicable
Package_for_kb973995_client_2~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,70617-Sep-200903:55Not Applicable
Package_for_kb973995_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,72317-Sep-200903:55Not Applicable
Package_for_kb973995_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,42917-Sep-200903:55Not Applicable
Package_for_kb973995_sc_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,70217-Sep-200903:55Not Applicable
Package_for_kb973995_sc~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,71117-Sep-200903:55Not Applicable
Package_for_kb973995_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43317-Sep-200903:55Not Applicable
Package_for_kb973995_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,70617-Sep-200903:55Not Applicable
Package_for_kb973995_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,72317-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43017-Sep-200903:55Not Applicable
Package_for_kb973995_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43817-Sep-200903:55Not Applicable

REFERENCES

For more information about how to subscribe to events in an event log, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/bb671202.aspx (http://msdn.microsoft.com/en-us/library/bb671202.aspx)
For more information about "Receiving a WMI Event," visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/aa393013(VS.85).aspx (http://msdn.microsoft.com/en-us/library/aa393013(VS.85).aspx)
For more information about how to receive an event, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/bb404682.aspx (http://msdn.microsoft.com/en-us/library/bb404682.aspx)
For more information about the EvtNext Function, visit the following Microsoft Web site:
http://msdn.microsoft.com/en-us/library/aa385405(VS.85).aspx (http://msdn.microsoft.com/en-us/library/aa385405(VS.85).aspx)

APPLIES TO
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Keywords: 
kbhotfixserver kbautohotfix kbexpertiseadvanced kbqfe kbsurveynew KB973995
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support