none
[Powershell] New-Pssesion - Illegal operation attempted on a registry key that has been marked for deletion RRS feed

  • Frage

  • Hallo Zusammen

    Ich habe ein Komisches Problem das immer wieder in undefinierbaren abständen auftritt

    Zum Hintergrund : ich nutze ein Script um mich Remote auf einen Server zu verbinden und einen Sheduled task zu generieren. Wärend der Sheduled Task lokal auf dem Client läuft checke ich regelmäsig ob eine Logdatei erstellt wird die mir sagt das der task beendet wurde.

    Als erstes nutze ich eine Session, jedoch wurde die while-schleife unkontrolliert verlassen. Anschließend habe ich den Code so angepasst das eine neue Powershellsession jede minute aufgebaut wurde um dies zu verhindern.

    Heute nacht ist das Problem dann erneut aufgetreten, immerhin wurde die schleife nicht unkontrolliert verlassen, das script war jedoch nichtmehr in der Lage eine Verbiundung aufzubauen nach dem 3. oder 4. Durchlauf.

    Hier ist der Intressante Teil des Codes

    $SecurePassWord = ConvertTo-SecureString -AsPlainText $Password -Force
      $Cred = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $Username, $SecurePassWord
      $pssessionoption = new-pssessionoption -operationtimeout 7200000 -IdleTimeout 7200000

      #i create a Session after that , plant a sheduled task and start waiting here.

    while (!(Invoke-Command -Session $Session -Scriptblock $CheckifClientDone))
       {
        Remove-PSSession -Session $Session
        Start-Sleep -Seconds 120
        $doesitconnect = $false
        $CurrentPatchingState = "1;$Servername;Status=1;$(Get-Date -format 'dd.MM.yyyy hh:mm:ss') Still Waiting" | Out-File -Filepath  "C:\Logs\Test_Logs\$Servername.txt" -Append -encoding ASCII
        while (!($doesitconnect)){
        If ($counterfortimeout -eq 300){    #5 Hour timeout
            $CurrentPatchingState = "2;$Servername;Status=2;$(Get-Date -format 'dd.MM.yyyy hh:mm:ss') Something went Wrong on the Client - Aborting after 5h of waiting" | Out-File -Filepath  "C:\Test_Logs\$Servername.txt" -Append -encoding ASCII
            $CurrentPatchingState = "2;$Servername;Status=2;$(Get-Date -format 'dd.MM.yyyy hh:mm:ss') Something went Wrong on the Client - Aborting after 5h of waiting" | Out-File -Filepath  "C:\Logs\Nagios\$Servername.txt" -encoding ASCII
            exit
        }
        $counterfortimeout = $counterfortimeout + 1
        Try {
                $Session = New-PSSession -ComputerName $ServerName -credential $Cred -sessionOption $pssessionoption -EA Stop
                $doesitconnect = $true         
            }
        Catch [system.exception]
            {
                $CurrentPatchingState = "2;$Servername;Status=2;$(Get-Date -format 'dd.MM.yyyy hh:mm:ss') Could not create a Session with the Host at round $counterfortimeout ERROR :  $_.Exception.Message" | Out-File -Filepath  "C:\Logs\Test_Logs\$Servername.txt" -Append -encoding ASCII
                $CurrentPatchingState = "2;$Servername;Status=2;$(Get-Date -format 'dd.MM.yyyy hh:mm:ss') Could not create a Session with the Host at round $counterfortimeout ERROR :  $_.Exception.Message" | Out-File -Filepath  "C:\Logs\Nagios\$Servername.txt" -encoding ASCII 
                Remove-PSSession -Session $Session
                $doesitconnect = $false
                Start-Sleep -Seconds 60
            }
        }
        }

    Und hier ist der Passende Teil der Logdatei : 

     1;Server1;Status=1;03.12.2014 03:03:22 Still Waiting

    1;Server1;Status=1;03.12.2014 03:05:23 Still Waiting
    2;Server1;Status=2;03.12.2014 03:05:23 Could not create a Session with the Host at round 2 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    2;Server1;Status=2;03.12.2014 03:06:23 Could not create a Session with the Host at round 3 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    2;Server1;Status=2;03.12.2014 03:07:23 Could not create a Session with the Host at round 4 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    2;Server1;Status=2;03.12.2014 03:08:23 Could not create a Session with the Host at round 5 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    2;Server1;Status=2;03.12.2014 03:09:23 Could not create a Session with the Host at round 6 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    .
    .
    .
    2;Server1;Status=2;03.12.2014 08:03:24 Could not create a Session with the Host at round 300 ERROR Illegal operation attempted on a registry key that has been marked for deletion. For more information, see the about_Remote_Troubleshooting Help topic..Exception.Message
    2;Server1;Status=2;03.12.2014 08:04:24 Something went Wrong on the Client - Aborting after 5h of waiting

    
    

    Hat jemand ne idee?

    Ausderdem habe ich noch einen (Problematischen) Durchlauf mit Procmon aufnehmen können :

    10:53:23,3425325	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3425625	powershell.exe	140	RegOpenKey	HKLM\Software\Microsoft\Windows\CurrentVersion\WSMAN	SUCCESS	Desired Access: Read
    10:53:23,3426244	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 2.0
    10:53:23,3426434	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion	SUCCESS	Type: REG_SZ, Length: 8, Data: 2.0
    10:53:23,3431332	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3431564	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	SUCCESS	Desired Access: Notify
    10:53:23,3431933	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3432856	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3433078	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3433430	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3433594	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3433835	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3433983	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3434229	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3434375	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3434593	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3434736	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3434955	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3435095	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3435306	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3435444	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3435647	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3435782	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3435988	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3436122	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3436318	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3436452	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3437161	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3437456	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3437805	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3437979	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3438224	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3438382	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3438611	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3438762	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3438986	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3439139	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3439356	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3439499	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3440166	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3440323	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3440560	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3440698	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3440904	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3441037	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3441233	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3441365	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3441562	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3441691	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3441883	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3442016	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3442272	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3442475	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3442718	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3443253	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3443527	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3443664	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3443872	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3444003	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3444287	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3444455	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3444694	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3444827	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3445023	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3445153	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3445347	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3445475	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS	NAME NOT FOUND	Desired Access: Read
    10:53:23,3445671	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3445801	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service	NAME NOT FOUND	Desired Access: Read
    10:53:23,3446214	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3446359	powershell.exe	140	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics	NAME NOT FOUND	Desired Access: Read
    10:53:23,3446590	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3446719	powershell.exe	140	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	SUCCESS	Desired Access: Read
    10:53:23,3446979	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel	NAME NOT FOUND	Length: 144
    10:53:23,3447265	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	SUCCESS	
    10:53:23,3447420	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3447563	powershell.exe	140	RegOpenKey	HKLM\Software\Policies\Microsoft\Windows\System	SUCCESS	Desired Access: Read
    10:53:23,3447888	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel	NAME NOT FOUND	Length: 144
    10:53:23,3448040	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\System	SUCCESS	
    10:53:23,3448179	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3448311	powershell.exe	140	RegOpenKey	HKLM\System\Setup	SUCCESS	Desired Access: Read
    10:53:23,3448552	powershell.exe	140	RegQueryValue	HKLM\SYSTEM\Setup\SystemSetupInProgress	SUCCESS	Type: REG_DWORD, Length: 4, Data: 0
    10:53:23,3448708	powershell.exe	140	RegCloseKey	HKLM\SYSTEM\Setup	SUCCESS	
    10:53:23,3449153	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3449293	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3449643	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3449912	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\timeout	NAME NOT FOUND	Length: 144
    10:53:23,3450115	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3450445	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3450590	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3450836	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3450961	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\maxEnvelopeSize	NAME NOT FOUND	Length: 144
    10:53:23,3451113	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3451236	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3451366	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3451572	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3451685	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\batch_maxItems	NAME NOT FOUND	Length: 144
    10:53:23,3451820	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3451942	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3452068	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3452274	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3452386	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\maxEnvelopeSize	NAME NOT FOUND	Length: 144
    10:53:23,3452519	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3452637	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3452764	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3452964	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3453074	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\network_delay	NAME NOT FOUND	Length: 144
    10:53:23,3453202	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3453320	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3453445	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3453641	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3453750	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\max_retry_timeout_ms	NAME NOT FOUND	Length: 144
    10:53:23,3453878	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3454022	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3454149	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3454348	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3454460	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\uriprefix	NAME NOT FOUND	Length: 144
    10:53:23,3454589	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3454736	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3454862	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3455064	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3455174	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\uriprefix	NAME NOT FOUND	Length: 144
    10:53:23,3455301	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3455424	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3455550	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3455747	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3455856	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\defaultports_http	NAME NOT FOUND	Length: 144
    10:53:23,3455982	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3456104	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3456229	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3456427	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3456536	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\defaultports_https	NAME NOT FOUND	Length: 144
    10:53:23,3456664	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3456794	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3456925	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3457249	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3457407	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3457637	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3457751	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\allow_unencrypted	NAME NOT FOUND	Length: 144
    10:53:23,3457885	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3458015	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3458146	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3458352	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3458477	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3458671	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3458782	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_basic	NAME NOT FOUND	Length: 144
    10:53:23,3458911	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3459036	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3459168	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3459369	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3459492	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3459686	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3459795	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_digest	NAME NOT FOUND	Length: 144
    10:53:23,3459923	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3460050	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3460329	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3460652	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3460854	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3461101	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3461223	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_negotiate	NAME NOT FOUND	Length: 144
    10:53:23,3461358	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3461492	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3461623	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3461825	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3461949	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3462143	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3462252	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_kerberos	NAME NOT FOUND	Length: 144
    10:53:23,3462381	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3462500	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3462624	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3462826	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3462934	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_certificate	NAME NOT FOUND	Length: 144
    10:53:23,3463061	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3463185	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3463315	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3463511	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3463635	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3463826	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3463938	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\auth_credssp	NAME NOT FOUND	Length: 144
    10:53:23,3464067	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3464218	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3464347	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client	NAME NOT FOUND	Desired Access: Read
    10:53:23,3464550	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3464677	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3464869	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3464976	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\trusted_hosts	SUCCESS	Type: REG_SZ, Length: 4, Data: *
    10:53:23,3465115	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3465379	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3465513	powershell.exe	140	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	Desired Access: Read
    10:53:23,3465724	powershell.exe	140	RegSetInfoKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	KeySetInformationClass: KeySetHandleTagsInformation, Length: 0
    10:53:23,3465837	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\compatibility_supress_optionset	NAME NOT FOUND	Length: 144
    10:53:23,3465971	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client	SUCCESS	
    10:53:23,3491392	powershell.exe	140	RegQueryKey	HKCU	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3491686	powershell.exe	140	RegOpenKey	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Client\ConnectionCookies	HIVE UNLOADED	Desired Access: Read
    10:53:23,3494864	powershell.exe	140	Thread Create		SUCCESS	Thread ID: 4616
    10:53:23,3495969	powershell.exe	140	Thread Create		SUCCESS	Thread ID: 152
    10:53:23,3497961	powershell.exe	140	Thread Create		SUCCESS	Thread ID: 4496
    10:53:23,3505940	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3506163	powershell.exe	140	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics	NAME NOT FOUND	Desired Access: Read
    10:53:23,3506484	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3506639	powershell.exe	140	RegOpenKey	HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	SUCCESS	Desired Access: Read
    10:53:23,3506902	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel	NAME NOT FOUND	Length: 144
    10:53:23,3507123	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon	SUCCESS	
    10:53:23,3507341	powershell.exe	140	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
    10:53:23,3507554	powershell.exe	140	RegOpenKey	HKLM\Software\Policies\Microsoft\Windows\System	SUCCESS	Desired Access: Read
    10:53:23,3508172	powershell.exe	140	RegQueryValue	HKLM\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel	NAME NOT FOUND	Length: 144
    10:53:23,3508333	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Policies\Microsoft\Windows\System	SUCCESS	
    10:53:23,3508755	powershell.exe	140	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN	SUCCESS	
    10:53:23,3515560	powershell.exe	140	CreateFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	Desired Access: Read Attributes, Dis, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    10:53:23,3515893	powershell.exe	140	QueryBasicInformationFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	CreationTime: 11.09.2014 16:00:02, LastAccessTime: 11.09.2014 16:00:02, LastWriteTime: 11.12.2014 10:52:23, ChangeTime: 11.12.2014 10:52:26, FileAttributes: A
    10:53:23,3516042	powershell.exe	140	CloseFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	
    10:53:23,3518660	powershell.exe	140	CreateFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	Desired Access: Generic Write, Read Attributes, Dis, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Opened
    10:53:23,3520902	powershell.exe	140	QueryStandardInformationFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	AllocationSize: 94.208, EndOfFile: 92.463, NumberOfLinks: 1, DeletePending: False, Directory: False
    10:53:23,3525377	powershell.exe	140	WriteFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	Offset: 92.463, Length: 375, Priority: Low
    10:53:23,3526623	powershell.exe	140	CloseFile	C:\Logs\PatchManagement\Test_Logs\SERVERNAME.txt	SUCCESS	
    10:53:23,3532036	powershell.exe	140	CreateFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	Desired Access: Read Attributes, Dis, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
    10:53:23,3532324	powershell.exe	140	QueryBasicInformationFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	CreationTime: 11.09.2014 16:00:02, LastAccessTime: 11.09.2014 16:00:02, LastWriteTime: 11.12.2014 10:52:23, ChangeTime: 11.12.2014 10:52:35, FileAttributes: A
    10:53:23,3532462	powershell.exe	140	CloseFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	
    10:53:23,3534551	powershell.exe	140	CreateFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	Desired Access: Generic Write, Read Attributes, Dis, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: Read, AllocationSize: 0, OpenResult: Overwritten
    10:53:23,3540257	powershell.exe	140	WriteFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	Offset: 0, Length: 375, Priority: Low
    10:53:23,3541101	powershell.exe	140	CloseFile	C:\Logs\PatchManagement\Nagios\SERVERNAME.txt	SUCCESS	
    10:53:24,8423047	powershell.exe	140	Thread Exit		SUCCESS	Thread ID: 152, User Time: 0.0000000, Kernel Time: 0.0000000
    10:53:43,3420189	powershell.exe	140	Thread Exit		SUCCESS	Thread ID: 4496, User Time: 0.0000000, Kernel Time: 0.0000000
    10:53:43,3420472	powershell.exe	140	Thread Exit		SUCCESS	Thread ID: 4616, User Time: 0.0000000, Kernel Time: 0.0000000



    • Bearbeitet Reneeeeee Donnerstag, 11. Dezember 2014 14:28 übersetzt
    Donnerstag, 11. Dezember 2014 08:40

Antworten

Alle Antworten