Remove From My Forums

Get-WinEvent remote successfully retrieves large number of events, then throws "The remote procedure call failed", then throws "The handle is invalid"

Question
0

Sign in to vote

Trying to read Windows Event logs via Powershell 5.1 on Windows 10 (7GB memory) to Windows 2016 Server (4GB memory).

This pulls a couple of hundred event messages, then fails. When running locally, runs through until the end without error.

Does anyone know of any logs errors would be written too (ironically enough...)

Thanks,

Chris

ps> Get-WinEvent -Credential $mySecureCreds -ComputerName WinFS-Chris -LogName Microsoft-Windows-SM
BClient* -FilterXpath @"
>> *[System[TimeCreated[@SystemTime>'2019-04-01T02:30:00'] and (Level=4)]]
>> "@

   ProviderName: Microsoft-Windows-SMBClient

TimeCreated                     Id LevelDisplayName Message
-----------                     -- ---------------- -------
4/1/2019 9:46:19 PM          30810 Information      Added a TCP/IP transport interface....
4/1/2019 9:46:19 PM          30810 Information      Added a TCP/IP transport interface....

...

4/1/2019 4:53:45 PM          30810 Information      Added a TCP/IP transport interface....
Get-WinEvent : The remote procedure call failed
At line:1 char:1
+ Get-WinEvent -Credential $mySecureCreds -ComputerName WinFS-Chris -Lo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : The remote procedure call failed,Microsoft.PowerShell.Commands.GetWinEventCommand

4/1/2019 4:53:45 PM          30810 Information      Cannot retrieve event message text.
Get-WinEvent : The handle is invalid
At line:1 char:1
+ Get-WinEvent -Credential $mySecureCreds -ComputerName WinFS-Chris -Lo ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : The handle is invalid,Microsoft.PowerShell.Commands.GetWinEventCommand

4/1/2019 4:53:45 PM          30810 Information      Cannot retrieve event message text.

Tuesday, April 2, 2019 3:17 AM

All replies

0

Sign in to vote

Hi,

Thanks for your question.

Have you used the administrator credential of your target server to run the command? Get-WinEvent can only be run remotely by an administrator on the target server. Also, to get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access. Please check it.

Best regards,

Lee
Just do it.

Tuesday, April 2, 2019 6:48 AM
0

Sign in to vote

Hi,

Was your issue resolved?

If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

If no, please reply and tell us the current situation in order to provide further help.

Best Regards,

Lee
Just do it.

Monday, April 8, 2019 8:47 AM
0

Sign in to vote

There is also a log limit to go through not sure if this is your issue:

http://www.powershellish.com/blog/2015-01-19-get-winevent-max-logs

Monday, April 8, 2019 10:34 PM
0

Sign in to vote
Everybody is guessing and ignoring the obvious clues. THe command is working UNTIL it gets an RPC error.

First look up RPC and try to understand what it is. After you fully understand then take another guess. My bet is that you will get closer to the right answer.

\_(ツ)_/
- Proposed as answer by LeeSeenLiMicrosoft contingent staff Friday, May 10, 2019 2:54 AM
Monday, April 8, 2019 11:09 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Asked by:

Get-WinEvent remote successfully retrieves large number of events, then throws "The remote procedure call failed", then throws "The handle is invalid"

Question

All replies