Sign in
 

none
Win10 1809 broke psloglist? "The stub received bad data" errors towards remote computers

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Getting this error now when trying to run psloglist towards a remote computer:

    C:\temp>psloglist \\testsrv -d 1

    PsLoglist v2.71 - local and remote event log viewer
    Copyright (C) 2000-2009 Mark Russinovich
    Sysinternals - www.sysinternals.com

    System log on \\testsrv:
    Could not open System event log on testsrv:
    The stub received bad data.

    Tested on several win10 1809 clients - all fail towards all remote operating systems (2008/2008R2/2012R2/7/win10 1803), except if the remote client is running win10 1809.

    This is not a network problem, wireshark confirms connection to the remote computer, but when the client is trying to get the event logs the last request is "OpenEventLogA request" - and the remote computer returns a "nca_s_fault_ndr" error

    The response should have been a "OpenEventlogA response" (which I do get from a remote win10 1809 client)

    Some changed security setting in 1809 perhaps? I'm not very familiar with the inner workings of DCE/RPC...

    Powershell get-eventlog / get-winevent seems to work fine...

    Monday, January 28, 2019 12:45 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi AxelThirud

    thanks for making us aware of this. I will take a look and get back to you

    MarkC (MSFT)

    Monday, January 28, 2019 3:26 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello

    quick update on this. I was able to reproduce and confirmed that this was an issue with the non-Unicode version of OpenEventLog. For PSLogList I have resolved the issue by calling OpoenEventLogW but I have also passed this onto the Windows Event log team so that the root cause can be resolved.

    The fix will be available in version 2.81 which we will publish in the next couple of days. In the meantime if you require a copy of the fixed version please contact me offline at syssite@microsoft.com and I can make this available to you.

    MarkC (MSFT)

    Friday, February 1, 2019 8:49 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    That's great, I can wait for the published fix.

    Thx!

    Axel

    Monday, February 4, 2019 9:37 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I am interested with the fix for psloglist, because i am using it in scripts when I supervise servers.

    Any news about the possible release date of 2.81 version ?

    thanks for your help.

    Gilles

    Wednesday, February 13, 2019 9:39 PM
    |