Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 13224
  • Last Modified:

VBscript error Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate, (Backup, Security)}!\\" & strComputer & "\root\cimv2")

I have written a script to backup and clear the windows event log daily. The script is as follows. So far I have encountered 2 errors. The first one is out of memory which I resolved after rebooting the server. The second error I received recently is "the RPC server is too busy to complete this operations". I have also placed this script in a number of other servers and they are running fine.

strComputer = "."
dtmThisDay = Day(Date)
dtmThisMonth = Month(Date)
dtmThisYear = Year(Date)
strDirPath = "c:\audit\"

strDate = dtmThisYear & "_" & dtmThisMonth & "_" & dtmThisDay
strCSV = strDirPath & "csv\" & strDate & "_Security.csv"
strEVT = strDirPath & "logs\" & strDate
strEVTSecurity = strDirPath & "logs\" & strDate & "_Security.evt"

'The error always return from this line. It seems like there is a memory issue here
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate, (Backup, Security)}!\\" & strComputer & "\root\cimv2")

Set colLogFiles = objWMIService.ExecQuery ("Select * from Win32_NTEventLogFile")

'Backup log in log directory folder and clear all logs in win32
For Each objLogfile in colLogFiles
     objLogFile.BackupEventLog(strEVT & "_" & objLogFile.LogFileName & ".evt")

' Running the LogParser to process evt to csv
' EventID = 680 is for local
' EventID = 673 is for domain
strParm = "LogParser -i:EVT -o:CSV ""SELECT TO_DATE(TimeGenerated), TO_TIME(TimeGenerated), EventTypeName, EventCategoryName, EXTRACT_TOKEN(Strings, 0, '|'), EXTRACT_TOKEN(Strings, -1, '|'), ComputerName INTO "
strFullParm = strParm & strCSV & " FROM " & strEVTSecurity & " WHERE EventID = 673"
Set WshShell = WScript.CreateObject("WScript.Shell")
1 Solution
The RPC service on Windows is notoriously unreliable.  Generally if it fails, it's worth trying again; if not, unfortunately on Windows you're relatively stuck.  You could maybe try any hotfixes etc and make sure your server is up to date (I don't know of a specific one that is known to fix this sort of problem).  Other than that, I'll pass this over to the room...

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now