Is windows' event logging perfectly reliable?
Hi.
***Edit: please wait with further answers since I just might have found the reason for parts of the observed behavior - hang on***
I like to use event triggered scheduled tasks for many administrative purposes. For over a decade (since Vista came with a new task scheduler), I never had a problem with tasks not being triggered. Recently, I saw that some tasks did not get triggered and the reason is obviously, that the event was not even created. Since the event is bound to something that I can prove to have happened (and it worked before), I wonder if other admins here ever saw events not logged.
I already looked at server performance problems but could rule those out. Even a completely idle server 2019 misses to log AD account lockouts sometimes. Reproducible.
***Edit: please wait with further answers since I just might have found the reason for parts of the observed behavior - hang on***
I like to use event triggered scheduled tasks for many administrative purposes. For over a decade (since Vista came with a new task scheduler), I never had a problem with tasks not being triggered. Recently, I saw that some tasks did not get triggered and the reason is obviously, that the event was not even created. Since the event is bound to something that I can prove to have happened (and it worked before), I wonder if other admins here ever saw events not logged.
I already looked at server performance problems but could rule those out. Even a completely idle server 2019 misses to log AD account lockouts sometimes. Reproducible.
ASKER
Hi.
No, that's not it. It's not about missed tasks, but about missing log entries. See, I am using a script to lock 5 users at will, one after the other within less than 2 seconds. Only 3 and 5 get logged, although all become locked. Within that time interval, the event log service wouldn't even be able to restart. There's absolutely no load on the system ( test domain, one DC, one client only. Same in production domain).
Anyway, the question is not about a particular problem. I am just looking for others that someday experienced unreliable logging, too.
No, that's not it. It's not about missed tasks, but about missing log entries. See, I am using a script to lock 5 users at will, one after the other within less than 2 seconds. Only 3 and 5 get logged, although all become locked. Within that time interval, the event log service wouldn't even be able to restart. There's absolutely no load on the system ( test domain, one DC, one client only. Same in production domain).
Anyway, the question is not about a particular problem. I am just looking for others that someday experienced unreliable logging, too.
ASKER
I conducted more tests. The occurrence is very rare and I am still not able to say under what circumstances it happens.
What is reproducible at will is missing out event triggered tasks, and that seems to be a performance problem indeed.
Setting what dfke recommends will not help as that would only notify about missed tasks that were supposed to run on a schedule - which is not the case here as these are event-triggers.
What is reproducible at will is missing out event triggered tasks, and that seems to be a performance problem indeed.
Setting what dfke recommends will not help as that would only notify about missed tasks that were supposed to run on a schedule - which is not the case here as these are event-triggers.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It could very well be that for some reason your Windows Event Log service and/or dependencies stopped responding at one point. Or even stopped for that matter.
You can also create a notification for missed scheduled tasks:
You should see a popup with the missed task and the question if you want to start it yet.
Cheers