Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

BgInfo : Run from GPO?

April 10, 2016, 9:15 am
$
0
0
Author: rpelletier
Subject: Run from GPO?
Posted: 10 April 2016 at 4:15pm

Thanks,
I used a registry entry in GP instead of a script.   Left the .exe and .bgi files in the same place.   It worked fine.
 
No idea why the script wouldn't work.   For now, that's OK.   Annoying, but not worth spending more time on.
 
 
Appreciate your input.
Search

Process Monitor : Windows 10: Error 1450 network trace init failed

April 10, 2016, 3:36 pm
$
0
0
Author: dick.dunbar
Subject: Windows 10: Error 1450 network trace init failed
Posted: 10 April 2016 at 10:36pm

Windows 10 1511: Build 10586.164
Network activity in enabled.
I do not know how to track down the cause of this popup message:

"Network trace initialization failed: Error 1450"
1450 – Insufficient system resources exist to complete the requested service. Source: Windows

Purpose:  Neat software recently disabled all support for desktop software
as they move to the cloud.  The software nags every 20 seconds about inability
to sync to the cloud.   There is no tech support;  all support for the desktop app is gone.

Attempts to disable "sync" within Neat just generates another failed attempt
to access their site.  I don't remember EVER enabling this option.

Bypass: the only way I can get anything done with Neat software in this tax season
is to disable wireless network ( Airplane Mode on Laptop ).

Goal: to find out what IP / network address they are talking to and disable that
in etc/hosts.

Next Step:  See if I can detect the address using Sysinternals TCPView from 2016-02-02 suite.

Process Explorer : Search online not working.

April 10, 2016, 3:44 pm
$
0
0
Author: webweweave
Subject: Search online not working.
Posted: 10 April 2016 at 10:44pm

Thanks for the clarification of your last suggestion regarding fixing a problem unrelated to the current problem.
Just to reinterate, I always use "Run as Administrator" and was making sure I did these past umpteenth trials as well. Again. as you had suggested. Run as Administrator does not, I repeat, DOES NOT resolve the search online problem.
 
It is like the program AUTORUNS.EXE is making a call for a web browser search without passing the right information on. A browser does not open in Windows 10 and no search occurs.
 
 

Process Monitor : Windows 10: Error 1450 network trace init failed

April 10, 2016, 5:20 pm
$
0
0
Author: dick.dunbar
Subject: Windows 10: Error 1450 network trace init failed
Posted: 11 April 2016 at 12:20am

Resolved:  Stop Neat Popups
Neat was accessing amazonaws.com and 1e100.net.
I just blocked the program in Norton Security Firewall settings.

TCPView provided the data I needed.
Fixing procmon network trace is no longer an immediate priority.

Process Explorer : Search online not working.

April 10, 2016, 6:18 pm
$
0
0
Author: pinscomputer
Subject: Search online not working.
Posted: 11 April 2016 at 1:18am

has anyone tried a procmon log to see if it helps to identify the error?

BgInfo : Wallpaper not found

April 11, 2016, 12:26 am
$
0
0
Author: syncro_7
Subject: Wallpaper not found
Posted: 11 April 2016 at 7:26am

Very thanks for you answers!

Development : How to Convert Thunderbird to Outlook

April 11, 2016, 3:01 am
$
0
0
Author: brianlara400
Subject: How to Convert Thunderbird to Outlook
Posted: 11 April 2016 at 10:01am

Download Free Thunderbird to Outlook Converter Program which is able to provide great conversion feature of direct transfer of thunderbird to MS Outlook PST file format. Free Thunderbird to Outlook Converter is available for all Windows based users who want to transfer Mozilla thunderbird to MS Outlook PST application format. Advanced Windows thunderbird to Outlook PST converter is for Windows 10, Windows 8, Windows 7, Windows XP, Windows Vista and Windows XP. Thunderbird to Outlook Converter is easy and fantastic tool for all Outlook and Mozilla thunderbird versions. First check free thunderbird to PST converter for testing purpose and get licensed version at affordable prices.
For more information visit
http://thunderbirdtooutlookconverter.weebly.com/

Troubleshooting : Converting OST to PST File

April 11, 2016, 6:24 am
Search

Process Explorer : "Recive Bytes" and "Send Bytes"

April 11, 2016, 7:59 am
$
0
0
Author: aoki
Subject: "Recive Bytes" and "Send Bytes"
Posted: 11 April 2016 at 2:59pm

Please tell me the following about the "Process Explorer".

"Process Network" tab "Recive Bytes" and "Send Bytes" is, what the value of the per second.
If you are wrong, to get the value of the per second "Revices", "Sends"'ll we do?

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

April 11, 2016, 8:24 am
$
0
0
Author: adrian.boangiu
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 11 April 2016 at 3:24pm

Hello MagicAndre,

My problem isa little bit different. I have a web application deployed under JBoss 7 (using 64bitsjdk1.6.0_38) on a Windows2012 server. Randomly the CPU of the server jumps at50% and 100%. Using Process Explorer I was able to find out that the culprit isa thread in java.exe (two in case the CPU is at 100%). Using Process Explorer Igot a thread stack

ntoskrnl.exe!KeSynchronizeExecution+0x2246

ntoskrnl.exe!KeWaitForMultipleObjects+0x135e

ntoskrnl.exe!KeWaitForMultipleObjects+0xdd9

ntoskrnl.exe!KeWaitForSingleObject+0x373

ntoskrnl.exe!KeStallWhileFrozen+0x1977

ntoskrnl.exe!KeIsAttachedProcess+0x95d

ntoskrnl.exe!KeSynchronizeExecution+0x4133

However, I haveno clue where and what to search for. With Windows Performance Kit I did arecord of about 1 minute when the CPU was at 50% (the thread that uses the CPUis 5444) https://dl.dropboxusercontent.com/u/90871223/SRVERNST.04-11-2016.11-51-11.zip.Can you please help me to find out what this thread is doing and why?

 

Thank you

Development : Memory not available after delete/free.

April 11, 2016, 1:54 pm
$
0
0
Author: syllyd
Subject: Memory not available after delete/free.
Posted: 11 April 2016 at 8:54pm

Then?

Development : Memory not available after delete/free.

April 11, 2016, 9:56 pm
$
0
0
Author: MagicAndre1981
Subject: Memory not available after delete/free.
Posted: 12 April 2016 at 4:56am

trace memory allocations/free with WPR/WPA:

https://channel9.msdn.com/Shows/Defrag-Tools/Defrag-Tools-154-Memory-Footprint-and-Leaks


Troubleshooting : Need help with Ntoskrnl thread causing high CPU

April 11, 2016, 10:03 pm
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 12 April 2016 at 5:03am

the cpu usage comes from java.exe and without any debug files we can't use WPA to trace this.

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

April 12, 2016, 1:24 am
$
0
0
Author: adrian.boangiu
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 12 April 2016 at 8:24am

Thank you for your answer.
What kind of debug files do you need? What kind of other information may I retrieve in order to help?
When I search the threads inside the Java Vrtual machine (using dedicated tool VisualVM) I cannot identify any thread as being the one working. Therefore, I was thinking that gathering information about the thread I will have some clue about what action start it.

Process Explorer : "Recive Bytes" and "Send Bytes"

April 12, 2016, 6:47 am
$
0
0
Author: pinscomputer
Subject: "Recive Bytes" and "Send Bytes"
Posted: 12 April 2016 at 1:47pm

per the sysinternals administrator's reference,
"Process Network" tab "Recive Bytes" and "Send Bytes" is the COUNT of BYTES.  These values are NOT measured in xx/second....
 
 
"The Process Network tab (shown in Figure 3-12) lets you configure Procexp to show the
numbers of TCP connect, send, receive, and disconnect operations; the number of bytes
in those operations; and the deltas since the previous refresh. Note that these figures do
not include file I/O through the LANMan redirector (as mentioned in the “Process I/O Tab”
section), but they do include file I/O through the WebDAV redirector."
 
Search

Miscellaneous Utilities : Sysmon and compound filtering

April 12, 2016, 7:57 am
$
0
0
Author: hephaestus22
Subject: Sysmon and compound filtering
Posted: 12 April 2016 at 2:57pm

Greetings all,

First off, thanks to the SysInternals team for all your great work on these great tools.  I use them everyday.  Here's my question:

I'm using Sysmon v3.2 to monitor endpoints, and have created filters to exclude most noisy events.  However, I'm running into a problem trying to build rules that can do the following:

1. Monitor events where 'Image' is somewhere in the user's profile (C:\Users).

2. EXCLUDE events where the 'Image' is in a specific subfolder of C:\Users.  In this case I need to exclude items in 'C:\Users\<username>\AppData\Local\Citrix\GoToMeeting', because those processes put lots of noise in the log.

Here's the filter I have set up, which is working fine except for the noisy Citrix processes:

<!-- DISABLE capture of image loads by default, EXCEPT items below: -->
    <ImageLoad default="exclude">
 <!-- Include Imageload events from processes in User directory-->
 <Image condition="contains">C:\Users\</Image>
    </ImageLoad>

According to the sysmon doc, filters are processed until events hit the first match so I'm trying to figure out how to work around that limitation.  Any ideas?  I tried the following, but it doesn't work properly and winds up logging ALL ImageLoad events.  Logically though, this is what I'm trying to achieve:

<!-- DISABLE capture of image loads by default, EXCEPT items below: -->
    <ImageLoad default="exclude">
  <!-- Include Imageload events from processes in User directory-->
  <Image condition="contains">C:\Users\</Image>
  <Image condition="ends with">\Citrix\GoToMeeting\g2mupdate.exe</Image>
    </ImageLoad>

Thanks in advance for your help.

Process Explorer : "Recive Bytes" and "Send Bytes"

April 12, 2016, 8:35 am
$
0
0
Author: aoki
Subject: "Recive Bytes" and "Send Bytes"
Posted: 12 April 2016 at 3:35pm

Thank you.
 
There is described in the Japanese version of "sysinternals administrator's reference", there was described who pointed out.

Development : Memory not available after delete/free.

April 12, 2016, 8:53 am
$
0
0
Author: syllyd
Subject: Memory not available after delete/free.
Posted: 12 April 2016 at 3:53pm

Thanks for the tip, but I do delete what's to be deleted.
The problem is, even after deleting many stuff (about 500MB), further allocations often fail (see my first post).
And I basically do not understand how the private data can stay so high after having freed memory...
or why this would prevent further allocations.
Is there some magic call I wouldn't be aware of, like ReallyFreeMemory() ? :-)

Development : Memory not available after delete/free.

April 12, 2016, 2:23 pm

Development : Memory not available after delete/free.

April 12, 2016, 2:56 pm
$
0
0
Author: syllyd
Subject: Memory not available after delete/free.
Posted: 12 April 2016 at 9:56pm

Thanx for the link.
However, my code is far more simple, I never use VirtualAlloc, VirtualFree, HeapCreate, HeapWalk or whatever. I just allocate memory using new and release it using free...
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>