krstfvndm
/
blog
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
464 KiB
 
 
 
Tree: f40b256c1b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f40b256c1b'
${ noResults }
blog/public/administration/windows_troubleshooting/index.html

297 lines
8.6 KiB
Raw Blame History

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en-us">
<head>
<title>
Windows troubleshooting // Hagfi.sh
</title>
<link href="http://gmpg.org/xfn/11" rel="profile">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
<meta name="description" content="">
<meta name="keywords" content="">
<meta name="author" content="">
<meta name="generator" content="Hugo 0.18.1" />
<meta property="og:title" content="Windows troubleshooting" />
<meta property="og:description" content="" />
<meta property="og:type" content="website" />
<meta property="og:locale" content="en_US" />
<meta property="og:url" content="https://hagfi.sh/administration/windows_troubleshooting/" />
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/base-min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/pure-min.css">
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/pure/0.5.0/grids-responsive-min.css">
<link rel="stylesheet" href="https://hagfi.sh//css/redlounge.css">
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css" rel="stylesheet">
<link href='//fonts.googleapis.com/css?family=Raleway:400,200,100,700,300,500,600,800' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Libre+Baskerville:400,700,400italic' rel='stylesheet' type='text/css'>
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/touch-icon-144-precomposed.png">
<link rel="shortcut icon" type="image/x-icon" href="/img/favicon.png">
<link href="" rel="alternate" type="application/rss+xml" title="Hagfi.sh" />
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/styles/tomorrow-night-bright.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.7/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
</head>
<body>
<div id="layout" class="pure-g">
<div class="sidebar pure-u-1 pure-u-md-1-4">
<div class="header">
<h1 class="brand-title">Hagfi.sh</h1>
<h2 class="brand-tagline">Documentation</h2>
<nav class="nav">
<ul class="nav-list">
<li class="nav-item"><span class="nav-item-separator">//</span><a href="https://hagfi.sh/">Home</a></li>
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/administration">Administration</a></li>
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/development">Development</a></li>
<li class="nav-item"><span class="nav-item-separator">//</span><a href="/tools">Tools</a></li>
</ul>
</nav>
</div>
</div>
<div class="content pure-u-1 pure-u-md-3-4">
<a name="top"></a>
<div id="toc" class="pure-u-1 pure-u-md-1-4">
<small class="toc-label">Contents</small>
<nav id="TableOfContents">
<ul>
<li>
<ul>
<li><a href="#windows-troubleshooting">Windows troubleshooting</a>
<ul>
<li><a href="#eventviewer"><em>EventViewer</em></a></li>
<li><a href="#powershell"><em>PowerShell</em></a></li>
<li><a href="#task-viewer"><em>Task Viewer</em></a></li>
<li><a href="#resource-monitor"><em>Resource monitor</em></a></li>
<li><a href="#netstat"><em>Netstat</em></a></li>
<li><a href="#chocolate"><em>Chocolate</em></a></li>
<li><a href="#usefull-programs"><em>Usefull programs</em></a></li>
<li><a href="#eventid-s"><em>EventID&rsquo;s</em></a></li>
<li><a href="#powershell-1"><em>PowerShell</em></a></li>
</ul></li>
</ul></li>
</ul>
</nav>
</div>
<section class="post">
<h1 class="post-title">
<a href="/administration/windows_troubleshooting/">Windows troubleshooting</a>
</h1>
<h3 class="post-subtitle">
</h3>
<span class="post-date">
<span class="post-date-day"><sup>25</sup></span><span class="post-date-separator">/</span><span class="post-date-month">Aug</span> <span class="post-date-year">2018</span>
</span>
<h2 id="windows-troubleshooting">Windows troubleshooting</h2>
<p>VRAGEN:
+ openen vanuit ticketing, wachtwoord en gebruiker
+ custom even viewer view?
+ test server?</p>
<h3 id="eventviewer"><em>EventViewer</em></h3>
<p>run: eventvwr</p>
<ul>
<li>custom views</li>
<li>windows
<ul>
<li>application (non windows standard, puppet, vmware, mssql, &hellip;)</li>
<li>security, aan en afmelden</li>
<li>set-up: updates en installatie verwijderen programma&rsquo;s</li>
<li>system: OS meldingen</li>
</ul></li>
<li>application and services: diep graven
<br />
<br /></li>
</ul>
<p>&ndash;&gt; Filter Log:</p>
<ul>
<li>logged (date range)<br /></li>
<li>event level<br /></li>
<li>event source<br /></li>
<li>event ID: 99,-1024,-4634<br /></li>
</ul>
<p>rechtsonderaan &gt; event copy &gt; copy as text</p>
<h3 id="powershell"><em>PowerShell</em></h3>
<pre><code class="language-PowerShell">$first =
$last =
get-eventlog -Logname system -
</code></pre>
<pre><code class="language-PowerShell"> `get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' | Where-Object { $_.Message -like ‘*insta* }`
</code></pre>
<h3 id="task-viewer"><em>Task Viewer</em></h3>
<ul>
<li>tasks</li>
<li>users</li>
<li>performance (indien gecrasht, bevestigen anders is het netwerk)</li>
</ul>
<h3 id="resource-monitor"><em>Resource monitor</em></h3>
<p>(task manager &gt; performance &gt; open resouce monitor)</p>
<p>Overview &gt; CPU (ovenste tab) app aanvinken &ndash;&gt; filtert alles</p>
<h3 id="netstat"><em>Netstat</em></h3>
<p><code>netstat -abo &gt; C:\temp\log.txt</code></p>
<h3 id="chocolate"><em>Chocolate</em></h3>
<p>C:\ProgramData\chocolatey\bin\Procmon.exe
&ndash;&gt; selecteer lijn+kolom &gt; exclude &lsquo;name&rsquo; (=grep -v) / include &lsquo;name&rsquo; (=grep)</p>
<h3 id="usefull-programs"><em>Usefull programs</em></h3>
<ul>
<li>TreeView</li>
<li>VBluescreenviewer</li>
<li>Sysinternals</li>
<li>Zabbix</li>
<li>VMware events</li>
<li>BareTail</li>
<li>choco install</li>
<li>choco list -lo (view choco installed programs)</li>
<li>telnet 12.34.56.78 900</li>
<li>powershell: <code>stop service 'name'</code></li>
</ul>
<h3 id="eventid-s"><em>EventID&rsquo;s</em></h3>
<ul>
<li>Event ID 6005: “The event log service was started.” This is synonymous to system startup.</li>
<li>Event ID 6006: “The event log service was stopped.” This is synonymous to system shutdown.</li>
<li>Event ID 6008: &ldquo;The previous system shutdown was unexpected.&rdquo; Records that the system started after it was not shut down properly.</li>
<li>Event ID 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.</li>
<li><p>Event ID 6013: Displays the uptime of the computer. There is no TechNet page for this id.
Add to that a couple more from the Server Fault answers listed in my OP:</p></li>
<li><p>Event ID 1074: &ldquo;The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.&rdquo; Indicates that an application or a user initiated a restart or shutdown.</p></li>
<li><p>Event ID 1076: &ldquo;The reason supplied by user X for the last unexpected shutdown of this computer is: Y.&rdquo; Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.</p></li>
</ul>
<h3 id="powershell-1"><em>PowerShell</em></h3>
<pre><code class="language-PowerShell">$filter = &quot;*abbix*&quot;
get-winevent -logname 'Application' | Where-Object { $_.Message -like $filter }
</code></pre>
<div class="paging">
<span class="paging-label">More Reading</span>
<div class="paging-newer">
<span class="dark-red">Newer</span><span class="decorative-marker">//</span>
<a class="paging-link" href="/administration/mysql_tuner/">MySQL Tuner</a>
</div>
<div class="paging-older">
<span class="dark-red">Older</span><span class="decorative-marker">//</span>
<a class="paging-link" href="/administration/dont-let-your-application-interfere-with-letsencrypt/">Dont Let Your Application Interfere With Letsencrypt</a>
</div>
</div>
</section>
</div>
</div>
</body>
</html>