To err is Admin....

  • Article

You ever want to know what an error code was that got returned to an event, the cmd line, from you app or from the OS? Well then you need to get your hands on err.exe

Using this tool you can now understand what 1708 means, of course to different applications the return code could mean different things, but usually you can stick with yhe windows error.

Err.exe 1708
# for decimal 1708 / hex 0x6ac :
SQL_1708_severity_10 sql_err
# Warning: The table '%.*ls' has been created but its maximum
# row size exceeds the permissible limit of '%d' bytes.
# INSERT or UPDATE to this table will fail if the resulting
# row exceeds the size limit.
SCEEVENT_INFO_ERROR_CONVERT_DRIVE uevents.mc
# Security configuration on converted drive %1 failed.
# Please look at %%windir%%\security\logs\convert.log for
# detailed errors.
RPC_S_NO_ENDPOINT_FOUND winerror.h
# No endpoint was found.
# for hex 0x1708 / decimal 5896 :
ERROR_CLUSTER_EVICT_WITHOUT_CLEANUP winerror.h
# The cluster node was evicted from the cluster successfully,
# but the node was not cleaned up. Extended status
# information explaining why the node was not cleaned up is
# available.

Here is an example from where I cranked up NTDS Internal Processing to 5 in the registry. If you did not know, on domain controllers you can crank up the verboisty of logging by adjusting the values under HKLM\System\CCS\Services\NTDS\Diagnostics. When we encounter domain controllers that are behaving badly well then we open the flood gates to see wha's going on.

 

Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1481
Date: 9/17/2005
Time: 2:05:39 PM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: BRAD-DC-02
Description:
Internal error: The operation on the object failed.
Additional Data
Error value:
2 000020EF: NameErr: DSID-032500F4, problem 2001 (NO_OBJECT), data -1603, best match of:
''

Well we could be satisfied with what was returned to us or we could look at the different codes and see what they mean.

Using Err, I see that 000020EF translates to ERROR_DS_UNKNOWN_ERROR, 2001 is translated for us as NO_OBJECT and then using err again we translate -1603 to JET_errNoCurrentRecord. So what does that tell us? Well to me that means that someone put in a query against the domain controller for an object that does not exist.

Anyway's that should sum up the use of err.  

Technorati tags: Windows, Active Directory, AD, Directory Service