Microsoft-Windows-COMRuntime error on your OMS agents


If you are using OMS to gather data from your Windows Servers, you may have noticed the following events being logged in the Application Event log.

Log Name: Application
Source: Microsoft-Windows-COMRuntime
Date: 7/7/2016 1:37:02 AM
Event ID: 10031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: computer.domain.com
Description:
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {45FB4600-E6E8-4928-B25E-50476FF79425} was rejected
Event Xml:
<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>
<System>
<Provider Name='Microsoft-Windows-COMRuntime' Guid='{bf406804-6afa-46e7-8a48-6c357e1d6d61}' EventSourceName='COM' />
<EventID Qualifiers='0'>10031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime='2016-07-07T01:37:02.581131400Z' />
<EventRecordID>89472201</EventRecordID>
<Correlation />
<Execution ProcessID='4348' ThreadID='3532' />
<Channel>Application</Channel>
<Computer>computer.domain.com</Computer>
<Security />
</System>
<EventData>
<Data>{45FB4600-E6E8-4928-B25E-50476FF79425}</Data>
</EventData>
</Event>

If you verify the Process ID, you will find that it is for a monitoringhost.exe process.

We have investigated this error and determined that the full data flow is being received and that this event is noise that can be safely ignored for now.

This event is logged because monitoringhost.exe is invoked with the EOAC_NO_CUSTOM_MARSHAL flag set. This will not allow Marshalling. Anytime Marshalling occurs, it will log this event.

This event is harmless and can be ignored. We have taken an action to review our code to see if we handle this event internally and remove this from your event logs. For the time being, if you see this message, keep calm and carry on.

Comments (1)

  1. Chip Cooper says:

    I've had a few errors show up recently since recent updates.. Given the current hacking climate, is it possible that new errors are showing up because MS is releasing quick fixes to block vulnerabilities recently discovered, and thus errors are generated if an exploit is attempted.

    I'm basing this on the lexicon used, and the timing of these problems, as stated above: The word marshal, and marshalling being related to (possibly in this case) one having authority (MS?) to set things in order according to laws or rules.

Skip to main content