Is there a record for the operating time of the computer

Understanding Extended Error Information

  • 3 minutes to read

Extended error information is an array of records, each indicating that the error code is passed through a specific level in the system or application. If an error occurs on computer c while it is being called by computer b, which in turn is called by computer a, the RPC runtime on computer c generates one or more records describing the error and passes it to computer b. Computer B can add one or more records to the beginning of the existing chain and passes the complete chain to one. One can add one or more records and view or log the information. Basically, the extended error chain represents the course of the error.

Extended error information does not replace the error code (the RPC _ S- _ * status code). Regardless of how much or whether extended error information is generated, the error code remains unchanged.

Each extended error information record contains the following: For more information, see the extended RPC _ _ error _ info :

  • Computer name - This is the unqualified DNS name of the computer that caused the error. Only records in the computer boundaries have this information. For example, in the scenario previously described with computers A, B, and C, the computer name is defined for the following fields:

    recordComputer name field
    Record # 1 generated by Computer C.-
    Record # 2 generated by Computer C.-
    Record # 3 generated by Computer CC.
    Record # 1 generated by Computer B-
    Record # 2 generated by Computer B-
    Record # 3 generated by Computer BB.
    Record # 1 generated by Computer A-
    Record # 2 generated by Computer A-
    Record # 3 generated by Computer A-
    Beginning of the chain
  • ProcessID - Process ID of the process that generated the error.

  • Timestamp - the time the error occurred, expressed in UTC format.

  • Generation of the component - integer code definition of the logical component that generated the error. The following components are currently defined:

    1ApplicationThe component that the manager routine has for the respective RPC call.
    2TypeThe RPC runtime
    3Security providerThe security provider for this command.
    4NPFSThe NPFS file system
    5RDRThe redirector
    6NMPThe named pipe system. This can be either NPFS or RDR, but in many cases the RPC runtime will not know who performed the requested operation and in such cases NMP will be returned.
    7IOThe I / O system or a driver used by the IO system. This can be either npfs, rdr, or a winsock provider.
    8WinsockThe winsock provider
    9Authz codeThe authorization APIs.
    10LPCThe establishment of the local procedure call.
  • Status - error code generated or returned by the level
  • Detectionlocation - unique number that identifies the location of the code in which the error was detected. This field is linked to the code and changes from version to version. A separate list of the most commonly found detection locations will be published.
  • Flags - Flags that indicate information about the record. The currently defined flags are eeinfopreviousrecordsmissing and E.ein fonextrecordsmissing, which correspond to the numerical values ​​1 and 2. If eeinf opreviousrecordsmissing is set, one or more records are missing before the record. When eeinfonextrecordsmissing is set, one or more records are missing after the record. For information about why records might be missing, see Reliability of Extended Error Information.
  • Up to four error parameters. An error parameter is a simplified VARIANT structure that provides additional information about the error. The additional information depends on the error and the detection location. The parameters can be of the type "ANSI String (LPSTR)", "Unicode String (LPWSTR)", "Long Value (Long)", "Short Value (Short)", "Pointer" (Int64), or "None".

Is this page helpful?