none
Get-EventLog inside container - InvalidOperationException RRS feed

  • Question

  • Hi,

    I have a "Windows Container" (thus, not an Hyper-V one) based on WindowsServerCore, running inside TP5.

    I am trying to install MSVCMON.exe there and not succeeding. I am trying to diagnose what went wrong via the Powershell command "Get-EventLog Application", and am getting the following error:

    PS C:\> get-eventlog Application
    get-eventlog : Cannot open log Application on machine .. Windows has not provided an error code.
    At line:1 char:1
    + get-eventlog Application
    + ~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-EventLog], InvalidOperationException
        + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand

    On some forums I have read that it can be a permissions issue. When I check who is the current user, via "WHOAMI", I get:

    PS C:\> whoami
    user manager\containeradministrator

    The container has other user accounts, but I don't know how to run any command under one of those accounts:

    PS C:\> Get-WmiObject -Class Win32_UserAccount -Filter  "LocalAccount='True'"
    AccountType : 512
    Caption     : 81B92A246E98\Administrator
    Domain      : 81B92A246E98
    SID         : S-1-5-21-688057908-1433419415-1178475910-500
    FullName    :
    Name        : Administrator

    AccountType : 512
    Caption     : 81B92A246E98\DefaultAccount
    Domain      : 81B92A246E98
    SID         : S-1-5-21-688057908-1433419415-1178475910-503
    FullName    :
    Name        : DefaultAccount

    AccountType : 512
    Caption     : 81B92A246E98\Guest
    Domain      : 81B92A246E98
    SID         : S-1-5-21-688057908-1433419415-1178475910-501
    FullName    :
    Name        : Guest

    • Does anyone know why Get-EventLog is not working?
    • Does anyone know where the user "user manager\containeradministrator" is coming from?
    • Does anyone know if it is possible to run commands in the container with different credentials? (Or, what is the password of the Administrator user above?)

    Thanks in advance,

    Eduardo


    Tuesday, May 3, 2016 6:41 AM

Answers

  • Thanks for reporting this issue. I think I may have an idea of what's going on. Can you try adding this step in the Dockerfile you're using to build your container?

    RUN powershell.exe -command Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application Start 1

    • Proposed as answer by M. Conradt Tuesday, May 3, 2016 6:57 PM
    • Marked as answer by Eduardo Lucas Wednesday, May 4, 2016 6:39 AM
    Tuesday, May 3, 2016 5:40 PM

All replies

  • Thanks for reporting this issue. I think I may have an idea of what's going on. Can you try adding this step in the Dockerfile you're using to build your container?

    RUN powershell.exe -command Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application Start 1

    • Proposed as answer by M. Conradt Tuesday, May 3, 2016 6:57 PM
    • Marked as answer by Eduardo Lucas Wednesday, May 4, 2016 6:39 AM
    Tuesday, May 3, 2016 5:40 PM
  • I had the same issue as the OP, I had reported here https://github.com/Microsoft/Virtualization-Documentation/issues/238

    Adding the suggested line solves the problem. Thanks!

    Tuesday, May 3, 2016 6:59 PM
  • Works perfectly, thanks
    Wednesday, May 4, 2016 6:40 AM