000012003 - XML Validation Fails When Running wineventsvc -v

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012003
Applies ToValidating new Windows 2008 event sources
wineventsvc
IssueXML Validation Fails When Running wineventsvc -v
When adding a new windows 2008 event source and validating that service running wineventsvc -v, the debug information displays the following error message:

E:\nic\4000\<Site Name>\collection-services\winevent>wineventsvc.exe -v

Debugging NIC Windows Eventing Collector Service.

http://one.emc.com/clearspace/message/218584#218584/13:42:04 Open event channel succeeded. ChannelType=SyslogUDP, Hostname=THEROCK-ES, Port=600

http://one.emc.com/clearspace/message/218584#218584/13:42:04 XML schema validation failed. Filename=e:\nic\4000\THEROCK-ES\etc\winevent\normalization_rules\winevent_normalization.xml, Line Number=111, Column=45, Error=Datatype error: Type:InvalidDatatypeValueException, Message:Value 'MSExchangeIS Auditing' is not valid NCName .

http://one.emc.com/clearspace/message/218584#218584/13:42:04 Service configuration is invalid. Exiting.
ResolutionThe Windows Eventing Collector service Release Notes indicate that you must install EBF ENV-36943 prior to installing the service to avoid getting an installation warning that the windows eventing collector service will not start. The EBF also addresses the symptom seen above.
Legacy Article IDa53585

Attachments

    Outcomes