Detecting and Resolving Windows Vista Errors

Any particular computer can have dozens, and in some cases hundreds, of different components, services, and applications configured on it. Keeping all these components working properly is a big job and the built-in diagnostics features discussed previously in this book do a good job of detecting common problems and finding solutions for them.  Like the built-in diagnostic features, this console attempts to provide solutions to problems where possible. Not all problems can be automatically detected and resolved, and this is where the errors reported by Windows components, applications, services, and hardware devices become useful.

Using the Event Logs for Error Tracking and Diagnosis

Windows Vista stores errors generated by processes, services, applications, and hardware devices in log files. Two general types of log files are used:

• Windows Logs Logs used by the operating system to record general system events related to applications, security, setup, and system components

• Applications And Services Logs Logs used by specific applications or services to record application-specific or service-specific events

Entries in a log file are recorded according to the warning level of the activity, which can include errors as well as general informational events. You'll see the following levels of entries:

• Information An informational event, which is generally related to a successful action

• Audit Success An event related to the successful execution of an action

• Audit Failure An event related to the failed execution of an action

• Warning A warning, details of which are often useful in preventing future system problems

• Error An error, such as the failure of a service to start

In addition to level, date, and time, the summary and detailed event entries provide the following information:

• Source The application, service, or component that logged the event.

• Event ID An identifier for the specific event.

• Task Category The category of the event, which is sometimes used to further describe the related action.

• User The user account that was logged on when the event occurred. If a system process or service triggered the event, the user name is usually that of the special identity that caused the event, such as Network Service, Local Service, or System.

• Computer The name of the computer where the event occurred.

• Details In the detailed entries, this provides a text description of the event, followed by any related data or error output.

Viewing and Managing the Event Logs

You can access event logs using the Event Viewer node in Computer Management. To open Computer Management, click Start. Then select All Programs, Administrative Tools, and then Computer Management. If the Administrative Tools menu isn't accessible, you can access this tool by clicking Start and then selecting Control Panel. In Control Panel, click System And Maintenance, Administrative Tools, and then Computer Management.

You can access the event logs by completing the following steps:

1. Open Computer Management. You are connected to the local computer by default. If you want to view logs on a remote computer, right-click the Computer Management entry in the console tree (left pane) and then select Connect To Another Computer. Then, in the Select Computer dialog box, enter the name of the computer that you want to access and click OK.

2. Expand the Event Viewer node and then expand the Windows Logs, the Application And Services Logs node, or both to view the available logs.

3. Select the log that you want to view, as shown in Figure 1.

Figure 1: Event Viewer displays events for the selected log.

Warnings and errors are the two key types of events you'll want to examine closely. Whenever these types of events occur and you are unsure of the cause, double-click the entry to view the detailed event description. Note the source of the error and attempt to resolve the problem using the techniques discussed in this book. To learn more about the error and steps you can take to resolve it (if necessary), you can click the link provided in the error description or search the Microsoft Knowledge Base for the event ID or part of the error description.