Pages

Friday, November 18, 2016

PowerShell v2 Fixing Get WMIObject Error Related to Handle Shortage

As usual I found myself pushing the limits of things and causing problems along the way. In this case I wanted to search all Windows event logs with PowerShell at once for a small window of time.
How can I search across ALL event logs?
No problem, right? Wrongo. When I ran my query,
$events= Get-WmiObject-Class win32_ntlogevent|
Where{($_.TimeGenerated -gt 201209081700.000000-000) -and ($_.TimeGenerated -lt201209081800.000000-000)}
I got this error:
Get-WmiObject: Quota violation
Atline:1 char:24
+$events = Get-WmiObject <<<<  -Class win32_ntlogevent | Where {($_.TimeGenerated -gt 201209081700.000000-000) -and
($_.TimeGenerated -lt 201209081800.000000-000)}
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
Well, thats a nice one. Pretty much told me I was trying to take too big a gulp and it didnt want to play that game. Hmmm. A quick search at an unnamed search engine whose name rhymes with sing belted out this post at high volume:
Memory and Handle Quotas in the WMI Provider Service
Having worked with WBEM tester before I knew at a glance this would help me bump up the resources I needed to handle such a large search. So, I ran through the steps, bounced it up to 2Gb (this box had plenty of memory) and was able to go on my merry way once again.

Related Posts by Categories

0 comments:

Post a Comment