I am getting WMI call cancelled error and I have no idea to solve it
How can I solve this problem (WMI Call cancelled)
The problem is defined as Error 5858 with ResultCode = 0x80041032; I found this article but I do not really understand.
Microsoft Support link:
WMI-Activity Event 5858 logged frequently with ResultCode = 0x80041032
This is the code I used to fetch events log records via WMI:
procedure GetLogEvents(domain, user, password: string; Proc: TEventLogResultProc);
const
wbemFlagForwardOnly = $00000020;
var
FSWbemLocator : ISWbemLocator;
SWbemServices : ISWbemServices;
SWbemObjectSet: ISWbemObjectSet;
SWbemObject : ISWbemObject;
SWbemPropertySet: ISWbemPropertySet;
oEnum : IEnumvariant;
iValue : LongWord;
i : integer;
TempObj : OleVariant;
Res: TEventLog;
sEventCode: string;
sList : TStringList;
const
EventCodes: array[0..5] of string = ('4656', '1102'{, '5140','5142','5143'},'4663','4659',
'4907',{'4660',}'4670');
begin
CoInitialize(nil);
try
try
if SWbemServices = nil then
begin
FSWbemLocator := CoSWbemLocator.Create;
SWbemServices := FSWbemLocator.ConnectServer(domain, 'root\CIMV2', user, password, '','',0,nil);
end;
for I := Low(EventCodes) to High(EventCodes) do
begin
sEventCode := EventCodes[I];
SWbemObjectSet:= SWbemServices.ExecQuery('SELECT Category,'+
' ComputerName,'+
' EventCode,'+
' Message,'+
' RecordNumber,'+
' EventType,'+
' TimeGenerated,'+
' TimeWritten,'+
' User,'+
' Type,'+
' EventIdentifier,'+
' SourceName FROM Win32_NTLogEvent'+
' WHERE Logfile = '+#39+'Security'+#39+ ' and EventCode=' + sEventCode,'WQL',0, nil);
oEnum := (SWbemObjectSet._NewEnum) as IEnumVariant;
while oEnum.Next(1, TempObj, iValue) = 0 do
begin
SWbemObject := IUnknown(TempObj) as ISWBemObject;
SWbemPropertySet:= SWbemObject.Properties_;
try Res.Category := VarStrNull(SWbemPropertySet.Item('Category', 0).Get_Value); except end;
try Res.ComputerName := VarStrNull(SWbemPropertySet.Item('ComputerName', 0).Get_Value); except end;
try Res.sMessage := VarStrNull(SWbemPropertySet.Item('Message', 0).Get_Value); except end;
try Res.RecordNumber := StrToInt(VarStrNull(SWbemPropertySet.Item('RecordNumber', 0).Get_Value)); except end;
try Res.EventCode := StrToInt(VarStrNull(SWbemPropertySet.Item('EventCode', 0).Get_Value)); except end;
try Res.EventType := VarStrNull(SWbemPropertySet.Item('EventType', 0).Get_Value); except end;
try Res.TimeGenerated := VarStrNull(SWbemPropertySet.Item('TimeGenerated', 0).Get_Value); except end;
try Res.TimeWritten := VarStrNull(SWbemPropertySet.Item('TimeWritten', 0).Get_Value); except end;
try Res.SourceName := VarStrNull(SWbemPropertySet.Item('SourceName', 0).Get_Value); except end;
try Res.User := VarStrNull(SWbemPropertySet.Item('User', 0).Get_Value); except end;
try Res.sType := VarStrNull(SWbemPropertySet.Item('Type', 0).Get_Value); except end;
try Res.EventIdentifier := VarStrNull(SWbemPropertySet.Item('EventIdentifier', 0).Get_Value); except end;
Proc(Res);
TempObj:=Unassigned;
end;
end;
except on E: Exception do
begin
sList := TStringList.Create;
if FileExists(ExtractFilePath(GetModuleName(HInstance))+ 'log.txt') then
sList.LoadFromFile(ExtractFilePath(GetModuleName(HInstance))+ 'log.txt');
sList.Add(DateTimeToStr(Now) + ' - ' + E.Message + ' - Proc: GetLogEvents');
sList.SaveToFile(ExtractFilePath(GetModuleName(HInstance))+ 'log.txt');
sList.Free;
end;
end;
finally
CoUninitialize();
end;
end;
serkan gunes
Ṃųỻịgǻňạcểơửṩ0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0