Upgrading to 10.8049.22439.1084 break event viewer Sense logs.

Occasional Contributor

Hello,

 

We are rolling out KB5005292 on our 2016 servers and so far tests servers we used lost Sense event viewer logs.

Trying to get it from powershell with the following command line :

Get-WinEvent -FilterHashtable @{ProviderName="Microsoft-Windows-Sense" ;ID=1}

Generate the following result : 

LoicM_0-1661205819040.png

 

Checking Kernel-EventTracing we get the following : 

LoicM_1-1661206005166.png

 

LoicM_2-1661206013634.png

 

One interesting thing is a new registry key was discovered on those devices :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\

LoicM_3-1661206092326.png

LoicM_5-1661206172949.png

 

LoicM_4-1661206102605.png

 

Comparing with servers on 10.8048.22439.1065 those keys are new.

 

Anyone faced the same issues? 

1 Reply

One interesting thing, we can reproduce only on machine which have been manually upgraded with the executable downloaded from the Microsoft Catalog.

If the upgrade is installed through WU, it's working fine.