This content has been marked as final. Show 8 replies
ignore it - it's trying to make a snapshot of the EEPC pre-boot volume...
Here's what I did.
1. Started System Restore, noticed no restore point (even though I knew I'd taken a manual one before). Took a manual restore point.
2. Rebooted and before EEPC Synch took place (we have a delay in synch), started System Restore and confirmed restore point there.
3. Clicked Synchronize in EEPC Status dialog.
4. Started System Restore -- NO restore points.
Here's the event log
Event Type: Error
Event Source: sr
Event Category: None
Event ID: 1
The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume.
and here's the EEPC client log
5/5/2009 6:04:04 PM Starting synchronization
5/5/2009 6:04:04 PM SbFs total space = 20879360 bytes (19.91 MB)
5/5/2009 6:04:04 PM SbFs free space = 19714048 bytes (18.80 MB)
5/5/2009 6:04:04 PM Connecting to database: "REDACTED"
5/5/2009 6:04:04 PM Address=REDACTED
5/5/2009 6:04:04 PM Port=5555
5/5/2009 6:04:04 PM Authenticate=Yes
5/5/2009 6:04:05 PM Checking for machine configuration updates
5/5/2009 6:04:05 PM Checking for user updates
5/5/2009 6:04:06 PM Checking for token data updates
5/5/2009 6:04:06 PM Checking for SSO updates
5/5/2009 6:04:06 PM Checking for Local Recovery updates
5/5/2009 6:04:06 PM Checking for hashes updates
5/5/2009 6:04:06 PM Transferring local audit information to database
5/5/2009 6:04:07 PM Checking for file updates
5/5/2009 6:04:10 PM Applying configuration
5/5/2009 6:04:10 PM Synchronization complete
5/5/2009 6:04:10 PM Automatically synchronizing again in 1440 minute(s)
5/5/2009 6:04:10 PM Applying cryption changes
5/5/2009 6:04:10 PM Not encrypting removable drive H:
Notice the time stamps between the two coincide ...
you won't find bootcode.ini on your c: drive - it's not there.
I would send this to M$ - I expect they are confused as to which drive they are looking at.
I'm sorry but "talk to MS" seems a somewhat disingenuous answer. System Restore is working fine, I install EEPC and it stops working. Furthermore, System Restore's failure occurs exactly when EEPC synchronizes. Please tell me again why this is Microsoft's problem. :confused:
I'm not saying the two are unrelated, I'm saying look at the evidence - system restore has stopped working and the reason is reported to be a file, which does not exist on any drive SR should be monitoring.
Now, if the file existed, I would understand a little, but it does not. My guess is SR is confused as to what drive it's looking at, which would have to be resolved by fixing SR itself?
I expect EEPC is simply pointing out a flaw in SR. EEPC isnt doing anything illegal or odd, it's SR which seems to be confused here.
Unrelated to the original problem here, but you'll probably want your machines to synch a little more often that once every 24 hours. Unless you had a reason not to, I would suggest an interval between 60 and 240 minutes (1-4 hours).
urgh - bad idea and against McAfee recommendations (which is once a day) - why would you want the policy to update so often? Remember the machine will sync on every reboot anyway, so the automatic repeat sync is only to catch those which are lucky enough never to crash or get powered off.
Syncing once an hour if you have a few thousand machines adds a huge load on your network, especially if you have some wan links or latency to deal with.
We have over 5000 machines remotely syncing every 90 minutes. The reason for this is to keep audits current and passwords in sync (for multi-system users). I have never heard of any such recommendation. If the suggestion is once per day, why is it measured in minutes?
Many of our users work offline for hours at a time. If they only synced once a day, we'd have a considerably larger amount of machines in need of isolation recovery.