Error : The extended message field (XM) is not set. This field must be
set for the collector to parse the data correctly.

SLM 1.2.0.2_954
Microsoft Active Directory 2011.r3 Collector
WMS Connector 2011.r2 Connector
100+ Windows Server 2003/2008/2008R Event Sources

Just upgraded My Collector and Connector to the latest versions and am
getting a massive amount of error messages,as above, logged in my
collector_mgr0.0.log.

I read the WEC (WMI) connector PDF that came with the connector upgrade.
It mentions in Section D about MessageEncoding which is the only doco i
can find that relates to this XM field.

The error seems to identify that this field is somehow not mapped??

ERROR:

Tue Apr 16 14:35:42 EST 2013|WARNING|Collector [Microsoft Active
Directory
2011.r3]|esecurity.ccs.comp.evtsrcmgt.collector.util.Scrip tEngineContext.log
Microsoft Active Directory
2011.r3(BC28F780-09A7-102E-84E6-005056BD0009) HandledException: The
extended message field (XM) is not set. This field must be set for the
collector to parse the data correctly. ; original message:
tgHour04tgMonth04tgDay16tgMinute36 EC4624C12544LSecuritySNMicrosoft-Windows-Security-AuditingISS-1-0-0--0x0S-1-5-21-964449641-485321367-604069355-11192ANOTHERCOMPUTERxxxxx0x59f620303Kerberos Kerberos{1db3x061-76x1-3x79-9bxa-880xf9282838}--00x0-33.33.33.1693885RN74430553tgSecond33XM TAudit
SuccessET4tgTime20130416043526.67455CN computer1.xxxxxx.domain.com.authiseventtgYea r2013EI4624


--
darrynv
------------------------------------------------------------------------
darrynv's Profile: https://forums.netiq.com/member.php?userid=529
View this thread: https://forums.netiq.com/showthread.php?t=47557