We have several "RDX" USB cartridge drives on customers' sites. Normally they don't log anything to the Windows event logs. This changes after you install the optional "RDX Tools". After the installation you start seeing entries in the "Application" log made by a source called "RDXmon". (And there is a now a service called RDXmon that runs C:\Program Files (x86)\RDX\Service\RDXmon.exe.)
And this source does not seem to be properly installed with Windows.
The strings are not correctly resolved. Instead you get messages like these that are prefixed with Windows boiler plate:
The description for Event ID 0 from source RDXmon cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
RDXmon:
MediaInsereted() IOCTL failed. Device:1--(Error code:2) The system cannot find the file specified.
(I guess MediaInsereted is a weird typo for "MediaInserted".)
QUESTION: Did anybody manage to fix this?
- Can anybody shed light on this? Is this incorrectly installed, or is RDXmon just a debugging tool and they simply didn't bother to correctly integrate it with Windows?
- Or, to put it differently: Has anybody managed to get
RDXmonoutput proper messages?
I couldn't find much via Google and there seems to be no official Tandberg discussion forum. And there seems to be no documentation for "RDXmon".
Further info: Provider not registered
I think the provider/publisher/source is not registered. (I am unclear about the exact terminology.)
At least WEvtUtil comes up empty:
PS C:\> wevtutil enum-publishers | findstr /I rdx
PS C:\>
(I am assuming that WEvtUtil.exe's "Publisher" is identical to what PowerShell's Get-WinEvent calls a "Provider" and what eventvwr.msc calls a "Source". Correct me if I'm wrong.)
And although it is not registered, it still logs to the "Application" log:
PS C:\> Get-WinEvent -Logname Application -MaxEvents 1111 2>$null |
where {$_.providername -eq 'RDXmon'} |
select providername, logname, Containerlog |
select -first 3
ProviderName LogName ContainerLog
------------ ------- ------------
RDXmon Application application
RDXmon Application application
RDXmon Application application
I tried registering the provider like so:
New-EventLog -LogName application -Source RDXmon
But that made things even more enreadable, so I undid that again.
Just registering the provider won't fix the issue, since what you are missing is the event message file. Based on the typo and the fact that it's not registered, I'd unfortunately have to assume that they didn't even create a message file DLL.
I highly recommend you take a look at this article for a background on this: https://www.eventsentry.com/blog/2008/04/event-log-message-files-the-de.html.
Looking at the event you posted, I suspect that they don't even know what a message DLL is, and are just logging the error messages to the event log (event id 0 is another indicator they have no clue what they are doing in regards to event logging).
But ultimately this is something they would have to fix, so I'd contact their support team and bug them about it: http://www.tandbergdata.com/emea/index.cfm/contact/contact-support/contact-support-europe-and-africa/. I'd send them the link the above references blog article as well as this one:
https://www.eventsentry.com/blog/2010/11/creating-your-very-own-event-m.html
so that they can educate themselves on this topic :-).