Does anyone use Windows server 2022 as a monitoring server for SQL Sentry without any problems?

Getting always following error.

Windows]: SQL?????.CCREK.BE
[Message]: Error synchronizing history for event source: SQL?????.CCREK.BE: Windows Event Log An error has occurred:
Message: We do not have 18 variants given for the UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues flag. (System Properties)

System.InvalidOperationException: We do not have 18 variants given for the UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues flag. (System Properties)
at System.Diagnostics.Eventing.Reader.NativeWrapper.EvtRenderBufferWithContextSystem(EventLogHandle contextHandle, EventLogHandle eventHandle, EvtRenderFlags flag, SystemProperties systemProperties, Int32 SYSTEM_PROPERTY_COUNT)
at System.Diagnostics.Eventing.Reader.EventLogRecord.PrepareSystemData()
at System.Diagnostics.Eventing.Reader.EventLogRecord.get_RecordId()
at Intercerve.SqlSentry.Providers.WindowsEventLogEventSourceTypeSynchronizer.TranslateHistoryDataMasterInternal(Object sourceObject, EventSourceAccessor eventSource, EventSourceConnectionAccessor eventSourceConnection)
at Intercerve.SqlSentry.Providers.WindowsEventLogHistorySynchronizer.ProcessDataRow(EventRecord eventRecord, Func`2 cutoffPredicate, EventSourceAccessor eventSource, EventSourceConnectionAccessor eventSourceConnection, TimeSpanOffsets serverTimeSpanOffsets, ICriteriaOperator criteriaOperator, RemoteSequenceOffset remoteSequenceOffset)
at Intercerve.SqlSentry.Providers.WindowsEventLogHistorySynchronizer.SynchronizeHistory(EventSourceConnectionBase eventSourceConnection, EventSourceAccessor eventSource)
at Intercerve.SqlSentry.Providers.EventSourceSynchronizer.SynchronizeHistory(Nullable`1 managementEngineID, EventManagerWatchTask eventManagerWatchTask)
at SqlSentry.Server.EventHistoryMonitor.SynchronizeHistory(WorkQueueItem`1 workQueueItem)
----------------------------------------------------------------------
[Timestamp (Local)]: 20/04/2022 15:24:33 [Timestamp (UTC)]: 20/04/2022 13:24:33 [Generated By]: SolarWinds SQL Sentry 2021.18 Server [????21]
[Version]: 2021.18.8.31174
[Monitor Type]: EventHistoryMonitor
[Condition]: Event History Monitor: Error [Response Ruleset]: Notify Every Time (default) Debugging Information:
[Response Ruleset Definition]:
Start Sending Notifications After 1 occurrence within 00:00:01 [First Occurrence (UTC)]: 20/04/2022 13:24:33 [Last Occurrence (UTC)]: 20/04/2022 13:24:33 [Total Count]: 1 [First Message Sent Count]: 0 [First Message Sent (UTC)]: 20/04/2022 13:24:33 [Last Message Sent Count]: 0 [Last Message Sent (UTC)]: 20/04/2022 13:24:33 [Configured Object Name]: Global [Configured Object Type]: Global

Parents Reply Children
  • Can you confirm that your test was done on the Monitoring Service host and remotely connecting to one of the targets effected by this error? Are the Monitoring Service hosts and effected targets on the latest update of Windows Server 2022?

  • yes.

    Hereby the PowerShell test on the monitoring host

    Note that PowerShell Get-WinEvent is also affected by this because it uses System.Diagnostics.Eventing.Reader.EventLogRecord:

    PS C:\Windows\system32> Get-WinEvent -ComputerName sqlsvc01 -ProviderName Microsoft-Windows-Security-Auditing


    ProviderName: Microsoft-Windows-Security-Auditing

    TimeCreated Id LevelDisplayName Message
    ----------- -- ---------------- -------
    14/06/2022 16:02:21 4634 Information An account was logged off....
    14/06/2022 16:02:10 4624 Information An account was successfully logged on....
    14/06/2022 16:02:10 4672 Information Special privileges assigned to new logon....
    14/06/2022 16:02:10 4624 Information An account was successfully logged on....
    14/06/2022 16:02:10 4672 Information Special privileges assigned to new logon....
    14/06/2022 16:02:10 4634 Information An account was logged off....
    14/06/2022 16:02:10 4624 Information An account was successfully logged on....
    14/06/2022 16:02:10 4672 Information Special privileges assigned to new logon....
    14/06/2022 16:02:10 4624 Information An account was successfully logged on....
    14/06/2022 16:02:10 4672 Information Special privileges assigned to new logon....
    14/06/2022 16:02:10 4634 Information An account was logged off....
    14/06/2022 16:02:09 4624 Information An account was successfully logged on....
    14/06/2022 16:02:09 4648 Information A logon was attempted using explicit credentials....

    See  System.Diagnostics.Eventing.Reader.EventLogRecord throws an InvalidOperationException on Windows 11 · Issue #60740 · dotnet/runtime (github.com)