App Layering: Splunk installed in a layer can cause Event ID 3 from unifltr in the Windows System event log

This is a special case of CTX221726. Looking in the Windows System event log, you see multiple events like this:

User-added image

Log Name: System

Source: unifltr

Date: 3/24/2018 12:39:50 PM

Event ID: 3

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: ————–

Description:

Unidesk denied an attempt to rename a directory from one of the read only portions of the file system. Please see the Unidesk Administrator for help.

Examining C:Program FilesUnideskUniserviceLogLog0.txt, you see a line like this for each Event ID 3:

[03/28/2018][15:03:37:469] Error Detail Data Length 4 Path DeviceHarddiskVolume1Program FilesSplunkUniversalForwardervarlibsplunkfishbucketsplunk_private_dbsnapshot Offset 0xfffdd6e4 Rename of a directory denied Status 0xc0000022

Related:

Leave a Reply