System Restore - cause of failure?

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Recently I installed Norton Internet Security 2005 and ran into some problems.

I decided to run System Restore to return to a point before the
installation. Sadly, System Restore failed. I ran the System Restore
diagnosis tool and looked at the logs files.

I found the following messages:
.. . . .
3346,3396,1370482, Create, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf,
C:\System Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP492\A0379873.rbf,
3347,3397,1370482, SetACL, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3348,3398,1370482, Attrib, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3349,3399,1370481, Delete, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3350,3400,1370480, Attrib, Ignored, 2, C:\Config.Msi\964cb0.rbf, ,
3351,3401,1370479, Rename, Fail, 1168, C:\Program Files\Common
Files\Symantec Shared\IDS\IdsInst.exe, C:\Config.Msi\964cb0.rbf,
3352, , , START UNDO
3353, 0,1378263, Create, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, C:\System Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385300.exe,
3354, 1,1378263, SetACL, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3355, 2,1378263, Attrib, OK, 0, C:\Program Files\Common Files\Symantec
Shared\IDS\IdsInst.exe, ,
3356, 3,1378262, Delete, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
3357, 4,1378261, Create, OK, 0, C:\WINDOWS\Installer\964cb1.msi, C:\System
Volume
Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385299.msi,
3358, 5,1378261, SetACL, OK, 0, C:\WINDOWS\Installer\964cb1.msi, ,
3359, 6,1378261, Attrib, OK, 0, C:\WINDOWS\Installer\964cb1.msi, ,
.. . . .

Which suggest to me that SR found a problem with the file IdsInst.exe.
But can anyone tell me what the problem actually was.?

many thanks
--
Simon 1972

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi Simon,

I suspect Norton is up to it's old tricks, going places it should not
and messing up Windows functions.

Go to Start - Run and type eventvwr.msc and press enter.

Click the Source tab to sort by name, look for "sr" and "srservice."

Double-click each of these services and post the description, EventID
and Source of the events pertaining to the IdsInst.exe file.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


Simon 1972 wrote:
> Recently I installed Norton Internet Security 2005 and
> ran into some problems.
>
> I decided to run System Restore to return to a point
> before the
> installation. Sadly, System Restore failed. I ran the
> System Restore diagnosis tool and looked at the logs files.
>
> I found the following messages:
> . . . .
> 3346,3396,1370482, Create, OK, 0,
> C:\RECYCLER\NPROTECT\00665232.rbf, C:\System Volume
> Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP492\A0379873.rbf,
> 3347,3397,1370482, SetACL, OK, 0,
> C:\RECYCLER\NPROTECT\00665232.rbf, , 3348,3398,1370482,
> Attrib, OK, 0, C:\RECYCLER\NPROTECT\00665232.rbf, ,
> 3349,3399,1370481, Delete, OK, 0, C:\Program Files\Common
> Files\Symantec Shared\IDS\IdsInst.exe, ,
> 3350,3400,1370480, Attrib, Ignored, 2,
> C:\Config.Msi\964cb0.rbf, , 3351,3401,1370479, Rename,
> Fail, 1168, C:\Program Files\Common
> Files\Symantec Shared\IDS\IdsInst.exe,
> C:\Config.Msi\964cb0.rbf, 3352, , , START UNDO
> 3353, 0,1378263, Create, OK, 0, C:\Program Files\Common
> Files\Symantec Shared\IDS\IdsInst.exe, C:\System Volume
> Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385300.exe,
> 3354, 1,1378263, SetACL, OK, 0, C:\Program Files\Common
> Files\Symantec Shared\IDS\IdsInst.exe, ,
> 3355, 2,1378263, Attrib, OK, 0, C:\Program Files\Common
> Files\Symantec Shared\IDS\IdsInst.exe, ,
> 3356, 3,1378262, Delete, OK, 0,
> C:\RECYCLER\NPROTECT\00665232.rbf, , 3357, 4,1378261,
> Create, OK, 0, C:\WINDOWS\Installer\964cb1.msi, C:\System
> Volume
> Information\_restore{62FFCE82-38A2-480D-AAD1-DDDEAF923286}\RP493\A0385299.msi,
> 3358, 5,1378261, SetACL, OK, 0,
> C:\WINDOWS\Installer\964cb1.msi, , 3359, 6,1378261,
> Attrib, OK, 0, C:\WINDOWS\Installer\964cb1.msi, , . . . .
>
> Which suggest to me that SR found a problem with the file
> IdsInst.exe.
> But can anyone tell me what the problem actually was.?
>
> many thanks

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Bert,
As requested, here is the Event Viewer info:
Event Type: Information
Event Source: SRService
Event Category: None
Event ID: 111
Date: 28/04/2005
Time: 22:29:51
User: N/A
Computer: SDS01
Description:
A restoration to "after NAV uninstall" restore point failed. No changes
have been made to the system.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

- so all it says to me is that System Restore did not run to completion
- the link to MS did not reveal anything useful.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi Simon,

To troubleshoot, completely uninstall Norton Internet Security 2005.
This will include going to the Symantec web site and downloading there
uninstall utility and running it.

At this point reboot the system and test System Restore by trying to
do a restore.
If this fails, create a restore point and try restoring to it.

Here are some more tips on System Restore failures.
System Restore Failures to restore
http://home.earthlink.net/~mvp_bert/html/body_srfail.html

Please post back with the results.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


Simon 1972 wrote:
> Bert,
> As requested, here is the Event Viewer info:
> Event Type: Information
> Event Source: SRService
> Event Category: None
> Event ID: 111
> Date: 28/04/2005
> Time: 22:29:51
> User: N/A
> Computer: SDS01
> Description:
> A restoration to "after NAV uninstall" restore point
> failed. No changes have been made to the system.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> - so all it says to me is that System Restore did not run
> to completion
> - the link to MS did not reveal anything useful.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Bert, hi there,

Sorry for the delay.
1 I created a new System Restore point, then installed another piece of
software.
2 I could successfully restore to that Restore point.

3 I uninstalled NIS 2005.
4 I could still restore to Restore points created after the NIS2005 install.
5 I could not restore to the Restore point created immediately before the
NIS install

So it looks to me that System rRestore itself is working OK.

I would still like to know what the meaning of the error in the System
Restore Log means so that I can get Symantec to investigate.

many thanks
Simon




"Bert Kinney" wrote:

> Hi Simon,
>
> To troubleshoot, completely uninstall Norton Internet Security 2005.
> This will include going to the Symantec web site and downloading there
> uninstall utility and running it.
>
> At this point reboot the system and test System Restore by trying to
> do a restore.
> If this fails, create a restore point and try restoring to it.
>
> Here are some more tips on System Restore failures.
> System Restore Failures to restore
> http://home.earthlink.net/~mvp_bert/html/body_srfail.html
>
> Please post back with the results.
>
> --
> Regards,
> Bert Kinney MS-MVP Shell/User
> http://dts-l.org/
>
>
> Simon 1972 wrote:
> > Bert,
> > As requested, here is the Event Viewer info:
> > Event Type: Information
> > Event Source: SRService
> > Event Category: None
> > Event ID: 111
> > Date: 28/04/2005
> > Time: 22:29:51
> > User: N/A
> > Computer: SDS01
> > Description:
> > A restoration to "after NAV uninstall" restore point
> > failed. No changes have been made to the system.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > - so all it says to me is that System Restore did not run
> > to completion
> > - the link to MS did not reveal anything useful.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

You mentioned in an earlier post that you ran the SR diagnostic tool.
Where you referring to srdiag.exe?

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/



Simon 1972 wrote:
> Bert, hi there,
>
> Sorry for the delay.
> 1 I created a new System Restore point, then installed
> another piece of software.
> 2 I could successfully restore to that Restore point.
>
> 3 I uninstalled NIS 2005.
> 4 I could still restore to Restore points created after
> the NIS2005 install. 5 I could not restore to the Restore
> point created immediately before the NIS install
>
> So it looks to me that System rRestore itself is working
> OK.
>
> I would still like to know what the meaning of the error
> in the System Restore Log means so that I can get
> Symantec to investigate.
>
> many thanks
> Simon
>
>
>
>
> "Bert Kinney" wrote:
>
>> Hi Simon,
>>
>> To troubleshoot, completely uninstall Norton Internet
>> Security 2005. This will include going to the Symantec
>> web site and downloading there uninstall utility and
>> running it.
>>
>> At this point reboot the system and test System Restore
>> by trying to do a restore.
>> If this fails, create a restore point and try restoring
>> to it.
>>
>> Here are some more tips on System Restore failures.
>> System Restore Failures to restore
>> http://home.earthlink.net/~mvp_bert/html/body_srfail.html
>>
>> Please post back with the results.
>>
>> --
>> Regards,
>> Bert Kinney MS-MVP Shell/User
>> http://dts-l.org/
>>
>>
>> Simon 1972 wrote:
>>> Bert,
>>> As requested, here is the Event Viewer info:
>>> Event Type: Information
>>> Event Source: SRService
>>> Event Category: None
>>> Event ID: 111
>>> Date: 28/04/2005
>>> Time: 22:29:51
>>> User: N/A
>>> Computer: SDS01
>>> Description:
>>> A restoration to "after NAV uninstall" restore point
>>> failed. No changes have been made to the system.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>> - so all it says to me is that System Restore did not
>>> run to completion
>>> - the link to MS did not reveal anything useful.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

bert,
yep - i ran srdiag.exe.
It ran for over 18 minutes at about 100% cpu with no progress messages.
At the end it produced a .cab file (accessible with WinRAR) and I looked
though the various files to see what I could see.

HTH

"Bert Kinney" wrote:

> You mentioned in an earlier post that you ran the SR diagnostic tool.
> Where you referring to srdiag.exe?
>
> --
> Regards,
> Bert Kinney MS-MVP Shell/User
> http://dts-l.org/
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Hi Simon,

Yes it does take some time to run.

You may want to send the log and text files to Symantec.

Would you send me the SR-EventLogs.TXT so I can take a look?

Send to bert@NSmvps.org Remove the NS.

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


Simon 1972 wrote:
> bert,
> yep - i ran srdiag.exe.
> It ran for over 18 minutes at about 100% cpu with no
> progress messages. At the end it produced a .cab file
> (accessible with WinRAR) and I looked though the various
> files to see what I could see.
>
> HTH
>
> "Bert Kinney" wrote:
>
>> You mentioned in an earlier post that you ran the SR
>> diagnostic tool. Where you referring to srdiag.exe?
>>
>> --
>> Regards,
>> Bert Kinney MS-MVP Shell/User
>> http://dts-l.org/