Discrepancy between Event Log taken from Powershell and with Event Log Viewer

Question

Domain Controller OS - Window Server 2008 R2

Please see the First PrintScreen attached (Powershell.png). with the help of Powershell command I am trying to check the event Log of my DC. Please note the Red Rectangle Colour Box. Failure Reason: %%2313 "

enter image description here

But the same log if i check from Event Viewer ( Second Print-Screen Attached - EventViewer.png ) the same Event ID, here it Clearly shows the "Failure Reason: Unknown user name or bad Password"

enter image description here

Why with Powershell the same event id shows Failure reason with some syntax and in Event Viewer log of windows, it display correct?

Thanks Micheal Hampton for your comment.So,how should i correct this problem? Because with the help of Powershell i get mail for the event id and in mail we are unable to know the real reason. — Param, Feb 16 '13 at 08:56

score 2 · Accepted Answer · answered Feb 16 '13 at 12:23

On Windows Vista and later you should use Get-WinEvent as it can read the extended event data more of the time

For more detail about this command you can use -? symbol. or Refer to this article http://technet.microsoft.com/en-us/library/hh849682.aspx

Discrepancy between Event Log taken from Powershell and with Event Log Viewer

1 Answers1