Thursday, July 16, 2015

I recently was using Exmon to trace a troublesome user and it crashed during the trace.  When this happens a lot of the time the Exchange trace will be left running so you are unable to launch Exmon again.  If you google the error "unknown starttrace error (183)" you get many hits that tell you to use logman to query and then stop the trace.  The problem is they all use syntax that seems to no longer work:

Old syntax:  logman stop "exchange event trace" -ets

Trying to use this command only triggers an error:

H:\>logman stop "Exchange Event Trace" -ets
Argument 'Event' is unknown.
Argument 'Trace"' is unknown.

Error:
The parameter is incorrect.

Using the following syntax correctly stops the Exchange trace:

logman stop -name "exchange event trace" -ets

Not sure when this changed (maybe a service pack) but this was the only way to successfully
stop the trace on a Windows Server 2008 R2 box.  YMMV.