Understanding Extended Error Information
Extended error information is an array of records, each indicating the passing of the error code through a particular layer in the system or application. If an error occurs on a machine C, as it is called from machine B, which in turn is called from machine A, the RPC run time on machine C generates one or more records describing the error, and passes them to machine B. Machine B can add one or more records to the head of the existing chain, and passes the full chain to A. A can add one or more records, and display or log the information. Essentially, then, the extended error chain represents the history of the error.
Extended error information does not replace the error code (the RPC_S_* status code). Regardless of how much or whether extended error information is generated, the error code remains unchanged.
Each extended error information record contains the following. Please see RPC_EXTENDED_ERROR_INFO for more information:
ComputerName—this is the non-qualified DNS name of the computer on which the error originated. Only records on machine boundaries have this information. For example, in the scenario described earlier with machines A, B, and C, the ComputerName is defined for the following fields:
Record ComputerName field Record #1 generated by machine C - Record #2 generated by machine C - Record #3 generated by machine C C Record #1 generated by machine B - Record #2 generated by machine B - Record #3 generated by machine B B Record #1 generated by machine A - Record #2 generated by machine A - Record #3 generated by machine A - Head of the chain
ProcessID—process identifier of the process that generated the error.
TimeStamp—time when the error occurred, expressed in UTC format.
Generating Component—integer code definition of the logical component that generated the error. The following components are currently defined:
Code Name Description 1 Application The component owning the manager routine for the particular RPC call 2 Runtime The RPC run time 3 Security Provider The security provider for this call. 4 NPFS The NPFS file system 5 RDR The Redirector 6 NMP The named pipe system. This can be either NPFS or RDR, but in many cases the RPC run time does not know who performed the requested the operation, and in such cases NMP is returned. 7 IO The IO system or a driver used by the IO system. This can be either NPFS, RDR, or a Winsock provider. 8 Winsock The Winsock provider 9 Authz code The Authorization APIs. 10 LPC The Local Procedure Call facility.
- Status—error code generated or returned by the layer
- DetectionLocation—unique number identifying the location of the code where the error was detected. This field is tied to the code, and will change from version to version. A separate list of the most commonly encountered detection locations will be published.
- Flags—flags specifying information about the record. The currently defined flags are EEInfoPreviousRecordsMissing and EEInfoNextRecordsMissing, corresponding to numeric values 1 and 2, respectively. If EEInfoPreviousRecordsMissing is set, one or more records before that record is missing. If EEInfoNextRecordsMissing is set, one or more records after that record are missing. For description of why records may be missing, see Reliability of Extended Error Information.
- Up to four error parameters. An error parameter is a lightweight variant structure providing additional information about the error. The additional information is dependent upon the error and the detection location. The parameters can be of type ANSI string (LPSTR), Unicode String (LPWSTR), long value (long), short value (short), pointer (int64), or none.