获取事件日志 - 一些事件日志源缺少有效的消息

我正在使用get-eventlog来提取和过滤系统事件日志数据。我发现get-eventlog无法正确返回某些条目关联的消息。在事件日志查看器中，这些条目通常会显示。例如：

get-eventlog -logname system | ? { $_.source -eq "Microsoft-Windows-Kernel-General" }

返回8个条目，所有这些条目都有以下格式的消息:

The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  
The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them.  
The following information is part of the event:'6', '1', '7601', '18798', '1', '0', '2015-06-13T08:33:32.359599800Z'

如果我筛选相同来源的系统事件日志，我可以清楚地看到完整的消息。例如：

The operating system started at system time ‎2015‎-‎06‎-‎13T08:33:32.359599800Z.

我运行了以下命令，以查看是否有其他提供商无法返回有效的事件消息：

get-eventlog -LogName system | ? { $_.Message -like "The description for Event ID*" }  | Group-Object -Property Source | Select-Object -Property Name

Name
----
Microsoft-Windows-Kernel-General
DCOM
WinRM
Microsoft-Windows-Iphlpsvc

我在事件日志查看器中检查了DCOM、WinRM和Iphlpsvc源的相应条目，并确认正确的消息可见。
我在管理员级别的PowerShell控制台中运行了测试脚本。
有什么想法吗？
编辑：进一步研究发现，PsLogList似乎也存在同样的问题，而WEVTUTIL则没有。
编辑：在Windos的建议下，我尝试了get-winevent。我之前尝试过这个方法，发现它根本不返回任何消息数据。我再次尝试并得到了相同的结果。然后我尝试了

Get-WinEvent -ProviderName "Microsoft-Windows-Kernel-General"

产生了以下错误

Could not retrieve information about the Microsoft-Windows-Kernel-General provider. Error: The locale specific resource for the desired message is not present.

一番搜索后，我找到了 'https://p0w3rsh3ll.wordpress.com/2013/12/13/why-does-my-get-winevent-command-fail/' 的文章，他也遇到了同样的错误信息。他认为这是由于区域设置引起的。我在澳大利亚，所以我的控制面板中的“格式”设置为“英语（澳大利亚）”。我将其更改为“英语（美国）”，启动了一个新的PS控制台，用 get-culture 确认我现在在美国，并重新运行了 get-winevent 命令。

Get-WinEvent -ProviderName "Microsoft-Windows-Kernel-General" | select-object -property Message

瞧，...

Message
-------
The system time has changed to ?2015?-?07?-?12T01:06:52.405000000Z from ?2015?-?07?-?12T01:05:51.764208900Z.
The system time has changed to ?2015?-?07?-?12T01:05:09.671000000Z from ?2015?-?07?-?12T01:04:09.226010500Z.
The system time has changed to ?2015?-?07?-?12T01:03:49.119000000Z from ?2015?-?07?-?12T01:02:48.060593100Z.
The system time has changed to ?2015?-?07?-?12T01:02:32.128000000Z from ?2015?-?07?-?12T01:01:29.610105600Z.
The system time has changed to ?2015?-?06?-?13T08:41:12.267000000Z from ?2015?-?06?-?13T08:41:12.404273100Z.
The operating system started at system time ?2015?-?06?-?13T08:33:32.359599800Z.
The operating system is shutting down at system time ?2015?-?06?-?13T08:33:05.091743100Z.
The system time has changed to ?2015?-?06?-?13T08:32:58.947000000Z from ?2015?-?06?-?13T08:32:58.947959900Z.

然而遗憾的是 - 没有改变得到 get-eventlog

get-eventlog -logname system | ? { $_.Source -eq "microsoft-windows-kernel-general" } | select-object -property Message

Message
-------
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...
The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer ...
The description for Event ID '13' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer ...
The description for Event ID '1' in Source 'Microsoft-Windows-Kernel-General' cannot be found.  The local computer m...