Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

WARNING -Provider resources not accessible running wevtutil

I need help solving the "Provider '' resources not accessible when trying to create a windows event provider. I create my manifest file with the ManGen utility, and name my '.exe' file as my message and resource file. I compile the '.rc' file with my exe file and the expected'.res' file are generated. However, when I run wevtutil I keep getting the 'resources not accessible' warning.

like image 512
Robert G Avatar asked Feb 09 '12 18:02

Robert G


2 Answers

When you install your manifest (e.g. wevtutil im manifest.man), you should see some sort of a warning if the resources aren't available:

**** Warning: Publisher EventsProvider resources are not accessible.

To get some additional information, try to retrieve information on one of the publishers. For example:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. Access denied.

Ok, the above suggests a permissions problem, so let me make the path accessible and try again:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. The specified resource
type cannot be found in the image file.

For the above, it looks like the resource didn't get compiled in correctly.

If you go File->Open with VS and open your exe in the resource viewer you should be able to see the resources that were compiled in. You should at least have a "WEVT_TEMPLATE" entry.

For the resource to be compiled in correctly, csc needs to be passed the resource as follows:

csc /win32res:<Resource.res>
like image 72
Kaleb Pederson Avatar answered Oct 13 '22 09:10

Kaleb Pederson


The dll you are registering needs to have a particular set of file permissions. I suspect that the event logging service runs under the "local service" account. So just giving SYSTEM access rights is not enough. I solved by problem by giving the "USERS" group on my PC "read & execute" priviledges.

I ran into a nasty problem that took a day to track down. I shared my project working folder and then unshared it. For some reason this removed the "USERS" access priviledges. I think this is the reason than the event tracing samples in the windows SDK copy all the dlls to a special folder under the C drive and install the provider from there. When you create folders under C drive the USERS group is given access automatically.

like image 43
Matt Dawson Avatar answered Oct 13 '22 09:10

Matt Dawson