Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WARNING -Provider resources not accessible running wevtutil

Tags:

windows

events

provider

etw

I need help solving the "Provider '' resources not accessible when trying to create a windows event provider. I create my manifest file with the ManGen utility, and name my '.exe' file as my message and resource file. I compile the '.rc' file with my exe file and the expected'.res' file are generated. However, when I run wevtutil I keep getting the 'resources not accessible' warning.

like image 512
Robert G Avatar asked Feb 09 '12 18:02

Robert G

2 Answers

When you install your manifest (e.g. wevtutil im manifest.man), you should see some sort of a warning if the resources aren't available:

**** Warning: Publisher EventsProvider resources are not accessible.

To get some additional information, try to retrieve information on one of the publishers. For example:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. Access denied.

Ok, the above suggests a permissions problem, so let me make the path accessible and try again:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. The specified resource
type cannot be found in the image file.

For the above, it looks like the resource didn't get compiled in correctly.

If you go File->Open with VS and open your exe in the resource viewer you should be able to see the resources that were compiled in. You should at least have a "WEVT_TEMPLATE" entry.

For the resource to be compiled in correctly, csc needs to be passed the resource as follows:

csc /win32res:<Resource.res>
like image 72
Kaleb Pederson Avatar answered Oct 13 '22 09:10

Kaleb Pederson

The dll you are registering needs to have a particular set of file permissions. I suspect that the event logging service runs under the "local service" account. So just giving SYSTEM access rights is not enough. I solved by problem by giving the "USERS" group on my PC "read & execute" priviledges.

I ran into a nasty problem that took a day to track down. I shared my project working folder and then unshared it. For some reason this removed the "USERS" access priviledges. I think this is the reason than the event tracing samples in the windows SDK copy all the dlls to a special folder under the C drive and install the provider from there. When you create folders under C drive the USERS group is given access automatically.

like image 43
Matt Dawson Avatar answered Oct 13 '22 09:10

Matt Dawson
Sign in to Comment

Related questions

Why is GetIsNetworkAvailable() always returning true?
Registering a custom win32 window class from c#
Programmatically getting system boot up time in c++ (windows)
How do I access bottle development server from another PC on the LAN?
Trouble with starting Node.js from a Cygwin console
Windows [cmd.exe] command to display a messagebox with timeout?
Git - Windows AND linux line-endings
Python worker failed to connect back
Batch File input validation - Make sure user entered an integer
How to find "My Documents" folder in Java
Changing to remove path from environment variable PATH
Getting a handle to the process's main thread
how to manually remove MSI installation?
Mysql datetime DEFAULT CURRENT_TIMESTAMP error
How to uninstall Atom text editor on Windows?
Dissallowing resize of a window form
Add advanced features to a tkinter Text widget
Detect the number of cores on windows
In CMD "python" starts Python 3.3, "py" starts Python 2.7, how do I change this?
Can't start MySQL, port 3306 busy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!