14

I need help solving the "Provider '' resources not accessible when trying to create a windows event provider. I create my manifest file with the ManGen utility, and name my '.exe' file as my message and resource file. I compile the '.rc' file with my exe file and the expected'.res' file are generated. However, when I run wevtutil I keep getting the 'resources not accessible' warning.

Lars Truijens
  • 42,837
  • 6
  • 126
  • 143
Robert G
  • 149
  • 1
  • 6

4 Answers4

15

When you install your manifest (e.g. wevtutil im manifest.man), you should see some sort of a warning if the resources aren't available:

**** Warning: Publisher EventsProvider resources are not accessible.

To get some additional information, try to retrieve information on one of the publishers. For example:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. Access denied.

Ok, the above suggests a permissions problem, so let me make the path accessible and try again:

c:\...> wevtutil gp <EventProviderName>
Failed to open metadata for publisher <EventProviderName>. The specified resource
type cannot be found in the image file.

For the above, it looks like the resource didn't get compiled in correctly.

If you go File->Open with VS and open your exe in the resource viewer you should be able to see the resources that were compiled in. You should at least have a "WEVT_TEMPLATE" entry.

For the resource to be compiled in correctly, csc needs to be passed the resource as follows:

csc /win32res:<Resource.res>
Kaleb Pederson
  • 45,767
  • 19
  • 102
  • 147
12

The dll you are registering needs to have a particular set of file permissions. I suspect that the event logging service runs under the "local service" account. So just giving SYSTEM access rights is not enough. I solved by problem by giving the "USERS" group on my PC "read & execute" priviledges.

I ran into a nasty problem that took a day to track down. I shared my project working folder and then unshared it. For some reason this removed the "USERS" access priviledges. I think this is the reason than the event tracing samples in the windows SDK copy all the dlls to a special folder under the C drive and install the provider from there. When you create folders under C drive the USERS group is given access automatically.

Matt Dawson
  • 121
  • 1
  • 3
8

I had the exact same error but the solution was slightly different to the other answers that have already been posted. I had to open the manifest file and change the resourceFileName and messageFileName attributes to use absolute paths to the application executable.

Wes
  • 296
  • 2
  • 4
  • This solution is application if running `wevtutil gp ` outputs *Failed to open metadata for publisher . **The system cannot find the file specified.*** – Martin Liversage May 23 '14 at 09:31
  • 3
    If the path names in the manifest file do not match where the dll is, you can use the /mf and /rf options with absolute paths to the actual location. You also need to ensure that the location has given privilege to MACHINE_NAME\Users security group as well. – Eric MSFT Feb 26 '15 at 19:50
  • While working on this for Chrome I kept getting this error and the only good solution was using /mf and /rf. I don't understand why I hit the failure (it's worked for me before) but it's working now. It is odd that wevtutil.exe shows no signs of ever reading from DLL, when tracing with procmon. This makes researching this warning very difficult. – Bruce Dawson Mar 25 '15 at 23:08
7

I experienced the similar problem. The solution is to

  • use absolute paths wherever possible and stay away from relative paths
  • make sure everyone has read access to manifest files

If your manifest files are called manifest.man and manifest.dll, then

  • grant read access to everyone

    icacls %~dp0\manifest.* /t /grant Everyone:R

  • use absolute paths to install (%~dp0 variable could be used if you are using a batch file)

    wevtutil im %~dp0\manifest.man /rf:"%~dp0\manifest.dll" /mf:"%~dp0\manifest.dll"

mert
  • 1,942
  • 2
  • 23
  • 43