The source was not found, but some or all event logs could not be searched

Question

I am getting the following exception. I have given full control to Asp.net account on Eventlogs in Registry edit.

[SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.]

System.Diagnostics.EventLog.FindSourceRegistration(String source,  String machineName, Boolean readOnly, Boolean wantToCreate) +664
System.Diagnostics.EventLog.SourceExists(String source, String machineName, Boolean wantToCreate) +109
System.Diagnostics.EventLog.SourceExists(String source) +14 Microsoft.ApplicationBlocks.ExceptionManagement.DefaultPublisher.VerifyValidSource() +41

I guess this is due to some configuration issue on server?

Answer 1

EventLog.SourceExists enumerates through the subkeys of HKLM\SYSTEM\CurrentControlSet\services\eventlog to see if it contains a subkey with the specified name. If the user account under which the code is running does not have read access to a subkey that it attempts to access (in your case, the Security subkey) before finding the target source, you will see an exception like the one you have described.

The usual approach for handling such issues is to register event log sources at installation time (under an administrator account), then assume that they exist at runtime, allowing any resulting exception to be treated as unexpected if a target event log source does not actually exist at runtime.

Answer 2

Had the same exception. In my case, I had to run Command Prompt with Administrator Rights.

From the Start Menu, right click on Command Prompt, select "Run as administrator".

Answer 3

For me this error was due to the command prompt, which was not running under administrator privileges. You need to right click on the command prompt and say "Run as administrator".

You need administrator role to install or uninstall a service.

Answer 4

Launch Developer command line "As an Administrator". This account has full access to Security log

Answer 5

Didnt work for me.

I created a new key and string value and managed to get it working

Key= HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\<Your app name>\
String EventMessageFile value=C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

Answer 6

Inaccessible logs: Security

A new event source needs to have a unique name across all logs including Security (which needs admin privilege when it's being read).

So your app will need admin privilege to create a source. But that's probably an overkill.

I wrote this powershell script to create the event source at will. Save it as *.ps1 and run it with any privilege and it will elevate itself.

# CHECK OR RUN AS ADMIN

If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{   
    $arguments = "& '" + $myinvocation.mycommand.definition + "'"
    Start-Process powershell -Verb runAs -ArgumentList $arguments
    Break
}

# CHECK FOR EXISTENCE OR CREATE

$source = "My Service Event Source";
$logname = "Application";

if ([System.Diagnostics.EventLog]::SourceExists($source) -eq $false) {
    [System.Diagnostics.EventLog]::CreateEventSource($source, $logname);
    Write-Host $source -f white -nonewline; Write-Host " successfully added." -f green;
}
else
{
    Write-Host $source -f white -nonewline; Write-Host " already exists.";
}

# DONE

Write-Host -NoNewLine 'Press any key to continue...';
$null = $Host.UI.RawUI.ReadKey('NoEcho,IncludeKeyDown');

Answer 7

For me just worked iisreset (run cmd as administrator -> iisreset). Maybe somebody could give it a try.

Answer 8

I recently experienced the error, and none of the solutions worked for me. What resolved the error for me was adding the Application pool user to the Power Users group in computer management. I couldn't use the Administrator group due to a company policy.

Answer 9

If you are performing a new install of the SenseNet TaskManagement website on IIS (from source code, not WebPI), you will get this message, usually related to SignalR communication. As @nicole-caliniou points out, it is due to a key search in the Registry that fails.

To solve this for SenseNet TaskManagement v1.1.0, first find the registry key name in the web.config file. By default it is "SnTaskWeb".

 <appSettings>
   <add key="LogSourceName" value="SnTaskWeb" />

Open the registry editor, regedit.exe, and navigate to HKLM\SYSTEM\CurrentControlSet\Services\EventLog\SnTask. Right-click on SnTask and select New Key, and name the key SnTaskWeb for the configuration shown above. Then right-click on the SnTaskWeb element and select New Expandable String Value. The name should be EventMessageFile and the value data should be C:\Windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll.

Keywords: signalr, sensenet, regedit, permissions

Answer 10

If you just want to sniff if a Source exists on the local machine but don't have ability to get authorization to do this, you can finger it through the following example (VB).

This bypasses the security error. You could similarly modify this function to return the LogName for the Source.

Public Shared Function eventLogSourceExists(sSource as String) as Boolean
    Try
        EventLog.LogNameFromSourceName(sSource, ".")
        Return True
    Catch
        Return False
    End Try
End Function

Answer 11

If you see a error message from Application source in the Event Viewer:

Unable to log .NET application events

Then there is a high chance that your app doesn't create the event log source at all, only uses it and since it's never found you need to create the source yourself. Here is a command to create the source in PowerShell:

New-EventLog -Source "AppName" -LogName "Application"