Re: Weird registry behavior when writing to custom event log

From: Joseph Bittman MCAD (RyanBittman_at_msn.com)
Date: 07/15/05 

Date: Fri, 15 Jul 2005 13:20:06 -0700

July 15, 2005

   What is your web application's name? The key in the registry actually
needs to be the Web Application's Name. So if I had a web site named
Cactidevelopers, that is the name I would have to use in the registry. I
couldn't just specify CactiDevelopers in the eventlog signature. (This is a
good reason to Not put spaces in your solution names and such.) Hope this
helps! :-) 

-- 
                 Joseph Bittman
Microsoft Certified Application Developer
Web Site: http://71.39.42.23
Static IP
"Michael Carr" <mcarr@umich.edu> wrote in message 
news:uG67tgXiFHA.1248@TK2MSFTNGP12.phx.gbl...
>I experienced the following strange behavior when trying to write to a 
>custom event log in an ASP.NET application (although the problem would 
>occur with any non-priviledged account)
>
> I created a custom event log named "MyCustomLog" and created a source 
> within it called "MyCustomLogSource" following the directions in 
> http://support.microsoft.com/Default.aspx?id=329291. For testing purposes, 
> I also created a source within Application called "MyApplicationSounce"
>
> From my ASP.NET app, I executed the following line of code and everything 
> works great:
>
> eventLog = new EventLog("Application", ".", "MyApplicationSource");
>
> However, when I execute the following I get an error:
>
> eventLog = new EventLog("MyCustomLog", ".", "MyCustomLogSource");
>
> The error is:
>
> Security Exception
> Description: The application attempted to perform an operation not allowed 
> by the security policy. To grant this application the required permission 
> please contact your system administrator or change the application's trust 
> level in the configuration file.
> Exception Details: System.Security.SecurityException: Requested registry 
> access is not allowed.
>
> Using RegMon I see the following access pattern:
>
> 7.01499081 aspnet_wp.exe:4512 EnumerateKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS
> 7.01502752 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS
> 7.01505136 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource 
> NOT FOUND
> 7.01506662 aspnet_wp.exe:4512 CloseKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS
> 7.01515818 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security ACCESS DENIED
>
> So it appears that what is happening is that System.Diagnostics is looking 
> through ALL of the event logs for the one that contains the 
> MyCustomLogSource source, even though I have clearly told it that it 
> exists within MyCustomLog. The only way to fix this problem is to give the 
> ASPNET user read access to the Security log, after which it works 
> correctly and I get the following registry trace:
>
> 2.66786623 aspnet_wp.exe:4512 EnumerateKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS
> 2.66789460 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS
> 2.66791654 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MyCustomLogSource 
> NOT FOUND
> 2.66792893 aspnet_wp.exe:4512 CloseKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application SUCCESS
> 2.66795588 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS
> 2.66797757 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security\MyCustomLogSource 
> NOT FOUND
> 2.66799212 aspnet_wp.exe:4512 CloseKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security SUCCESS
> 2.66874981 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS
> 2.66879916 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\MyCustomLogSource 
> NOT FOUND
> 2.66881847 aspnet_wp.exe:4512 CloseKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System SUCCESS
> 2.66885090 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog SUCCESS
> 2.66888428 aspnet_wp.exe:4512 OpenKey 
> HKLM\SYSTEM\CurrentControlSet\Services\EventLog\MyCustomLog\MyCustomLogSource 
> SUCCESS
>
> So, long story short, I was able to fix this problem by lowering my 
> registry security settings on the Security event log... not exactly the 
> best solution I think.
>
>    Michael Carr
>

Relevant Pages

  • Re: Windows Server 2003 SP2 Fails - Access is Denied (PLEASE HE
    ... I was not able to get the Process MOnitor running (it could not load the ... Seemed to me that one or more of your registry key do not have the ...
    (microsoft.public.windows.server.general)
  • Weird registry behavior when writing to custom event log
    ... I created a custom event log named "MyCustomLog" and created a source within ... Security Exception ... HKLM\SYSTEM\CurrentControlSet\Services\EventLog SUCCESS ... aspnet_wp.exe:4512 OpenKey ...
    (microsoft.public.dotnet.security)
  • Re: WMI Win32_PerfFormattedData hosed - how to fix?
    ... I have tried the items mentioned below with no success. ... net stop winmgmt and net start winmgmt ... wbemperf.dll or wmicookr.dll are in the registry. ... I had a whole huge list of keys. ...
    (microsoft.public.win32.programmer.wmi)
  • Re: JAVA JRE 1.6 läuft nur im Administratormodus
    ... NT\CurrentVersion\Image File Execution Options\java.exe NOT FOUND ... 3447 28.35712814 java.exe:3116 OpenKey ... HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: ... Access: 0x1 ...
    (de.comp.lang.java)
  • Re: GetStringValue silently fails
    ... I have only seen this problem with some registry values of type REG_SZ ... \NONREDIST SUCCESS Access: 0x1 ... Dim strValue ... Function ToHex(strLine) ...
    (microsoft.public.scripting.vbscript)