Access denied logging to event log on Windows Server 2003

Were using the microsoft exception management application block to log .NET
exceptions from an ASP application to the event log. However on Windows
Server 2003 were getting an access denied error which is outlined below.

As per other recommendations I've done the following

1) Made sure the relevant event log sources are created at installation time
and not runtime i.e. using InstalUtil on the assembly.
2) Used reg mon and file mon to monitor security activity. I didn't see any
obvious access denied or failure type events being raised at the time of the
error
3) Changed the identify of the default application pool used for the ASP
application using all available options e.g. network service, local service,
local system and the IWAM account.

Any help would be much appreciated.

*********************************************
Exception Type: System.InvalidOperationException
Message: Cannot open log for source {0}. You may not have write access.
TargetSite: Void OpenForWrite()
HelpLink: NULL
Source: System

StackTrace Information
*********************************************
at System.Diagnostics.EventLog.OpenForWrite()
at System.Diagnostics.EventLog.WriteEvent(Int32 eventID, Int16 category,
EventLogEntryType type, String[] strings, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category, Byte[] rawData)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID, Int16 category)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type, Int32 eventID)
at System.Diagnostics.EventLog.WriteEntry(String source, String message,
EventLogEntryType type)
at
Tranmit.ApplicationBlocks.ExceptionManagement.DefaultPublish er.WriteToLog(String
entry, EventLogEntryType type)
at
Tranmit.ApplicationBlocks.ExceptionManagement.DefaultPublish er.Publish(Exception
exception, NameValueCollection additionalInfo, NameValueCollection
configSettings)
at
Tranmit.ApplicationBlocks.ExceptionManagement.ExceptionManag er.PublishInternalException(Exception
exception, NameValueCollection additionalInfo)
at
Tranmit.ApplicationBlocks.ExceptionManagement.ExceptionManag er.Publish(Exception
exception, NameValueCollection additionalInfo)
at
Tranmit.ApplicationBlocks.ExceptionManagement.ExceptionManag er.Publish(Exception
exception)
at
Tranmit.Sprinter.Import.SprinterEntityImport.SprinterDocumen tImport.Start(IJob
context, XmlNode jobStepConfigurationNode)
at
Tranmit.Sprinter.Import.SprinterDocumentImport.Interop.Sprin terDocumentImportFactory.StartImport(DocumentType
documentType, DocumentStatus startStatus)

3) Exception Information
*********************************************
Exception Type: System.ComponentModel.Win32Exception
NativeErrorCode: 5
ErrorCode: -2147467259
Message: Access is denied
TargetSite: NULL
HelpLink: NULL
Source: NULL

Re: Access denied logging to event log on Windows Server 2003

Matt wrote on Wed, 19 Apr 2006 13:22:17 +0100:

>
> Were using the microsoft exception management application block to log
> .NET exceptions from an ASP application to the event log. However on
> Windows Server 2003 were getting an access denied error which is outlined
> below.
>
> As per other recommendations I've done the following
>
> 1) Made sure the relevant event log sources are created at installation
> time and not runtime i.e. using InstalUtil on the assembly.
> 2) Used reg mon and file mon to monitor security activity. I didn't see
> any obvious access denied or failure type events being raised at the time
> of the error
> 3) Changed the identify of the default application pool used for the ASP
> application using all available options e.g. network service, local
> service, local system and the IWAM account.

I had the same thing, but I can't remember exactly how I fixed it. I think
it was something to do with adjusting group policy to allow the identities
that IIS is running under for each site to have write permissions to the
event log. I'll keep digging and try to find the instructions I used a
couple of months ago when I got my server handling this correctly (albeit
using ASP and CGI rather than ASP.NET).

Dan

Re: Access denied logging to event log on Windows Server 2003

Daniel wrote to Matt Adamson on Wed, 19 Apr 2006 14:26:24 +0100:

> Matt wrote on Wed, 19 Apr 2006 13:22:17 +0100:
>
>> Were using the microsoft exception management application block to log
>> .NET exceptions from an ASP application to the event log. However on
>> Windows Server 2003 were getting an access denied error which is outlined
>> below.
>>
>> As per other recommendations I've done the following
>>
>> 1) Made sure the relevant event log sources are created at installation
>> time and not runtime i.e. using InstalUtil on the assembly.
>> 2) Used reg mon and file mon to monitor security activity. I didn't see
>> any obvious access denied or failure type events being raised at the time
>> of the error 3) Changed the identify of the default application pool used
>> for the ASP application using all available options e.g. network service,
>> local service, local system and the IWAM account.
>
> I had the same thing, but I can't remember exactly how I fixed it. I think
> it was something to do with adjusting group policy to allow the identities
> that IIS is running under for each site to have write permissions to the
> event log. I'll keep digging and try to find the instructions I used a
> couple of months ago when I got my server handling this correctly (albeit
> using ASP and CGI rather than ASP.NET).
>
> Dan

http://support.microsoft.com/default.aspx?scid=kb;en-us;3230 76

Basically, you need to create SDDL entries to allow the appropriate accounts
write access to the application event log.

Dan