Problem accessing remote EventLog: Access Denied
- From: tango <tango@xxxxxxxxxxxxxxxx>
- Date: Wed, 18 Apr 2007 05:42:02 -0700
Hi,
I'm getting an error accessing a remote Event log in computers running
Windows 2000 Server in a customer but I'm unable to reproduce the problem in
my test machines.
We use the OpenEventLog API to connect to the remote EventLog and we get an
error 5: Access Denied error.
The environment is: Trying to connect from a computer running Windows 2000
to other computers running Windows 2000 (and some XP) in the same domains, in
other Domains and even stand-alone. The error is the same in all the cases.
They have defined a local user with the same password in all the computers.
These users are local administrators in all the computers.
Source Code we use: As this API is called from a Windows Service we need to
change the user profile to be used in the connection first, so the code is
something like:
LogonUser( User, Domain, password
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hToken ) )
ProfileInfo.dwSize = sizeof( PROFILEINFO );
ProfileInfo.lpUserName = strdup(lpszUserName);
ProfileInfo.lpProfilePath = NULL; ProfileInfo.lpDefaultPath = NULL;
ProfileInfo.lpServerName = NULL;
ProfileInfo.lpPolicyPath = NULL;
LoadUserProfile( hToken, &ProfileInfo ) )
ImpersonateLoggedOnUser(hToken))
And then we call the OpenEventLog. Is the OpenEventLog call when the error
is produced. It happens when connecting to any EventLog (Security,
Application or System)
As I said before, in my test machines everything works fine but I was using
Windows 2000 Professional in almost all the cases. I have done the test both
using a domain user (this should works always) and defining a local user,
with the same password, both in the local and remote computer. In all the
cases being Local Administrators and everything worked fine. I was only able
to reproduce the error when defining a different password in the remote
computer, when I removed the remote user from the Administrator group or some
obvious changes like that.
So it seems the problem is produced to some settings in their configurations.
Some questions:
- Do you see anything wrong in the code that could explain what is happening?
- Is there something I can look at the local or remote computer to get more
info about the reason for the "Access Denied" error. The event log does not
say anything and I don't now if there is any "trace" that I can activate.
- I have tried using in my machines the global "Security Policies" the
customer uses and everything worked fine. One comment: The customer uses
Windows 2000 Server, in my test I almost always used Windows 2000
Professional. Is there a "default" security setting different in both
systems that could explain what's happening?
- They say that even when our product does not work the Event Viewer does!.
In all my internal testings I was unable to make EventViewer to work when my
code didn't (and the other way round: when my code worked the EventViewer did
too)
- Any idea about what to look for??
Thanks very much in advance for any help!
.
- Follow-Ups:
- RE: Problem accessing remote EventLog: Access Denied
- From: "Jeffrey Tan[MSFT]"
- RE: Problem accessing remote EventLog: Access Denied
- Prev by Date: Lifetime of GINA dll on XP
- Next by Date: Re: Making a thread coexist with other threads
- Previous by thread: Lifetime of GINA dll on XP
- Next by thread: RE: Problem accessing remote EventLog: Access Denied
- Index(es):
Relevant Pages
|
