Can't read remote system event log

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Paul Roberts (paulroberts_at_bobos.demon.co.uk)
Date: 09/30/04 

Date: Thu, 30 Sep 2004 16:23:07 +0100

My app is having trouble reading the system and security logs from some
servers across a network. There are no errors being reported, it's just
that the enumeration comes back with no records. I've had the user run
WBEMTEST, and it gets records without problems.

My app works fine with application logs over the network, and will get
system and security logs when running locally on the server(s) in
question. I'm unable to duplicate the same behaviour on my in-house test
PC running the same OS (W2k server) and service pack (SP4).

I'd really appreciate it if someone could give me advice on how to
troubleshoot this. I don't have access to the client's site so
everything has to be done over the phone and via new releases of my app.

Here's a quick summary of what I'm doing:

1. Call CoInitializeSecurity (details below)
2. Make sure I've got SeSecurity privilege.
3. Create the WBEMLocator and call connect server
4. Call CoSetProxyBlanket (details below) on the resulting proxy
5. Call ExecQuery with "SELECT * FROM Win32_NTLogEvent WHERE
Logfile='Security'"
6. Call CoSetProxyBlanket on the resulting enumerator proxy

OK, so here's my call to CoInitializeSecurity:
CoInitializeSecurity(NULL,-1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL)

And for the call to CoSetProxyBlanket I'm filling out a COAUTHIDENTITY then:

::CoSetProxyBlanket(pProxy, RPC_C_AUTHN_DEFAULT, RPC_C_AUTHZ_DEFAULT,
NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, &coauthID,
EOAC_NONE)

Any ideas?

Relevant Pages

  • Cannot read sys/sec event logs via WMI
    ... My app is having trouble reading the system and security logs from some ... My app works fine with application logs over the network, ... PC running the same OS (W2k server) and service pack. ...
    (microsoft.public.win32.programmer.wmi)
  • Re: SharePoint Services
    ... IT does not support our Access app explicitly as the app is considered ... The app is a 'split' mde with only the BE sitting on the network ... server will work to speed up the app. ... As I stated moving the backend data to SQL server will usually slow it ...
    (comp.databases.ms-access)
  • RE: [fw-wiz] Sources for Extranet Designs?
    ... network guys work the network, the app guys work the app and no where do ... other databases on that server" that is where I think the app guys have to ... Hardening Network Infrastructure - A concise how to guide ...
    (Firewall-Wizards)
  • Re: Invalid Seek Offset continued...
    ... Well shifting to MS SQL will be a very very big step. ... > As Aashish mentioned, network cards drivers may be causing this problem, I ... > also see this error a lot at one customer where the server RAID Controller ... >>> We are deploying a VFP8 app to several beta sites to replace an FPW ...
    (microsoft.public.fox.programmer.exchange)
  • Re: .NET new executable
    ... Since there is no network access avaialble, I want to send my app to each ... then you update the data into database. ... I do not have access to a web server, that is why I want a Windows ...
    (microsoft.public.dotnet.general)