问题描述

我的服务器上的事件日志存在严重问题.正确，首先让我解释一下设置.

I am having a huge problem with the eventlog on my server. Right let me first of all explain the setup.

• 我有两台计算机的域设置
• 一台计算机正在运行IIS，另一台计算机是工作站. IIS在Win2k3工作站Win XP上运行.
• IIS计算机正在托管一个使用Windows模拟的网站，并尝试将事件日志条目记录到名为 MyApp 的自定义日志文件和自定义事件源 MySource
• 我有一个名为MyUser的域用户，该用户只是域用户的成员.
• 单点登录正在100％正常工作，因为我可以将登录的用户写到页面上.

• I have a domain setup with 2 computers
• One computer is running IIS the other is a workstation. The IIS is running Win2k3 the workstation Win XP.
• The IIS computer is hosting a website which uses Windows Impersonation and tries to log an entry to the eventlog for a custom log file called MyApp and a custom event source MySource
• I have a domain user called MyUser who is just a member of Domain Users.
• Single Sign On is working 100% because I can write out the logged in user to the page fine.

当我从工作站访问IIS页面时，收到以下消息之一(有时我收到第一条消息，有时收到第二条消息)

When I visit the IIS page from the workstation I get one of the following messages (sometimes I get the first sometimes the second)

1) The handle is invalid
2) Cannot open log for source 'MySource'. You may not have write access.

因此，为解决此问题，我尝试了以下所有操作:

So to try and fix this I have tried all of the following:

将Everyone用户的FullControl授予C:\ windows \ system32 \ config \ MyApp.evt文件

Granted the Everyone user FullControl to C:\windows\system32\config\MyApp.evt file

将每个用户的FullControl授予HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ EventLog

Granted the everyone user FullControl to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog

在键HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ EventLog \ MyApp \ CustomSD中，我附加了以下字符串(A ;; 0x0002 ;;; AU)，(其原因可以在此处阅读 http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html )

In the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp\CustomSD I appended the following string (A;;0x0002;;;AU), (the reason for this can be read here http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html)

我现在完全不知道如何解决此问题.有没有其他人遇到过这个，您是否尝试过其他任何事情.

I am now totally out of ideas of how to fix this. Has anyone else come across this and have you tried anything else.

推荐答案

好几个小时，我试图解决这个问题，但是似乎有一个可行的解决方案.

Well after many hrs of trying to solve this I appear to have a solution which works.

首先，我必须允许Authenticated Users组对事件日志进行写访问.我建议您先备份注册表，然后再继续.

First of all I had to allow the Authenticated Users group write access to the event log. I advice you backup your registry before continuing.

1. 运行注册表编辑器
2. 浏览到HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Eventlog
3. 打开与您要写入的EventLog匹配的子项(所以我将选择 Application )
4. 在右侧，您将看到注册表字符串，找到一个名为 CustomSD
的字符串.
5. 右键单击并进行修改.
6. 追加到末尾(A ;; 0x2 ;;; AU)(我将在后面解释)
7. 保存更改(我不知道是否需要重启)

1. Run regedit
2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
3. Open the subkey which matches the EventLog you are writing to (so I will pick Application)
4. On the right you will see the registry strings, locate one called CustomSD
5. Right click and modify it.
6. Append to the end (A;;0x2;;;AU) (I will explain this later)
7. Save the changes (I don't know if you need to reboot or not)

因此，这意味着经过身份验证的用户可以写入应用程序事件日志.我需要再进行一次更改.

So that will mean Authenticated Users can write to the Application event log. I needed to apply one more change.

1. 打开域GPO或本地计算机GPO
2. 导航到计算机配置">"Windows设置">安全设置">本地策略">用户权限">分配">管理审核和安全日志"
3. 转到其属性"窗口
4. 选择定义这些策略设置
5. 添加管理员组
6. 添加经过身份验证的用户组
7. 保存并为受影响的计算机执行gpupdate/force.

这是我允许我的网站用户写入事件日志的唯一方法.

That is the only way I could get it to allow my website users to write to the event log.

在第1部分的第6步中，我将解释我们添加的字符串.请查看此页面以获取更多详细信息 http://support.microsoft.com/kb/323076

I mentioned in part 1 step 6 I would explain the string we added. Please see this page for more details http://support.microsoft.com/kb/323076

这篇关于无法在Windows 2003 Server上打开源{0}的日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！