无法在 Windows 2003 Server 上打开源 {0} 的日志

发布于 2024-08-26 01:08:53 字数 1092 浏览 14 评论 0原文

我的服务器上的事件日志存在巨大问题。首先让我解释一下设置。

  • 我有一个包含 2 台计算机的域设置,
  • 其中一台计算机运行 IIS,另一台计算机是工作站。 IIS是运行Win2k3的工作站Win XP。
  • IIS 计算机正在托管一个使用 Windows 模拟的网站,并尝试在事件日志中记录名为 MyApp 的自定义日志文件和自定义事件源 MySource 的条目
  • 。称为 MyUser 的域用户,他只是域用户的成员。
  • 单点登录工作 100%,因为我可以将登录用户写入页面。

当我从工作站访问 IIS 页面时,我收到以下消息之一(有时我收到第一条消息,有时是第二条消息)

1) The handle is invalid
2) Cannot open log for source 'MySource'. You may not have write access.

因此,为了尝试解决此问题,我尝试了以下所有操作:

将Everyone用户完全控制权授予 C:\windows \system32\config\MyApp.evt 文件

授予每个人用户 FullControl 到 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog

在键 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp\CustomSD 我附加了以下字符串 (A;;0x0002 ;;;AU),(其原因可以在此处阅读 http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html

我现在完全出局了如何解决这个问题的想法。有其他人遇到过这种情况吗?您尝试过其他方法吗?

I am having a huge problem with the eventlog on my server. Right let me first of all explain the setup.

  • I have a domain setup with 2 computers
  • One computer is running IIS the other is a workstation. The IIS is running Win2k3 the workstation Win XP.
  • The IIS computer is hosting a website which uses Windows Impersonation and tries to log an entry to the eventlog for a custom log file called MyApp and a custom event source MySource
  • I have a domain user called MyUser who is just a member of Domain Users.
  • Single Sign On is working 100% because I can write out the logged in user to the page fine.

When I visit the IIS page from the workstation I get one of the following messages (sometimes I get the first sometimes the second)

1) The handle is invalid
2) Cannot open log for source 'MySource'. You may not have write access.

So to try and fix this I have tried all of the following:

Granted the Everyone user FullControl to C:\windows\system32\config\MyApp.evt file

Granted the everyone user FullControl to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog

In the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp\CustomSD I appended the following string (A;;0x0002;;;AU), (the reason for this can be read here http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html)

I am now totally out of ideas of how to fix this. Has anyone else come across this and have you tried anything else.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

甚是思念 2024-09-02 01:08:53

正如您似乎已经发现的那样,该错误与写入事件源或创建事件源有关。我建议您尝试以下操作。

您没有指出事件源是否存在于注册表中,也没有指出系统创建的 .evt 文件是否存在,或者您是否将它们放在计算机上,因此很难确定您被困在哪一点。

您也没有提到这是否适用于某些开发人员的计算机,在这种情况下,您可以比较注册表,甚至在必要时手动创建密钥。

  1. 查看 ...\Eventlog 下是否已创建日志密钥(MyApp?)。
  2. 查看 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp。
    应该有一个名为 Sources 的键。你的来源出现在这里吗?

如果这些条目不存在,则错误是您的用户没有创建自定义日志和源的权限。

在错误消息中,它应指示 ThreadIdentity 参数,该参数应指示它尝试使用哪个用户帐户来执行此操作。您还可以打开 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog 的权限并查询该特定用户的“有效权限”,以确保其有效地真正具有完全控制权。

尝试授予对整个目录 C:\windows\system32\config\ 的完全控制权,而不仅仅是 .evt 文件,因为系统还需要在此处创建一些其他文件。

最后,您可以尝试启用对网站的匿名访问,并以计算机/域管理员用户身份运行一次,以便在将其设置回您喜欢的方式之前创建所有密钥。您还可以尝试在 web.config 文件中启用模拟,以确保它不会在没有 Windows 标识的情况下运行。一旦创建了正确的密钥和文件,您就应该能够撤消这些操作。

让我们知道您在此之后发现了什么,我们可以进一步采取行动。

The error, as you seem to have found already, relates to writing to event sources or creating them. I would suggest you try the following.

You did not indicate if the event source exists in the registry or weather the .evt files ware created by the system or if you put them on the machine, so it is hard to determine at which point you are stuck.

You also did not mention if this works on some developer's machine, in which case you can compare the registries and even create the keys manually if you have to.

  1. Have a look under ...\Eventlog if a key for your log has been created (MyApp?).
  2. Have a look in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp.
    There should be a key called Sources. Does your source appear in here?

If these entries do not exist the error is that your user does not have permissions to create the custom log and source.

In the error message it should indicate a ThreadIdentity parameter, which should indicate which user account it is attempting to use to do this. You can also open the permissions to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog and query the "Effective Permissions" for this particular user to ensure it effectively really has full control.

Try granting full control to the entire directory C:\windows\system32\config\ and not just the .evt file as the system needs to create some additional files here as well.

Lastly you can try and enable anonymous access to the website and run it as the machine/Domain administrator user once so all the keys get created before setting it back to the way you like it. You could also try enabling impersonation in the web.config file to ensure that it is not running without a windows identity. These ones you should all be able to undo once the correct keys and files have been created.

Let us know what you find after this and we can take it further.

懵少女 2024-09-02 01:08:53

经过几个小时的尝试解决这个问题,我似乎有了一个有效的解决方案。

首先,我必须允许经过身份验证的用户组对事件日志进行写访问。我建议您在继续之前备份注册表。

  1. 运行 regedit
  2. 浏览到 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
  3. 打开与您正在写入的 EventLog 匹配的子项(因此我将选择 Application
  4. 在右侧,您将看到注册表字符串,找到一个叫做CustomSD
  5. 右键单击并修改它。
  6. 附加到末尾(A;;0x2;;;AU)(我稍后会解释这一点)
  7. 保存更改(我不知道是否需要重新启动)

这样这意味着经过身份验证的用户可以写入应用程序事件日志。我需要再进行一项更改。

  1. 打开域 GPO 或本地计算机 GPO
  2. 导航到计算机配置 > Windows 设置 >安全设置>地方政策>用户权利>作业>管理审核和安全日志
  3. 转到其属性窗口
  4. 选择定义这些策略设置
  5. 添加管理员组
  6. 添加经过身份验证的用户组
  7. 保存并为受影响的计算机执行 gpupdate /force。

这是我允许我的网站用户写入事件日志的唯一方法。

我在第 1 部分第 6 步中提到我将解释我们添加的字符串。请参阅此页面了解更多详细信息http://support.microsoft.com/kb/323076

Well after many hrs of trying to solve this I appear to have a solution which works.

First of all I had to allow the Authenticated Users group write access to the event log. I advice you backup your registry before continuing.

  1. Run regedit
  2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
  3. Open the subkey which matches the EventLog you are writing to (so I will pick Application)
  4. On the right you will see the registry strings, locate one called CustomSD
  5. Right click and modify it.
  6. Append to the end (A;;0x2;;;AU) (I will explain this later)
  7. Save the changes (I don't know if you need to reboot or not)

So that will mean Authenticated Users can write to the Application event log. I needed to apply one more change.

  1. Open the Domain GPO or local computer GPO
  2. Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights > Assignments > Manage auditing and security log
  3. Go to its Properties window
  4. Select Define these policy settings
  5. Add the Administrator group
  6. Add the Authenticated Users group
  7. Save and do a gpupdate /force for the affected computer.

That is the only way I could get it to allow my website users to write to the event log.

I mentioned in part 1 step 6 I would explain the string we added. Please see this page for more details http://support.microsoft.com/kb/323076

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文