I am writing a proof of concept Win32 console application to run on a Windows XP machine that will log messages to the event log of a Windows 2003 Server.
I have tried achieving this using the eventcreate.exe but I can't get this command to log the username of the user who made the call. It always seems to log "N/A" in the user field in Event Viewer when I run eventcreate.exe on the XP client but if I run the command on the server it works correctly. This is why I am trying to write a Win32 app to try to work round this.
I am calling LookupAccountName() to obtain the user's SID from a given username (the currently logged in user) and I pass this to the ReportEvent function. This all works and my events appear in the logs on the server however the username is still "N/A"! The call to LookupAccountName returns a SID (I used the ConvertSidToStringSid function to check it contains data).
Is there something I am missing? Is this even possible (I guess it must be because Clearcase manages to add a username to its entries in the Application log). Is there anything I can use to debug this problem? I guess the SID must be incorrect but I don't know how to determine what the value should be. Has anybody got the eventcreate.exe to populate usernames?
Oh and as aside I copied the eventcreate.exe and dll from 2003 to XP and this behaved differently to the standard XP version. It wrote the actual SID string to the username column. I guess this proves that the XP version is different to the 2003 version.
Definitely it is. You are missing that the SID identifies the user in your XP, but server knows nothing about it as it has it's own user identification. SID is a system-wide id, but not world-wide.
Is there another way for "user1" logged into a domain on an XP client to log messages to the event log on a Windows 2003 server (the dc) whilst populating the User column (so that the event can be attributed to the user that caused it to be logged?
In domain environment any user is identified by the pair DOMAIN_NAME\USER_NAME. In case of local user (or user belonging to workgroup) the machine name is used as domain name.
ReportEvent not logging Username
Reply With Quote
Bookmarks