I am writing a proof of concept Win32 console application to run on a Windows XP machine that will log messages to the event log of a Windows 2003 Server.

I have tried achieving this using the eventcreate.exe but I can't get this command to log the username of the user who made the call. It always seems to log "N/A" in the user field in Event Viewer when I run eventcreate.exe on the XP client but if I run the command on the server it works correctly. This is why I am trying to write a Win32 app to try to work round this.

I am calling LookupAccountName() to obtain the user's SID from a given username (the currently logged in user) and I pass this to the ReportEvent function. This all works and my events appear in the logs on the server however the username is still "N/A"! The call to LookupAccountName returns a SID (I used the ConvertSidToStringSid function to check it contains data).

Is there something I am missing? Is this even possible (I guess it must be because Clearcase manages to add a username to its entries in the Application log). Is there anything I can use to debug this problem? I guess the SID must be incorrect but I don't know how to determine what the value should be. Has anybody got the eventcreate.exe to populate usernames?

Oh and as aside I copied the eventcreate.exe and dll from 2003 to XP and this behaved differently to the standard XP version. It wrote the actual SID string to the username column. I guess this proves that the XP version is different to the 2003 version.

Any help would be much appreciated