November 29th, 2010, 12:33 PM
ReportEvent not logging Username
I am writing a proof of concept Win32 console application to run on a Windows XP machine that will log messages to the event log of a Windows 2003 Server.
I have tried achieving this using the eventcreate.exe but I can't get this command to log the username of the user who made the call. It always seems to log "N/A" in the user field in Event Viewer when I run eventcreate.exe on the XP client but if I run the command on the server it works correctly. This is why I am trying to write a Win32 app to try to work round this.
I am calling LookupAccountName() to obtain the user's SID from a given username (the currently logged in user) and I pass this to the ReportEvent function. This all works and my events appear in the logs on the server however the username is still "N/A"! The call to LookupAccountName returns a SID (I used the ConvertSidToStringSid function to check it contains data).
Is there something I am missing? Is this even possible (I guess it must be because Clearcase manages to add a username to its entries in the Application log). Is there anything I can use to debug this problem? I guess the SID must be incorrect but I don't know how to determine what the value should be. Has anybody got the eventcreate.exe to populate usernames?
Oh and as aside I copied the eventcreate.exe and dll from 2003 to XP and this behaved differently to the standard XP version. It wrote the actual SID string to the username column. I guess this proves that the XP version is different to the 2003 version.
Any help would be much appreciated
Tags for this Thread
Click Here to Expand Forum to Full Width