I am trying to deploy a .NET web application who's security is done using impersonation.
Writing to the eventlog works fine on my dev box (Win 2003 IIS6) but after putting the app on the live box (Win 2008 IIS7) i'm getting the following;
Access is denied [Win32Exception (0x80004005): Access is denied] [InvalidOperationException: Cannot open log for source 'MyApp'. You may not have write access.] System.Diagnostics.EventLog.OpenForWrite(String currentMachineName) +1815151 System.Diagnostics.EventLog.InternalWriteEvent(UInt32 eventID, UInt16 category, EventLogEntryType type, String strings, Byte rawData, String currentMachineName) +452 System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type, Int32 eventID, Int16 category, Byte rawData) +463 System.Diagnostics.EventLog.WriteEntry(String message, EventLogEntryType type) +30
The best help i've found on google has been; http://support.microsoft.com/default.aspx?scid=kb;en-us;323076 | http://msdn.microsoft.com/en-us/library/aa379570%28VS.85%29.aspx
The reference to; HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD confuses me as i don't have this in the registry key on the live box.
Even with impersonation it's possible that your app pool identity is used. Some apps RevertToSelf and don't honor the impersonation.
Process monitor from sysinternals will be your friend on this project. It's free and safe on a production server. Start it and reproduce the situation to get a capture. Then search for the word denied, or search for CustomSD or Eventlog. A pattern should emerge that will show which user is trying to gain access and how to grant that user access.
User contributions licensed under CC BY-SA 3.0