Click here to Skip to main content
15,895,256 members
Search within:


The message resource is present but the message is not found in the string/message table
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
.NET
event
Hi, everyone!

I hope you will help me...

Here is my problem:

There is a event provider called "Service Control Manager" under System event log. It's EventMessageFile is %SystemRoot%\system32\services.exe. It contains an event with id = 7036 and this event is "The %1 service entered the %2 state". You can generate it very simple by stopping or running any services in services.msc.

All that I want is to write that event to System event log by myself.

Here is my simple logging code:


using System;
using System.Diagnostics;
using System.Diagnostics.Eventing;

class MySample
{
 
 public static void Main()
 {
  
  EventLog myNewLog = new EventLog("System", ".", "Service Control Manager");
  
  myNewLog.WriteEntry("Test",EventLogEntryType.Information, 7036);
 }
}



I run the application with "Run as administrator". Event was written to System log with right event id, source, etc. But the description was "the message resource is present but the message is not found in the string/message table" insted of "The Test service entered the %2 state".



What is my mistake?
Posted
Add a Solution

2 solutions

The registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\EventLog\EventMessageFile points to a file that contains valid sources, messages and IDs.

The OS enumerated its known sources for event messages and didn't find one that matched your entry, so it returned the message that you see.

Like it says, "the message resource is present but the message is not found in the string/message table". :)
 
Share this answer
 
Posted
Comments
RedAlertist 19-May-11 9:19am    
Wait... The OS enumerated its known sources for event message, but "Service Control Manager" is a source for that message. And I've created an EventLog class from the name of "Service Control Manager", operation was successfull and it means in terms of WinAPI that I got a handle to System log. And getting the handle to eventlog means that OS found the source that I've passed as parameter (in my case it's "Service Control Manager"). So the source is valid. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Service Control Manager\EventMessageFile says that messages are stored in %SystemRoot%\system32\services.exe. All things that are needed to write to eventlog available and valid.
I had the same problem, but it is not something wrong.
I used the command "eventcreate" (that is, from the command prompt (cmd)) with the parameter "/ID 1" to create the event source.
I thought that was enough, so one does not get problem with access right to create the event source.

But there is one more thing - "createevent" creates one event, and then you have to use that event id you specified for /ID when you call .WriteEntry.
If you use one of the overloaded methods for .WriteEntry which does not take an event id parameter, the event gets logged with eventid = 0, and you cannot use createevent to create an event with id = 0.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 26 Jan 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900