Welcome to deBUG.to Community where you can ask questions and receive answers from Microsoft MVPs and other experts in our community.
0 like 0 dislike
11.4k views
in Programming by 27 29 37
edited by

In SharePoint 2016, I got this error "The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security." when trying to write an event log to a custom source in Visual Web Part using C# to be shown in Event Viewer.

The source was not found but some or all event logs could not be searched Inaccessible logs Security

I know it's mainly a security and permission issue related to the current web application pool service account, therefore, In Regedit, I tried to set the Full control to the Application Pool account at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application with no avail.

can't write an event log in event viewer using C#

I also tried to provide the full control permission to the Logs folder in Windows at this location C:\Windows\System32\winevt\Logs. But still, I can't write an event log entry to a custom source in Event Viewer.

Moreover, and besides the web application pool account, I granted the Network Service Account and IUSER the full control permission on the above locations (Registery, Logs folder).

Unfrothntly, still I can't check if the custom source exists or not to can write an entry with a custom source in Event Log Viewer using C# in SharePoint 2016 and I am still getting the same issue "The source was not found, but some or all event logs could not be searched.  Inaccessible logs: Security."

I am using the below C# code to check if the event viewer custom source or not in SharePoint Visual Web Part

if (!EventLog.SourceExists("WPLogs"))
      {
        EventLog.CreateEventSource("WPLogs", "MyLogs");
      }

How I can fix this security issue to can write an event log in Event Viewer in a specific custom source using C# in SharePoint Visual web part?


1 Answer

1 like 0 dislike
by 159 189 376
selected by
 
Best answer

Solving: The source was not found, but some or all event logs could not be searched.

To solve this error "The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.", you have three options as the following:

  1. Disable impersonation in web application web.config file (Valid for .NET and SharePoint solutions).
  2. Disable impersonation only when adding an entry to the event log in your code. (Valid for .NET and SharePoint solutions).
  3. Using SPSecurity.RunWithElevatedPrivileges (Valid only for SharePoint solutions).

1) Disable impersonation in web application web.config file

In SharePoint or event ASP.NET web application, to solve this security issue, you have to do the following:

  1. Make sure that you are opening the Visual Studio as Administrator. (Read also, Visual Studio This task requires the application to have elevated permissions)
  2. In the Web Application, open the web.config file, set the impersonate to false! at <identity impersonate="false" />
    impersonate in SharePoint web configuration file
  3. Try now, run your application to write an entry with a custom source in the event log that should be working properly!

Note: Although this solution is simple, it's not recommended especially with SharePoint!

2) Disable impersonation programmatically using C#

In the SharePoint web application, If you have tried to set disable impersonation by setting the impersonate to false in web.config file, you may face some error related to the full crawl search. (Read more at Error HRESULT E_FAIL has been returned from a call to a COM component).

So, in this case, you have to Disable impersonation programmatically using C# as below

//Define impersonationContext.
WindowsImpersonationContext impersonationContext;

//disable ASP.Net Impersonation.
impersonationContext = System.Security.Principal.WindowsIdentity.Impersonate(System.IntPtr.Zero);

 // write your code

// Enable impersonation using C#
impersonationContext.Undo();

The above code should be work for ASP.NET solutions as well as SharePoint solutions

3) Using SPSecurity.RunWithElevatedPrivileges

You can use the SPSecurity.RunWithElevatedPrivileges in your SharePoint solution to execute the specified method with Full Control rights even if the user does not otherwise have Full Control as the following:

  SPSecurity.RunWithElevatedPrivileges(delegate()
        {
            // add the code that you want to run with full control rights
        });

SPSecurity.RunWithElevatedPrivileges is only working for SharePoint solutions.

by 27 29 37
0 0
You save my day Mohamed Thank you ♥
If you don’t ask, the answer is always NO!
...