ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND with Windows EWT

Question

I am attempting to print a very simple log to Windows event viewer. When I call EventWrite() in my .cpp file, I get error code 15003 ERROR_EVT_EVENT_TEMPLATE_NOT_FOUND in the event viewer and my message is not displayed. I think the problem that I am having is that the .rc file that is generated when I compile my manifest is not being compiled along with the project even though I have dragged it into the resource folder in the solution explorer.

When I registered my manifest with wevtutil.exe I get the following warning: Publisher ExampleProvider resources are not accessible.When I ask for details on this error, I receive this output: Failed to open metadata for publisher ExampleProvider. Access is denied.

I have already looked at Access is denied while register provider (wevtutil) and it did not resolve the issue.

Answer 1

I figured out that it was a permission issue just like in Access is denied while register provider (wevtutil). I corrected this by placing my project at the root of my C drive.

Answer 2

You can easily verify whether your .rc file is compiled correctly into your project by opening your compiled .dll or .exe file in Visual Studio. Go to File->Open->File and open your executable or library. Now check whether you can see the compiled ETW resource file. In my project it is in the folder "WEVT_TEMPLATE". If you do not see it in your binary, then you likely have not compiled it into your binary. To do this, add your .rc to your project (Choose add resource).

A sidenote: Please also verify that the ResourceFileName and messageFileName in your Manifest file point correctly to your lib or executable.

After running the registration command in a command prompt.

wevtutil im yourProvider.man

You can inspect your provider registration as well as possible errors by running the following command afterwards:

wevtutil gp yourProvider

Hope that helps.