EventSource, manifests, EventViewer & WS 2008 R2

Question

I have a Microsoft.Diagnostics.Tracking.EventSource using Channel = EventChannel.Admin: the resulting manifest installs and works fine on the two W7 machines I've tried, but on 2008 R2, when I drill down in EventViewer, I get MMC snap-in errors, and I can see that the events are not 'recognised' ("The description blabla cannot be found...").

Strangely, if I uninstall the manifest, EventViewer can open the event file without exceptions (though still doesn't find the descriptions properly).

Is there something OS-specific about EventSource manifest files?

Any pointers of directions in which I should search?

Answer 1

User error, for a change :(

I even wrote it out right in the comment on Doug's answer:

"%windir%\System32\wevtutil.exe" im "%~dp0Manifest.man"
           /rf:"%~dp0Manifest.dll" /mf:"%~dp0Manifest.dll"

But that wasn't what I actually had in my batch file, where I forgot to put the full path in front of the .man file name.

Answer 2

The key question here is how you registered the manifest. Note that Event Viewer doesn't actually know how to read a manifest. When you use wevtutil to register a manifest, it mainly just adds registry keys. The registry keys are supposed to have the full path to a DLL, and the DLL is supposed to contain the compiled manifest data. If you didn't add the compiled manifest data to the DLL, or if you didn't provide the full path to the DLL when you registered the manifest, Event Viewer won't be able to find the data it needs.

Past versions of wevtutil haven't been very good about warning you when you do this incorrectly. I think newer versions (e.g. Windows 10) are getting better about it.