locked
Enable IIS-Confguration Event Log through Registry key changes RRS feed

  • Question

  • User681497219 posted

    Hi there,

    I need to enable IIS-Confguration Event Log (Event Viewer\Applications and Services Logs\Microsoft\IIS-Configuration, Operational) programmaticlly using C#. And I found that the registry key controls this setting is:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-IIS-Configuration/Operational

    "Enabled"=dword:00000001

    When I modify this key value, I can see that the Event Viewer's value changes correctlly. But unlike changing the setting from Event Viewer manually, no events appear in the log when I test it. Looks like that there is more needs to be done than just the one registry setting. How should I do this?

    I found an old thread opened 2 years ago with the same issue but without an answer to it:

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/c658fb1d-0fc0-444f-a0b1-c06d413488bf/enable-iis75-eventlog-via-gpo?forum=winserverGP

    Any input is highly appreciated

    Friday, April 18, 2014 6:01 PM

All replies

  • User212506688 posted

    Hi,

    I am not 100% certain about this setting, but many changes to the Registry required at least a restart of the application pool.  Others require an IIS Restart, an HTTP recycle or even a reboot.

    HTH, Benjamin

    Wednesday, May 14, 2014 9:52 AM
  • User-1939905867 posted

    Rather than editing the registry directly, you can run a process to make the change:

    wevtutil.exe sl "Microsoft-IIS-Configuration/Operational" /e:true

    There may even be an API for this, but I always use wevtutil.exe

    Monday, June 22, 2015 11:03 AM
  • User209056392 posted

    a restart of the application pool.  Others require an IIS Restart, an HTTP recycle or even a reboot.

    Hi Benjamin,

    I have the similar issue on Windows Server 2016 and I restarted and rebooted the services and the machine but there is no Change!

    Every time I call the "IIS-Configuration/Operational"-Log I get the following message:

    "Event Viewer cannot open the Event log or custom view. Verify that Event Log Service is running or query is too long.

    The instance name passed was not recognized as valid by a WMI data providor (4201)"

    The Workaround is to disable an enable the Operational-Log again, than it is possible to view log-entries.

    But what is the difference and how can I reliability set the Operational-Log functional via GPO?

    Looking Forward to hear something new to this topic.


    Marcus

    Wednesday, October 10, 2018 11:46 AM