Description for event id from source cannot be found

Question

When I write a log into windows event log  I get the event below  what s the root cause of this message  and how can I fix it  Many Thanks     The description for Event ID 51001   from source RRWS cannot be found    Either the component that raises this   event is not installed on your local   computer or the installation is   corrupted  You can install or repair   the component on the local computer       If the event originated on another   computer  the display information had   to be saved with the event       The following information was included   with the event        test log messge      the message resource is present but   the message is not found in the   string message table

User · Answer

Use PowerShell to create your event log and source:

New-EventLog -LogName MyApplicationLog `
    -Source MySource `
    -MessageResourceFile C:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll

You'll need the messages dll to avoid the problem you are seeing.

User · Answer

If you open the Event Log viewer before the event source is created  for example while installing a service  you ll get that error message  You don t need to restart the OS  you simply have to close and open the event viewer   NOTE  I don t provide a custom messages file  The creation of the event source uses the default configuration  as shown on Matt s answer

User · Answer

How about a real world solution   If all you need is a  quick and dirty  way to write something to the event log without registering  custom sources   requires admin rights   or providing  message files   requires work and headache  just do this   EventLog WriteEntry        NET Runtime     magic      Your error message goes here         EventLogEntryType Warning      1000     magic   This way you ll be writing to an existing  Application  log without the annoying  The description for Event ID 0 cannot be found   If you want the  magic  part explained I blogged about it here

User · Answer

I got this error after creating an event source under the Application Log from the command line using  EventCreate    This command creates a new key under  HKEY LOCAL MACHINE SYSTEM CurrentControlSet Services Eventlog Application  If you look at the Key that s been created  e g  SourceTest  there will be a string value calledEventMessageFile  which for me was set to  SystemRoot  System32 EventCreate exe   Change this to c  WINDOWS Microsoft NET Framework v2 0 50727 EventLogMessages dll  Delete theCustomSource and TypesSupported values   This should stop the  The description for Event ID      message

User · Answer

I also faced similar problem  After doing lot of research I did following  I verified the steps according to this article http   www codeproject com Articles 4166 Using-MC-exe-message-resources-and-the-NT-event-lo Everything seemed to be in place  Except one thing  i realised it when I stumbled on this msdn http   msdn microsoft com en-us library windows desktop aa363661 v vs 85  aspx  As last paragraph says    If the application calls RegisterEventSource and passes a source name that cannot be found in the registry  the event-logging service uses the Application log by default  However  because there are no message files  the Event Viewer cannot map any event identifiers or event categories to a description string  and will display an error  For this reason  you should add a unique event source to the registry for your application and specify a message file   So my application name in RegisterEventSource was not matching with the application name in registry  I fixed this and now it works    So please double check your registry entries if you face this problem

User · Answer

This is usually caused by a program that writes into the event log and is then uninstalled or moved

User · Answer

For me  the problem was that my target profile by accident got set to   Net Framework 4 Client profile   When I rebuilt the service in question using the   Net Framework 4   the problem went away

User · Answer

Restart your system   A friend of mine had exactly the same problem  He tried all the described options but nothing seemed to work  After many studies  also of Microsoft s description  he concluded to restart the system  It worked    It seems that the operating system does not in all cases refresh the list of registered event sources  Only after a restart you can be sure the event sources are registered properly

User · Answer

I also stumbled on this - although caused by yet another possibility  the event identifier  which was  obfuscated  in a  define  was setting severity to error  the two high-order bits as stated in Event Identifiers   As Event Viewer displays the event identifier  the low-order 16 bits   there couldn t be a match     For reference  I ve put together a set of tips based in my own research while troubleshooting and fixing this    If your log entry doesn t end with  the message resource is present but the message is not found in the string message table   as opposed to the original question     Means that you re missing registry information Double-check event source name and registry keys  If you need to add edit registry information  remember to    Restart Event Viewer  as stated in item 6 of KB166902 and also by  JotaBe  If it doesn t help  restart Windows Event Log EventLog service  or restart the system  as hinted by  BrunoBieri    If you don t wish to create a custom DLL resource  mind that commonly available event message files have some caveats    They hold a large array of identifiers which attempts to cover most cases    NET EventLogMessages dll  as hinted by  Matt  goes up to 0xFFFF Windows EventCreate exe  only  goes up to 0x3E9  Every entry contains  1   That means that only the first string will be displayed All strings passed to ReportEvent can still be inspected by looking into event details  select the desired event  go to Details tab and expand EventData    If you re still getting  cannot be found  in your logged events  original question     Double-check event identifier values being used  in my case it was the Qualifiers part of the event identifier  Compare event details  select the desired event  go to Details tab and expand System  with a working example

User · Answer

Improving on the answer by  Alex  I suggest the following               using  EventLog eventLog   new EventLog  Application                                    You cannot be sure if the current identity has permissions to register the event source                  try                                       if  System Web HttpRuntime AppDomainAppId    null                                                eventLog Source   System Web HttpRuntime AppDomainAppId                                            else                                               eventLog Source   Process GetCurrentProcess   ProcessName                                                          catch  SecurityException                                        eventLog Source    Application                                      eventLog WriteEntry  Log message example   EventLogEntryType Information  1000                   It is important here not to specify category parameter  If you do  and this is the same for the  NET Runtime so-called magic  the     The description for Event ID  lt      from source  lt      cannot be found    is going to appear

User · Answer

You need to create an event source and a message file for it  Code looks something like this   var data   new EventSourceCreationData  yourApp    Application    data MessageResourceFile   pathToYourMessageFile  EventLog CreateEventSource data     Then you will need to create a message file  There is also this article that explains things  I did not read it all but it seems fairly complete

[.net] Description for event id from source cannot be found

Examples related to .net

Examples related to windows

Examples related to event-log