Windows 10 Event Viewer HttpLog Error

Hi,

On my Windows 10 System, in Event Viewer when I try to enable HTTPLog (under Application and Services Logs, There is a folder for "HttpLog"), I get the following error (in the Event Viewer)

The event logging service encountered an error (5) while enabling publisher {c42a2738-2333-40a5-a32f-6acc36449dcc} to channel Microsoft-Windows-HttpService/Log. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Does anyone know how I can grant "enable permissions" to the Event Log service identity, as this error message suggests?

James Pedersen

Folks, any suggestions here?

In an elevated Powershell Prompt.

Verify if the Publisher is secured with ETW:

Code:

Get-EtwTraceProvider -Name "{c42a2738-2333-40a5-a32f-6acc36449dcc}" | Select-Object IsEnabled, ControlCode, ProviderSecurityDescriptor

If indeed ETW is the security provider.

Grant enable on the event viewer entity:

Code:

Set-EtwTraceProvider -Name "{c42a2738-2333-40a5-a32f-6acc36449dcc}" -EnableProviderSecurity -ControlCode 0 -SecurityDescriptor $([System.Security.SecurityElement]::new("CONTROL_ACCESS_RIGHTS",{IdentityReference="$([Security.Principal.WellKnownSid::LocalSystem])"; AceType="Allow"; AceFlags="0"; Mask="ENABLE";})

PS C:\WINDOWS\system32> Get-EtwTraceProvider -Name "{c42a2738-2333-40a5-a32f-6acc36449dcc}" | Select-Object IsEnabled, ControlCode, ProviderSecurityDescriptor
Get-EtwTraceProvider : A parameter cannot be found that matches parameter name 'Name'. At line:1 char:22
+ Get-EtwTraceProvider -Name "{c42a2738-2333-40a5-a32f-6acc36449dcc}" | ... + ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-EtwTraceProvider], ParameterBindingException + FullyQualifiedErrorId : NamedParameterNotFound,Get-EtwTraceProvider PS C:\WINDOWS\system32>

PS C:\WINDOWS\system32> Get-EtwTraceProvider -Guid "{c42a2738-2333-40a5-a32f-6acc36449dcc}"
Get-EtwTraceProvider : Failed to open autologger configuration in the registry. RegOpenKeyEx failed with error 0x5.
At line:1 char:1
+ Get-EtwTraceProvider -Guid "{c42a2738-2333-40a5-a32f-6acc36449dcc}"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_EtwTraceProvider:ROOT\Microsoft\...twTraceProvider) [Get-EtwTraceProvider], CimException
+ FullyQualifiedErrorId : MI RESULT 1,Get-EtwTraceProvider

- - - Updated - - -

In fact, when I simply call "Get-EtwTraceProvider" with no options in a elevated powershell prompt, I also get the error (after the command returns information about some autologgers):

Get-EtwTraceProvider : Failed to open autologger configuration in the registry. RegOpenKeyEx failed with error 0x5.
At line:1 char:1
+ Get-EtwTraceProvider
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_EtwTraceProvider:ROOT\Microsoft\...twTraceProvider) [Get-EtwTraceProvider], CimException
+ FullyQualifiedErrorId : MI RESULT 1,Get-EtwTraceProvider

What does this error mean? It's kind of unbelievable that a simple command like "Get-EtwTraceProvider" would fail like this....

Any suggestions?

In Powershell [admin ],run ---dism /online /cleanup-image /restorehealth --- and when finished,run ---sfc /scannow ---until a clean report is given.
Are there any reports in Reliability History ? To access it,start typing ---reliability ---in the Search box.
The reason for dism and sfc is to clean up any damaged files,