Forum Discussion
Windows 11 wevtutil cannot render (system) messages
Our application reads from the Windows Event log and formats/renders events with the "EvtFormatMessage" function (flags argument is "EvtFormatMessageXml", hPublisher is set with a handle received from EvtOpenPublisherMetadata()).
We tried out our application on the new Windows 11 OS, and for some events in the Application log our application sees the following error:
error='The system cannot find message text for message number 0x%1 in the message file for %2.\x0d\x0a'
The event were created from command line with "eventcreate" program, but most event sources cause this error:
eventcreate /T SUCCESS /L APPLICATION /ID 1 /D "eventcreate okay"
We checked with Event Viewer and it doesn't print any error, however the command line utility "wevtutil" cannot format any events from the Application log:
wevtutil qe Application /f:renderedxml /rd
Failed to render events. Error=317
Failed to render events. Error=13
Wevtutil command can read the events from the given log, if the flag /f:text is used.
Can you help us determine the root cause of the wevtutil issue?
Both our application and wevtutil with renderedxml flag works on windows 10 version.
Used Windows version: Windows 11 Pro, Version: 21H2, OS build: 220000.100
We checked wevtutil with elevated prompt (run as administrator) as well.
1 Reply
- I give it a like, like I don't need to know the particularities to this problem but I suspect there are different starters that I think, not sure, is all about making core isolation more robust on other cpu systems
