Exception while ManagementEventWatcher(WMI) to notify events from remote machine

Question

I am trying to get notification from a remote machine \'s event viewer using WMI and C#. I am able to connect the system and also get event log by using ManagementObje

Answer 1

I spent hours figuring this one out. None of the above worked for me.

After analyzing the Event logs on my IIS server I found I was receivingthe following error event in the System Log every time I called the Start method on the ManagementEventWatcher object:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {49BD2028-1523-11D1-AD79-00C04FD8FDFF} and APPID {49BD2028-1523-11D1-AD79-00C04FD8FDFF} to the user IIS APPPOOL\DefaultAppPool SID (S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

A registry search revealed that the application with the APPID specified in the error was

Microsoft WBEM Unsecured Apartment

To make the asynchronous callback work you need to grant Local Activation permissions on the this COM object to the IIS APPPOOL\DefaultAppPool user, which sounds easy enough except for the fact that user does not show up as a valid acount in the security database. This is because it is a system generated user account automatically built when an IIS Application Pool is created.

The process to make this work is as follows:

1. Run mmc, add the Component Services snap in
2. Open Computers->My Computer->DCOM Config
3. Scroll down to the "Microsoft WBEM Unsecured Apartment Object"
4. Right Click and select Properties
5. Click the Security Tab and under the section for "Launch and Activation Permissions" select the Customize option and hit Edit
6. If your IIS server is part of a Domain make sure that you have the Local Machine specified in the location field and not the Domain.
7. Hit the Add button and type in "IIS APPPool\DefaultAppPool" into the user box and hit the Check Names button. If you are not using the DefaultAppPool then substitute the name of the App Pool you are using.
8. You will see a valid user appear in the box, hit OK.
9. Select the user in the list and check the Allow boxes for Local Launch and Local Activation.
10. Enjoy the fact that you will no longer see E_ACCESSDENIED on asynch callbacks to your WMI Event Listener.