format event ID XXXX: The specified resource type cannot be found in the image file.#015

[GoogleCodeExporter]

I received these messages from evtsys for Information type of events, although 
LogLevel was set to 2.

EXAMPLE:

###From Evtsys:

format event ID 1040: The specified resource type cannot be found in the image 
file.#015

###From Windows log:

Event Type: Information
Event Source:   MsiInstaller
Event Category: None
Event ID:   1040
Date:       5/16/2012
Time:       6:55:13 PM
User:       NT AUTHORITY\SYSTEM
Computer:   S-KV-CENTER-M01
Description:
Beginning a Windows Installer transaction: C:\Program Files 
(x86)\Sophos\AutoUpdate\cache\savxp\Sophos Anti-Virus.msi. Client Process Id: 
10892.

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.

###From Evtsys:

format event ID 11728: The specified resource type cannot be found in the image 
file.#015

###From Windows log:

Event Type: Information
Event Source:   MsiInstaller
Event Category: None
Event ID:   11728
Date:       5/16/2012
Time:       6:56:44 PM
User:       NT AUTHORITY\SYSTEM
Computer:   S-KV-CENTER-M01
Description:
Product: Sophos Anti-Virus -- Configuration completed successfully.

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 39 41 43 42 34 31 34   {9ACB414
0008: 44 2d 39 33 34 37 2d 34   D-9347-4
0010: 30 42 36 2d 41 34 35 33   0B6-A453
0018: 2d 35 45 46 42 32 44 42   -5EFB2DB
0020: 35 39 44 46 41 7d         59DFA}  

In example above event ID from Evtsys and Event in Windows logs are equal - so 
I could find the source of problem. 

But in example below, I can't even understand what is the ID number:

###From Evtsys:
format event ID 4026476304: The specified resource type cannot be found in the 
image file.#015 

### In Windows Log

There is no such event in Windows log.

Could you, please, explain such behavior of evtsys.

Original issue reported on code.google.com by azhelnit...@itt-consulting.com on 21 Jun 2012 at 10:25

[GoogleCodeExporter]

This sounds like Windows 2003 issue and evtsys not being able to find the 
messsage files. Have you tried it on any other servers?

Original comment by sherwin....@gmail.com on 16 Aug 2012 at 2:13

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

This situation occurs on some other servers. E.g.,from Evtsys (another server): 
"format event ID 1615790081: The specified resource type cannot be found in the 
image file.#015"

It is interesting that maximum ID number in Windows Event Log journal has to be 
not more than 99999, but Evtsys shows event ID = 1615790081. There is even no 
any entry in Windows event log journal with the same or similar event ID.

I thought that evtsys just takes info from event log journal and doesn't use 
message file to recognize event and then send it to syslog server. Isn't it? Do 
evtsys listen for application requests independently from Event Log service?

Original comment by azhelnit...@itt-consulting.com on 17 Aug 2012 at 7:33

[GoogleCodeExporter]

Evtsys uses the eventlog service, but in Pre-Vista clients Event Log stores 
values that are formatted based on a message file. The errors you are getting 
seem to be a little different so I need to take a look at it.

Original comment by sherwin....@gmail.com on 6 Sep 2012 at 5:01