Sysmon Installation Issue - wevtutil.exe returned failure

[FleetwoodBat]

I have one server where I am unable to install Sysmon. Following error is received:

wevtutil.exe returned failure Event manifest installation failed with last error: Cannot create a file when that file already exists.

I've removed all of the below and attempted reinstallation after restart but still not joy

"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Sysmon/Operational", "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers{5770385f-c22a-43e0-bf4c-06f5698ffbd9}", "HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Microsoft-Windows-Sysmon-Operational"

Tried force uninstalling but just advises sysmon is not installed.

Attempted to install the manifest first with -m, but no help.

I am out of ideas.

[Siddan74]

Please try this: Sysmon64.exe /i -accepteula If success - Run: wevtutil.exe sl Microsoft-Windows-Sysmon/Operational /ca:O:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;NS) Then uninstall and try to install with your configuration

[FleetwoodBat]

Sysmon64.exe /i -accepteula was the initial command I used for returning the wevtutil error, just want a basic install.

When running sysmon64.exe /i -accepteula it adds the Microsoft-Windows-Sysmon/Operational reg folder. I would have to make myself owner on that folder for that wevtutil command to work. I can see the ChannelAccess reg_sz already has the value you've specified.