The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.

Yesterday this error came for one of the deployment on production. But the same deployment was working fine on staging environment.

A message received by adapter “MSMQ” on receive location “RL_XYZ_RES_09” with URI “FORMATNAME:DIRECT=OS:.\PRIVATE$\XYZ_RES_09” is suspended.
Error details: There was a failure executing the receive pipeline: “BTSHttpDecoder.DecoderPipeline, BTSHttpDecoder, Version=1.0.0.0, Culture=neutral, PublicKeyToken=5793a821957af7d1” Source: “MessageDecoderPipelineComponent_F09” Receive Port: “RP_XYZ_RES_09” URI: “FORMATNAME:DIRECT=OS:.\PRIVATE$\XYZ_RES_09” Reason: The source was not found, but some or all event logs could not be searched.  To create the source, you need permission to read all event logs to make sure that the new source name is unique.  Inaccessible logs: Security. 

REASON

This problem occurs because the user (BizTalk Service) account  does not have sufficient permissions. In production there is a dedicated event source named  “BizTalk Applications Logs” under Application and Service Logs in Event Viewer and the BizTalk Service account has only permission to this event source.

But in development and staging environment the BizTalk service account does not have this kind of limitation and it has permission to all the event sources.

In the pipeline component during development for testing purpose few fields was getting written to event log. And this was not cleaned up before shipping the code in production.

System.Diagnostics.EventLog.WriteEntry(“PromotedProperties”, strName);

SOLUTION

1. Make sure you have the process for proper clean up and code review for the performance optimization of the code before it get shipped to production.

2. You need to grant permission to create a custom event log:

• Log on to the computer as an administrator.
• Click Start, click Run, type regedit in the Open box, and then click OK. The Registry Editor window appears.
• Locate the following registry subkey:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
• Right-click Eventlog, and then click Permissions. The Permissions for Eventlog dialog box appears.

• Click Add, add the user account or group that you want and set the following permissions: “Full Control”