It seems that the 2015 Dynamics GP (formally, Great Plains) Econnect webservices installer doesn't quite set things up correctly in terms of security permissions.|
When an error is triggered via a web-service call (e.g. validation error), you get a rather misleading System.Security.SecurityException wrapped up in your SOAP Fault:
The source was not found, but some or all event logs could not be searched. To create the source, you need permission to read all event logs to make sure that the new source name is unique. Inaccessible logs: Security.This is a fairly common error when dealing with the EventLog. Event Log entries have a source associated with them, in order to create a new source an application required administrative privileges. So, normally, this is something the installer will do as part of setup, as obviously you should not run service-accounts as administrators.
To work past this, I exported the EventLog registry configuration from "HKLM/SYSTEM/CurrentControlSet/Services/EventLog/". I then changed the permissions on this key to grant read/write access to the service account that DynGPWebService account runs under. I re-ran the web-service call that was causing the error and then re-exported the registry key.
I compared the results using a source merge tool and it showed a new entry:
It's an expanded string, but in plain English, it will display a value of "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll" in regedit.
Windows Registry Editor Version 5.00
Reverting the permissions on the EventLog to normal is fine at this stage as the key has been setup.
The alternative approach is to run Process Explorer and monitor what registry keys access is denied for. The snag with this approach is the application will often request access at a higher-level in the tree, so you can't get very granular.