Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
Sysmon first install on Windows Server 2025 fails with 'wevtutil.exe returned failure'
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER7%3C/text%3E%3C/svg%3E)
RoyWillyHaug-7992
0
Reputation points
Create an Azure Windows Server 2025 VM, then download and install sysmon from a command prompt running as Administrator: sysmon -i -accepteula
The sysmon installation fails:
wevtutil.exe returned failure
Event manifest installation failed with last error:
The operation completed successfully.
Running 'sc query sysmon' does not show sysmon as installed.
Run the same command again, and it installs as expected, and the sc query shows sysmon runs.
This does not happen on older Windows Server versions, like Windows Server 2022.
This is a problem when automating sysmon deployment to hundreds of VM's.
Sysinternals
{count} votes
-
RoyWillyHaug-7992 0 Reputation points
2026-02-12T19:23:44.05+00:00 Note that the previous sysmon version (15.14) also fails in the same way.
While the 15.15 sysmon64.exe installs correctly on first install.
Sign in to comment
Sign in to answer