The event log error clearly indicates an issue with the installation. I just did a fresh test with latest bits on WS2008 R2 and everything worked for me. I used the administrator command line installation method and here is my output:
 
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
C:\Users\gwroblew>cd \temp\modsecurity
C:\Temp\modsecurity>copyfiles.bat
C:\Temp\modsecurity>IF /I AMD64 == x86 GOTO x86
C:\Temp\modsecurity>copy x86\*.dll C:\Windows\syswow64\inetsrv
x86\libapr-1.dll
x86\libapriconv-1.dll
x86\libaprutil-1.dll
x86\libcurl.dll
x86\libxml2.dll
x86\lua5.1.dll
x86\ModSecurityIIS.dll
x86\pcre.dll
x86\zlib1.dll
        9 file(s) copied.
C:\Temp\modsecurity>copy amd64\*.dll C:\Windows\system32\inetsrv
amd64\libapr-1.dll
amd64\libapriconv-1.dll
amd64\libaprutil-1.dll
amd64\libcurl.dll
amd64\libxml2.dll
amd64\lua5.1.dll
amd64\ModSecurityIIS.dll
amd64\pcre.dll
amd64\zlib1.dll
        9 file(s) copied.
C:\Temp\modsecurity>copy x86\*.pdb C:\Windows\syswow64\inetsrv
x86\libapr-1.pdb
x86\libapriconv-1.pdb
x86\libaprutil-1.pdb
x86\libcurl.pdb
x86\lua5.1.pdb
x86\ModSecurityIIS.pdb
x86\pcre.pdb
x86\zlib1.pdb
        8 file(s) copied.
C:\Temp\modsecurity>copy amd64\*.pdb C:\Windows\system32\inetsrv
amd64\libapr-1.pdb
amd64\libapriconv-1.pdb
amd64\libaprutil-1.pdb
amd64\libcurl.pdb
amd64\lua5.1.pdb
amd64\ModSecurityIIS.pdb
amd64\pcre.pdb
amd64\zlib1.pdb
        8 file(s) copied.
C:\Temp\modsecurity>GOTO end
C:\Temp\modsecurity>register.bat
C:\Temp\modsecurity>pushd \
C:\>cd C:\Windows\system32\inetsrv
C:\Windows\System32\inetsrv>appcmd.exe install module /name:ModSecurityIIS /imag
e:C:\Windows\system32\inetsrv\modsecurityiis.dll
GLOBAL MODULE object "ModSecurityIIS" added
MODULE object "ModSecurityIIS" added
C:\Windows\System32\inetsrv>popd
C:\Temp\modsecurity>addschema.bat
C:\Temp\modsecurity>iisschema.exe /install ModSecurity.xml
Installing schema file: C:\Temp\modsecurity\ModSecurity.xml
Installed schema file: C:\Windows\system32\inetsrv\config\schema\ModSecurity.xml
Registered section: system.webServer/ModSecurity
Finished

After that I modified a web.config file, added ModSecurity config file to wwwroot and it worked as expected.

Greg
 
> ------------------------------
>
> Message: 6
> Date: Thu, 15 Nov 2012 16:04:56 +0100
> From: Jan van Valen <janvanvalen@itouchdesign.nl>
> Subject: Re: [Mod-security-developers] WS2008 R2 SP1 (64bit) IIS 7.5
> To: "mod-security-developers@lists.sourceforge.net"
> <mod-security-developers@lists.sourceforge.net>
> Message-ID:
> <F0F767A6EAC7B241BB427843808610AD63B0DF6BDD@tilsrv04.corp.medicinfo.nl>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Greg,
>
> Did the same tests with the new 2.7.1 but no progress.
>
> In the event log I only have:
>
> The Module DLL 'C:\Windows\system32\inetsrv\modsecurityiis.dll' could not be loaded due to a configuration problem. The current configuration only supports loading images built for a x86 processor architecture. The data field contains the error number.
>
> I have modsecurity enabled in the web.config (without, the error is also present - when I add <remove name="ModSecurityIIS" /> no error)
> The webconfig is set to: <ModSecurity enabled="true" configFile="c:\websites\wesbitename\modsecurity.conf" />
>
> The conf file is at the same level as the web.config.
> As the error points to a 'configuration problem' I fear my conf is wrong. I worked through the wiki and google but cannot find any pointers to how this conf should be configured for windows and where the actual activated_rules should be.
>
> modsecurity.conf (comments removed):
> **********************************************
> SecComponentSignature "OWASP_CRS/2.2.6"
> SecDefaultAction "phase:1,deny,nolog,auditlog"
> SecAction \
> "id:'900001', \
> phase:1, \
> t:none, \
> setvar:tx.critical_anomaly_score=5, \
> setvar:tx.error_anomaly_score=4, \
> setvar:tx.warning_anomaly_score=3, \
> setvar:tx.notice_anomaly_score=2, \
> nolog, \
> pass"
> SecAction \
> "id:'900002', \
> phase:1, \
> t:none, \
> setvar:tx.inbound_anomaly_score_level=5, \
> nolog, \
> pass"
> SecAction \
> "id:'900003', \
> phase:1, \
> t:none, \
> setvar:tx.outbound_anomaly_score_level=4, \
> nolog, \
> pass"
> #SecAction \
> "id:'900004', \
> phase:1, \
> t:none, \
> setvar:tx.anomaly_score_blocking=on, \
> nolog, \
> pass"
> #SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat
> #SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \
> "id:'900005', \
> phase:1, \
> t:none, \
> ctl:ruleEngine=DetectionOnly, \
> setvar:tx.regression_testing=1, \
> nolog, \
> pass"
> SecAction \
> "id:'900006', \
> phase:1, \
> t:none, \
> setvar:tx.max_num_args=255, \
> nolog, \
> pass"
> #SecAction \
> "id:'900007', \
> phase:1, \
> t:none, \
> setvar:tx.arg_name_length=100, \
> nolog, \
> pass"
> #SecAction \
> "id:'900008', \
> phase:1, \
> t:none, \
> setvar:tx.arg_length=400, \
> nolog, \
> pass"
> #SecAction \
> "id:'900009', \
> phase:1, \
> t:none, \
> setvar:tx.total_arg_length=64000, \
> nolog, \
> pass"
> #SecAction \
> "id:'900010', \
> phase:1, \
> t:none, \
> setvar:tx.max_file_size=1048576, \
> nolog, \
> pass"
> #SecAction \
> "id:'900011', \
> phase:1, \
> t:none, \
> setvar:tx.combined_file_sizes=1048576, \
> nolog, \
> pass"
> SecAction \
> "id:'900012', \
> phase:1, \
> t:none, \
> setvar:'tx.allowed_methods=GET HEAD POST OPTIONS', \
> setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json', \
> setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
> setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \
> setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', \
> nolog, \
> pass"
> #SecAction \
> "id:'900013', \
> phase:1, \
> t:none, \
> setvar:tx.csp_report_only=1, \
> setvar:tx.csp_report_uri=/csp_violation_report, \
> setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \
> nolog, \
> pass"
> #SecAction \
> "id:'900014', \
> phase:1, \
> t:none, \
> setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \
> setvar:'tx.brute_force_burst_time_slice=60', \
> setvar:'tx.brute_force_counter_threshold=10', \
> setvar:'tx.brute_force_block_timeout=300', \
> nolog, \
> pass"
> #SecAction \
> "id:'900015', \
> phase:1, \
> t:none, \
> setvar:'tx.dos_burst_time_slice=60', \
> setvar:'tx.dos_counter_threshold=100', \
> setvar:'tx.dos_block_timeout=600', \
> nolog, \
> pass"
> SecAction \
> "id:'900016', \
> phase:1, \
> t:none, \
> setvar:tx.crs_validate_utf8_encoding=1, \
> nolog, \
> pass"
> SecRule REQUEST_HEADERS:Content-Type "text/xml" \
> "id:'900017', \
> phase:1, \
> t:none,t:lowercase, \
> nolog, \
> pass, \
> chain"
> SecRule REQBODY_PROCESSOR "!@streq XML" \
> "ctl:requestBodyProcessor=XML"
> SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \
> "id:'900018', \
> phase:1, \
> t:none,t:sha1,t:hexEncode, \
> setvar:tx.ua_hash=%{matched_var}, \
> nolog, \
> pass"
> SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \
> "id:'900019', \
> phase:1, \
> t:none, \
> capture, \
> setvar:tx.real_ip=%{tx.1}, \
> nolog, \
> pass"
> SecRule &TX:REAL_IP "!@eq 0" \
> "id:'900020', \
> phase:1, \
> t:none, \
> initcol:global=global, \
> initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \
> nolog, \
> pass"
> SecRule &TX:REAL_IP "@eq 0" \
> "id:'900021', \
> phase:1, \
> t:none, \
> initcol:global=global, \
> initcol:ip=%{remote_addr}_%{tx.ua_hash}, \
> nolog, \
> pass"
> **************************************************
> Reagards,
> JamBo
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Monitor your physical, virtual and cloud infrastructure from a single
> web console. Get in-depth insight into apps, servers, databases, vmware,
> SAP, cloud infrastructure, etc. Download 30-day Free Trial.
> Pricing starts from $795 for 25 servers or applications!
> http://p.sf.net/sfu/zoho_dev2dev_nov
>
> ------------------------------
>
> _______________________________________________
> mod-security-developers mailing list
> mod-security-developers@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>
>
> End of mod-security-developers Digest, Vol 25, Issue 2
> ******************************************************