none
Event log error 4201 - ERROR_WMI_INSTANCE_NOT_FOUND

    Question

  • ERROR_WMI_INSTANCE_NOT_FOUND
    4201 The instance name passed was not recognized as valid by a WMI data provider.

    http://msdn2.microsoft.com/en-us/library/ms681387.aspx < this is the only error explanation I have found so far (it's really not very helpful) 

     

    I cannot start the event log service no matter what I try as a workaround.  I really don't know what caused it to stop or what is causing the error above when I try to start it, but I have a hunch it is a compatibility issue.  This is a serious security concern and I need it fixed ASAP.  I hope MS addresses this issue in their next update...

    Tuesday, February 27, 2007 10:14 PM

Answers

All replies

  • I haven't seen anything in the bug database on a similar problem or a repro.

    If you are having issues with starting your event log it's probably best to contact the main support line. Try to give them as much info as possible.

    Here's the link for general Vista Issues:

    http://windowshelp.microsoft.com/Windows/en-US/techsupport/default.mspx

    It's another link that might help you as well, it has links to news groups and technet.

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=423586&SiteID=1

     

    Tuesday, February 27, 2007 10:40 PM
  •  Matrixisrl wrote:

    ERROR_WMI_INSTANCE_NOT_FOUND
    4201 The instance name passed was not recognized as valid by a WMI data provider.

    http://msdn2.microsoft.com/en-us/library/ms681387.aspx < this is the only error explanation I have found so far (it's really not very helpful) 

     

    I cannot start the event log service no matter what I try as a workaround.  I really don't know what caused it to stop or what is causing the error above when I try to start it, but I have a hunch it is a compatibility issue.  This is a serious security concern and I need it fixed ASAP.  I hope MS addresses this issue in their next update...



    I've only just rebuilt my PC with vista on and I am getting this... any idea what is stopping the event log service from starting?
    Friday, March 02, 2007 7:29 PM
  •  Bruce N. Baker - MSFT wrote:

    I haven't seen anything in the bug database on a similar problem or a repro.

    If you are having issues with starting your event log it's probably best to contact the main support line. Try to give them as much info as possible.

    Here's the link for general Vista Issues:

    http://windowshelp.microsoft.com/Windows/en-US/techsupport/default.mspx

    It's another link that might help you as well, it has links to news groups and technet.

    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=423586&SiteID=1

     

     

    I reported this problem to Microsoft Tech Support back in January or February (SRX070227600510) and it was escalated to upper level support, however a solution was never found!

     

    I told them loud and clear that there are a lot of people having the issue and they could browse the Newsgroups to see all that are effected, and cannot believe that it still has not been fixed!

     

    The system I am having trouble with is a development machine used with Visual Studio, and it is not practical for me to wipe and reload everything as Microsoft suggests!

     

    I eventually ended up reloading everything back on in the above case, and everything worked fine until 5/18/2007.

     

    This is when I lost my Event Viewer and my FAX service... there may be a couple of other services that are not functioning also.

     

    One commonality I have discovered (though I am not sure this is the problem) is that in both instances, Windows DreamScene Content Pack was installed from Vista update, and then everything went south! I have uninstalled all of that and even went back as far as I could with System Restore to no avail.

     

    I ran the WMIDiag, and send the logs to Microsoft Support, however they tell me there was nothing of any help in the logs even though the log has an entry that says there is a problem with WMI and it may not run correctly!

     

    I wish someone from Microsoft would investigate this problem instead of arbitrarily telling me to wipe and reload!!!! Thats not always as simple as it seems, and obviously, the problem is going to come back as it did in my case.

     

     

    Wednesday, May 30, 2007 3:42 PM
  • I am not in a loop to assist you with this and unfortunately I did not see another bug exactly related to this issue or a KB. If issue was stop after being escalated did you try to recontact them?

     

    What are in the dialogs for the event service properties, anything unusual in there?

    Wednesday, May 30, 2007 6:51 PM
  •  Bruce N. Baker - MSFT wrote:

    I am not in a loop to assist you with this and unfortunately I did not see another bug exactly related to this issue or a KB. If issue was stop after being escalated did you try to recontact them?

     

    What are in the dialogs for the event service properties, anything unusual in there?

     

    Bruce,

     

    The only thing that I noticed was that when you go to the Logon tab of the Windows Event Log Service dialog, the login information on the entire tab is grayed out (even if I am on as administrator). I cannot change the logon for the service. The service is set to start automatically.

     

    I have recontacted Microsoft support... The support engineer said that they are looking into it, but want me to reinstall, which I only want to do as an extreme last resort.

     

    Here is the gentleman (below) helping me. I know it's not earth shattering or hazardous to my health, but I am sure that myself and the others that have this problem sure would like someone to take a serious look at the issue and fix it! If you do a Google search, there are a lot more folks running into this problem that are not part of the MS Newsgroups.

     

    Nilesh Bhavsar

    Microsoft Enterprise Support Engineer

    * E-mail: v-11nibh@mssupport.microsoft.com

     

    I cannot use my fax service as these are somehow connected... the Task Scheduler is not functioning either... if I look in Services.mmc the service is running, however if I attempt to open the Task Scheduler to see what is running, it says "The Task Scheduler Service is not available"

     

    There are probably a couple more services that I am not aware of yet which are not functioning.

    Thursday, May 31, 2007 4:07 PM
  • Huge font you use.

     

     

    Those other services depend on Event Service that is why they are also not functioning.

    Thursday, May 31, 2007 5:22 PM
  • All the better to see me with

     

    Ok, so now if we can figure out why the event log service wont start,  we'd be happy campers!

     

    Is there some way to find out how the event log service is being called? The error is saying that the "instance name passed was not recognized as valid by the WMI provider"... How is this parameter determined?

     

    Thursday, May 31, 2007 9:30 PM
  • What are the properties of the Event Service. What account is it running under?
    Thursday, May 31, 2007 10:04 PM
  • Bruce,

     

    The Event Viewer service is logged on with Local Service, it is set to Automatic, and the command line shows c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted.

     

    The Logon tab shows Local Service (with the second radio button checked), however the entire tab is grayed out.

     

    Reading some of the other posts, I have tried the permissions angle, and checked the owner of the %windir%\system32\logfiles folder.

     

    The frustrating part is this WAS working a couple of weeks ago... I am pretty sure the problem started on May 18th, and I used the System Restore to go back to the day before that (which was as far as they were available) but that did not change the problem.

     

    Thursday, May 31, 2007 10:24 PM
  • have you changed any system passwords since then?
    Friday, June 01, 2007 7:40 PM
  •  Bruce N. Baker - MSFT wrote:
    have you changed any system passwords since then?

     

    No... It was business as usual... Actually, I was getting an error when trying to run a backup to a folder on my server, so I went to open the Event Logs to see if I could figure out the problem, and found this trouble too...

     

    My backup still is not working correctly in that it says the drive is no longer available (which it is), but thats another issue  (I hope).

     

    I still have not heard back from MS Tech Support!
    Friday, June 01, 2007 7:47 PM
  • If you are a partner, let me know and we can create a case and have this case escalated.
    Friday, June 01, 2007 8:37 PM
  •  Bruce N. Baker - MSFT wrote:
    If you are a partner, let me know and we can create a case and have this case escalated.

     

    Certified Partner Partner ID: ######  [Active]
     
    I felt funny putting my partner ID in here, but I have one, of course.
     
     
    Friday, June 01, 2007 8:47 PM
  • Contact made, Sent Mail, Following up,Thanks, -Bruce
    Friday, June 01, 2007 8:55 PM
  • Just to update everyone that has this issue;

     

    I have been in contact with Microsoft Tech Support and they have escalated the case to the developers to see if they can figure out what the problem is.

     

    It does not currently appear to be a security issue at this point, although it has not been ruled out yet.

     

    The MS developers are currently working on the problem.

     

    Once a resolution has been determined I will post an update to let everyone know what has been found.

     

    For those of you that have reloaded Vista, keep an eye on the updates downloaded/installed from MS, as I personally believe that one of the Patches/Updates that came down the line around May 18th 2007 may have caused the problem.

    Tuesday, July 03, 2007 5:02 PM
  • Thanks for taking the time to update this thread
    Tuesday, July 03, 2007 5:46 PM
  • Please let me know when you can get a resolution. I am having problems running the FTP publishing service, and what I have been told by other partners, is that the event log is needed in order to run FTP. I am currently running server 2008 build 6001.

    (error msg located - http://boonedoggy.com/scr1.jpg )

    jp@boonedoggy.com
    Thursday, July 05, 2007 7:30 AM
  • I recently ran into the same issue that you are all having without being able to view or instantiate the Event Log Viewer.  I noticed this when my wireless, and cable networking capabilities crashed and stopped working.  After trying to track down a root cause, the only thing that i see is the fact that "the dependency service has failed to start."  Later, trying to view the Event View Log, i also noticed that failed to work as well.  This happened on a fresh install of Windows Vista Ultimate version 6.0.0666.16836 that i have been running for about 3 months.

     

    Thank you for all the hard work going on in this thread because currently i can not use my laptop computer for internet access or to troubleshoot any of my problems.  I really dont feel like reinstalling this system, as MS suggests, only if it is a last resort.  But being that this has been a problem for such a long time, i would hope that MS takes much consideration in this issue because this definitely limits the power of the operating system of what it is suppose to do.

    Tuesday, July 10, 2007 1:09 AM
  • Which dependancy service failed to start?
    Tuesday, July 10, 2007 10:23 PM
  • Thank you much for responding Bruce,

     

    I took screenshots of my desktop as the errors occurred, primarily right on start up:

     

    The first issue i see is this:

     

    "Failed to connect to a windows service -  Windows could not connect to the System Event Notification service.  This problem prevents limited users from logging on to the system.  As an administrator user, you can review the System Event Log for details about why the service didn't respond."

     

    The issue i have with this, is the fact that i am logged on as administrator and that still does not make a difference, i am still unable to view the Event Log.  I tried starting and stopping, restarting from the "Services" topic in Computer Management, but i receive error codes such as this: Windows could not start the Nework Location Awareness on Local computer... error code 1073741502. 

     

    Or from wired AUTOConfig, windows could not start the Wired AutoConfig service on local computer... Error 1747.

    Or from WLAN AutoConfig, "                            "                  Wlan AutoConfig    "                  "                             "

     

    When i attempt to start the Event Viewer from Computer Management I recieve the following error:

         Event Log service is unavailble. Verify that the service is running.

    But where do i check to verif it is running?

     

    I am honestly not much in tune with what a dependency service does, but i am well aware that whatever it is, my network hardware (Wlan and Lan) appears to be dependent upon this service to operate.

     

    I recieve the following errors with the network service status:

      The dependcy service or group failed to start.

     

    Also, with my ATI Catalyst Control Center: Monitoring program has stopped working.  A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

     

    Vista appears to have many problems with Wireless WPA2 networks as well, the network will appear sometimes in the tab, but Vista will not connect to it, even if one is close to the connection.

     

    I do thank you all for taking the time to investigate this issue.  Like i said, i installed Vista close to 3 to 4 months ago and have been encountering problems quite a bit.

    Tuesday, July 10, 2007 11:56 PM
  • Hi everybody

    I have the same EventLog issue. I’m using Windows Vista Business since February and everything was nice till some weeks ago.


    All started when I tried to share some pictures using the Sharing Folder capability of Windows Live Messenger and suddenly it gave me this error “Sharing folders aren’t available yet. Please try again.”. I first thought that it was a temporary server error (but it wasn’t). Then I realized that the Sharing Folder Service (usnjsvc.exe) was always in the “starting” state (so.. it wasn’t working). I uninstalled Messenger 8 and reinstalled it several times, but nothing changed. (I also tried with the 8.5beta!).


    Then I’ve got the idea to check my Event Viewer for a possible description of this issue… but also the EventLog wasn’t working: “Event Log service is unavailable. Verify that the service is running”.


    Then I checked the services and I realized that Windows Event Log service (“svchost.exe -k LocalServiceNetworkRestricted”) wasn’t running. If  I try to start it manually it gives the 4201 error (“The instance name passed was not recognized as valid by a WMI data provider.”).

    I also checked again the Sharing Folder Service and I saw that one of its dependencies was the Windows Event Log (so.. maybe that is the reason why the Sharing Folder Service is unable to start).


    Finally I checked the Reliability Monitor (under “Reliability and Performance” > “Monitoring Tools”) and I saw that the last report was on the 10th of June. It is strange because I have one report every day till that date (so… maybe something got wrong after that date – what about your Reliability Monitor reports?).


    I’m looking for a solution! I really don’t have time (and I don’t want) to re-install Vista again.


    Thanks  for your support.

    Wednesday, July 11, 2007 12:16 PM
  •  Giorgio Gamberini wrote:

    Hi everybody

    I have the same EventLog issue. I’m using Windows Vista Business since February and everything was nice till some weeks ago.


    All started when I tried to share some pictures using the Sharing Folder capability of Windows Live Messenger and suddenly it gave me this error “Sharing folders aren’t available yet. Please try again.”. I first thought that it was a temporary server error (but it wasn’t). Then I realized that the Sharing Folder Service (usnjsvc.exe) was always in the “starting” state (so.. it wasn’t working). I uninstalled Messenger 8 and reinstalled it several times, but nothing changed. (I also tried with the 8.5beta!).


    Then I’ve got the idea to check my Event Viewer for a possible description of this issue… but also the EventLog wasn’t working: “Event Log service is unavailable. Verify that the service is running”.


    Then I checked the services and I realized that Windows Event Log service (“svchost.exe -k LocalServiceNetworkRestricted”) wasn’t running. If  I try to start it manually it gives the 4201 error (“The instance name passed was not recognized as valid by a WMI data provider.”).

    I also checked again the Sharing Folder Service and I saw that one of its dependencies was the Windows Event Log (so.. maybe that is the reason why the Sharing Folder Service is unable to start).


    Finally I checked the Reliability Monitor (under “Reliability and Performance” > “Monitoring Tools”) and I saw that the last report was on the 10th of June. It is strange because I have one report every day till that date (so… maybe something got wrong after that date – what about your Reliability Monitor reports?).


    I’m looking for a solution! I really don’t have time (and I don’t want) to re-install Vista again.


    Thanks  for your support.

     

    Update:

     

    Even more developers are working on the problem now, and they spent most of yesterday 7/10/07 remoted into my system, but have yet to come up with a solution.

     

    I may have to prepare an image of my system for them to use in their office, so this could take a little more time...

     

    I promise I'll  let everyone know what happens when I get some answers.

     

    Gary.

    Wednesday, July 11, 2007 1:37 PM
  • Hi

     

    I have this very same issue as well. The last thing i did was clean out all shedualed tasks and hidden tasks because I hate when my computer does things I dont not choose to do. lol. let me what what you find out.

     

    TJ

    Tuesday, July 17, 2007 10:00 AM
  •  TJelly wrote:

    Hi

     

    I have this very same issue as well. The last thing i did was clean out all scheduled tasks and hidden tasks because I hate when my computer does things I don't not choose to do. Lil. let me what what you find out.

     

    J

     

    OK Ladies and Gentleman, here is what we have found;

     

    Apparently, one of the Windows updates is causing corruption of the Access Control List (ACL's) in the registry. I had entire sections of my registry nodes that lost the ACL'S.

     

    While I was researching the problem, I came across a website where someone had a similar problem with getting windows OS programs/services to run and they discovered that there was some registry corruption and missing ACL's.

     

    There are two different options that I ended up doing to get the system back in operation.

     

    It seems that running one or the other alone will not fix the problem, but doing both should get you back in service. 

    1. Make a backup of your registry (and a complete backup of the system wouldn't hurt either!)
    2. Go to Microsoft's website and download a program called subinacl.exe from this site; http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
    3. Install the subinacl.exe (it downloads as an MSI file).
    4. Copy the code below into a text file and then name the text file reset.cmd.
    5. I copied the command file to my temp folder to run, but as you can see from the cmd file, it contains the path to the executable subinacl.exe.

    @echo off

    title Resetting ACLs...

    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

    echo.

    echo Resetting ACLs...

    echo (this may take several minutes to complete)

    echo.

    echo ==========================================================================

    echo.

    echo.

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo System Drive...

    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo Windows Directory...

    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo ==========================================================================

    echo.

    echo FINISHED.

    echo.

    echo Press any key to exit . . .

    pause >NUL

     

    3. As this command file runs it will show you the status of the reset and create a log that you can go back into and inspect for problems.

    4. When this command file completes, you then need to open a command window (using Run As Administrator) and run the following command;

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

     

    These two actions combined will reset the permissions on the registry nodes back to their default settings.

     

    Reboot and check your Event Log service... at this point it should be running.

     

    After effects of this process which happened to me, were that the Network List Service would not run... I still had network and internet access, however the Network icon in the task notification area had a Red X, and mouse over displayed a tooltip that said "Server Execution Failed".  This was a result of resetting the ACL's.

     

    The Network List Service (netprofm) would not run because it did not have permission to run.

     

     In order to correct this issue, you must open the Component Services snap-in and drill down under Computers/My Computer/DCOM Config/netprofm (this is for Vista!) and right click the node, and select Properties.

     

    Click on the Security tab and make certain the correct user names are listed and that they have the appropriate permissions. I have 4 users listed with the same permissions; (your mileage may vary )

    1. Administrators - Perms; Local Launch, Local activation
    2. Interactive
    3. Local Service
    4. System

    Next, go to the Identity tab and ensure that The System account (services only) is the item that is checked. Make sure the changes you make get applied.

     

    Restart your computer so the ACL's are refreshed.

     

    Once you come back up from the reboot, things should be pretty much back to normal.

     

    You may find a stray program here and there that may need to have it's permissions reset, but you should be operational.

     

    I directed the Microsoft engineers to this forum (and Goggle search it) so they can see this is getting to be an issue for a lot of people. They in fact have a brand new case (same problem) that was just escalated to them and they are going to take an Image of that persons system first thing so they can determine what is causing this, and if necessary put out a hotfix or service pack to correct it.

     

    In the meantime, if you run into anyone else going through this problem, at least there was one solution that worked for me...

     

    I cannot guarantee that this will work for everyone and the issue may effect each machine differently, so just be aware that this is not the blue pill!

     

    I think that because the Registry database is so critical to the operation of Windows, Microsoft engineers should have some sort of utility that can repair and/or reset the registry and file permissions easily should something happen...

     

    I personally believe that this should be part of the base operating system and we should not have to shell out extra bucks to third party vendors for these type of utilities, particularly if the registry is prone to corruption either by Microsoft's own hands or by a third party application.

     

    I am not knocking third party programmers as I am one myself, I am just saying that this is Microsoft's OS and they should provide these easily accessible tools to keep us running!

     

    Good Luck!

     

    • Proposed as answer by GaryBouchard Friday, June 26, 2009 2:59 PM
    Tuesday, July 17, 2007 4:26 PM
  • Great! It finally works!

    Just two little adjustment:

    1. when you run reset.cmd, you must run it as administrator (otherwhise it will not succed to fix all the files)

    2. the right command is:
        secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
        with /cfg parameter (not /CF)

    I had no problem with the Network List Service.

    Thank you very much!
    Tuesday, July 17, 2007 9:51 PM
  • Thanks this worked great now someone should let microsoft know to create a KB for it.
    Thursday, July 19, 2007 4:40 AM
  • Unfortunately i cant join the rest of the gang on saying that this corrected my problem.  After running as administrator, completing the steps described above the following happend:

     

    Ran the Reset.cmd; it completed, however with 5 errors.

     

    Ran the secedit...cmd; it completed successfully.

     

    Went to Reboot my computer; computer hangs on Boot everytime.

     

    Any suggestions?

    Thursday, July 19, 2007 11:35 PM
  •  Tuzz wrote:

    Unfortunately i cant join the rest of the gang on saying that this corrected my problem.  After running as administrator, completing the steps described above the following happend:

     

    Ran the Reset.cmd; it completed, however with 5 errors.

     

    Ran the secedit...cmd; it completed successfully.

     

    Went to Reboot my computer; computer hangs on Boot everytime.

     

    Any suggestions?

     

    Just like to add; after trying numerous times to reboot, computer finally rebooted, however, none of the problems appeared to be fix; my services are all still down as mentioned in previous blogs.

    Friday, July 20, 2007 1:36 AM
  • I just wanted to thank you for posting this resolution.  I had just used the Acronis Clone Disk tool to move my Vista x64 partition to a new hard drive, and upon booting it encountered this horror.  After giving up and putting my old hard disk back in, I discovered that it too had the same problem.  I have successfully used that tool with Vista x64 in the past and had no trouble.  Each time, I do have to use the Vista DVD to restore the boot dependencies (using Restore My Computer -then letting it detect the missing boot files.)  I am a little suspicious of this boot restore procedure.  I also had very recently moved all my "Known Folder"  junctions to my second hard drive (by telling Vista to move them, not by hacking it), and that is one of the only differences between the machine that failed to boot a backup image and the one that worked fine.

    I am still waiting for the subinacl script to complete (it's been going for half an hour but no failures so far).  Fingers crossed.
    Monday, August 06, 2007 3:55 PM
  • I also remember that after moving some of my " Known Folders"  to a different drive, after rebooting, I was having some unusual behavior--like start menu shortcuts that had gone blank and that I had to recreate.  I think there is a good chance the problem occurred at this time and I just happened to clone it to the second drive (there is not really a good explanation for why it would appear on my source drive as well as target drive.).  I wonder if anyone else had moved these junctions (the special named folders) to a different location before having this problem?
    Monday, August 06, 2007 4:04 PM
  • This utility has been running for 7 hours.  It just passed the 4,900,000th registry key.  Is this normal?  I can't imagine what could be in the registry that is that big.

    As far as I can tell, it's been stuck in HKLM/Software/Wow6432Node/Wow6432Node/Wow6432Node/Wow... [it cuts off there, but I can only imagine the horror.] for at least six of those hours. 

    Ugh.
    Monday, August 06, 2007 10:52 PM
  •  

    HI

     

    I found this Topic while searching for a solution to my event log problem. I have this exact issue with the event logs not working. I have no idea what has caused it and it was working fine at least a week ago.

     

    Ive followed the instructions that Gary Bouchard set out. The Secedit output txt file logged this

     

    Completed 0 percent (0/115)  Process Privilege Rights area       
    Completed 1 percent (1/115)  Process Privilege Rights area       
    Completed 2 percent (2/115)  Process Privilege Rights area       
    Completed 3 percent (3/115)  Process Privilege Rights area       
    Completed 4 percent (4/115)  Process Privilege Rights area       
    Completed 5 percent (5/115)  Process Privilege Rights area       
    Completed 6 percent (6/115)  Process Privilege Rights area       
    Completed 6 percent (7/115)  Process Privilege Rights area       
    Completed 7 percent (8/115)  Process Privilege Rights area       
    Completed 8 percent (9/115)  Process Privilege Rights area       
    Completed 13 percent (15/115)  Process Privilege Rights area       
    Completed 13 percent (15/115)  Process Group Membership area       
    Completed 14 percent (16/115)  Process Group Membership area       
    Completed 26 percent (30/115)  Process Group Membership area       
    Completed 26 percent (30/115)  Process Registry Keys area       
    Completed 27 percent (31/115)  Process Registry Keys area       
    Completed 28 percent (32/115)  Process Registry Keys area       
    Completed 29 percent (33/115)  Process Registry Keys area       
    Completed 30 percent (34/115)  Process Registry Keys area       
    Completed 31 percent (35/115)  Process Registry Keys area       
    Completed 32 percent (36/115)  Process Registry Keys area       
    Completed 33 percent (37/115)  Process Registry Keys area       
    Completed 33 percent (38/115)  Process Registry Keys area       
    Completed 34 percent (39/115)  Process Registry Keys area       
    Completed 35 percent (40/115)  Process Registry Keys area       
    Completed 36 percent (41/115)  Process Registry Keys area       
    Completed 37 percent (42/115)  Process Registry Keys area       
    Completed 38 percent (43/115)  Process Registry Keys area       
    Completed 39 percent (44/115)  Process Registry Keys area       
    Completed 40 percent (45/115)  Process Registry Keys area       
    Completed 40 percent (46/115)  Process Registry Keys area       
    Completed 41 percent (47/115)  Process Registry Keys area       
    Completed 42 percent (48/115)  Process Registry Keys area       
    Completed 43 percent (49/115)  Process Registry Keys area       
    Completed 44 percent (50/115)  Process Registry Keys area       
    Completed 45 percent (51/115)  Process Registry Keys area       
    Completed 46 percent (52/115)  Process Registry Keys area       
    Completed 46 percent (53/115)  Process Registry Keys area       
    Completed 47 percent (54/115)  Process Registry Keys area       
    Completed 48 percent (55/115)  Process Registry Keys area       
    Completed 49 percent (56/115)  Process Registry Keys area       
    Completed 50 percent (57/115)  Process Registry Keys area       
    Completed 51 percent (58/115)  Process Registry Keys area       
    Completed 52 percent (59/115)  Process Registry Keys area       
    Completed 53 percent (60/115)  Process Registry Keys area       
    Completed 53 percent (61/115)  Process Registry Keys area       
    Completed 54 percent (62/115)  Process Registry Keys area       
    Completed 55 percent (63/115)  Process Registry Keys area       
    Completed 56 percent (64/115)  Process Registry Keys area       
    Completed 57 percent (65/115)  Process Registry Keys area       
    Completed 58 percent (66/115)  Process Registry Keys area       
    Completed 59 percent (67/115)  Process Registry Keys area       
    Completed 60 percent (68/115)  Process Registry Keys area       
    Completed 60 percent (69/115)  Process Registry Keys area       
    Completed 60 percent (69/115)  Process File Security area       
    Completed 61 percent (70/115)  Process File Security area       
    Completed 62 percent (71/115)  Process File Security area       
    Completed 63 percent (72/115)  Process File Security area       
    Completed 64 percent (73/115)  Process File Security area       
    Completed 65 percent (74/115)  Process File Security area       
    Completed 66 percent (75/115)  Process File Security area       
    Completed 66 percent (76/115)  Process File Security area       
    Completed 67 percent (77/115)  Process File Security area       
    Completed 68 percent (78/115)  Process File Security area       
    Completed 69 percent (79/115)  Process File Security area       
    Completed 70 percent (80/115)  Process File Security area       
    Completed 71 percent (81/115)  Process File Security area       
    Completed 71 percent (81/115)  Process Services area       
    Completed 72 percent (82/115)  Process Services area       
    Completed 73 percent (83/115)  Process Services area       
    Completed 73 percent (84/115)  Process Services area       
    Completed 74 percent (85/115)  Process Services area       
    Completed 75 percent (86/115)  Process Services area       
    Completed 76 percent (87/115)  Process Services area       
    Completed 77 percent (88/115)  Process Services area       
    Completed 78 percent (89/115)  Process Services area       
    Completed 80 percent (91/115)  Process Services area       
    Completed 84 percent (96/115)  Process Services area       
    Completed 84 percent (96/115)  Process Security Policy area       
    Completed 86 percent (99/115)  Process Security Policy area       
    Completed 90 percent (103/115)  Process Security Policy area       
    Completed 93 percent (106/115)  Process Security Policy area       
    Completed 95 percent (109/115)  Process Security Policy area       
    Completed 100 percent (114/115)  Process Security Policy area       
                                                                              
    The task has completed. Warnings occurred for some attributes during this operation. It's okay to ignore the warning.
    See log %windir%\security\logs\scesrv.log for detail info.

     

    Also the scesrv.log  from %windir%\security\logs  logged something a little disturbing

     

    ----Configure Registry Keys...
     Configure users\.default.
     Configure machine\software.
     Configure machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.
      Error setting security on machine\software\classes.
    Warning 5: Access is denied.

     

    Ive only posted some of these as the list of denied was massive.

    I ran the cmd prompt as Admin and don't see why it would be access denied. I do need help with this as i wanted to check my event logs for a reason.

     

    Any help on this issue would be much appreciated.

     

    Thursday, August 09, 2007 4:45 PM
  •  

    Also while continuing to look into this i found a post in a group where someone was talking about respective permissions on directories of log files. I found them in %windir%\system32\logfiles   - My account was in the list as special for the folder only. I was able to add my account and tick all the box's for the folders but it would not apply to all files and subfolders. I am also unable to take ownership of the folders and their contents either to place Administrator or myself as the owner. This is my home machine and my account is an administrator. Who could have permissions above me ?
    Thursday, August 09, 2007 5:10 PM
  • I have this same problem and have done a search on MS Support site.  How widespread is this issue?  The fact that it has happened to several folks and the topic does not even exist when you search MS Support is pathetic.  In fact when I drop down a list of products to narrow down my search or "Error 4201" WINDOWS VISTA IS NOT EVEN LISTED! 

     

    Can anyone provide any information at all as to the cause, and any steps toward a resolution.  Wipe and reload is not an acceptable resolution.

     

    Has anyone that experienced this problem of Event Log Service failing to start... Error 4201 WMI object bullcrap?

     

    Dominic 

     

    Thursday, August 16, 2007 9:32 AM
  •  

    I am another unfortunate with this problem (Installed twice)

     

    error 4201: The instance name passed was not recognized as valid by a WMI data provider

    Thursday, August 16, 2007 5:53 PM
  • I too am having this problem.  Am running the script from page 2 of this thread, but so far have over 1650 failures. I'm getting "RegSetKeySecurity Error : 5 Access is denied."

     

    This has happened twice on the same computer, both of which were fresh installs of Vista Ultimate. I cannot install the Vista Ultimate Extras, which is how I saw this the second time (first time it was just the Event Log, now it's both the Event Log and the Ultimate Extras.)  I'm also getting the WMI error when trying to open the Event Log.

     

    --------------

     

    Possibly found a solution.  Found a post (http://forums.pugetsystems.com/showthread.php?t=2462) that someone asked "" Well, yes, I did do that...why, I don't know. It's late. Blame it on stupidity.  Anyway, checked the LogFiles folder, and lo and behold, the logged in account was specified in the security, but had no permissions. It SAID it was inheriting it from the parent folder (System32), so I went to that folder, but it wasn't listed. So I changed the permissions on System32 and told it to replicate down to subdirs. It's still running, so I'll check it in the morning and see if it works or not. Might do another fresh install (this is a test box, which will eventually become my son's gaming machine.) Still, this looks like it might be the cause of the problem. Did anyone else experiencing this problem do a take ownership on the root?

    Friday, August 17, 2007 3:25 AM
  • In spite of my computer being seriously messed up (I think there is a sort of infinite loop in the registry), Gary Bouchard's instructions saved me from having to reinstall.

    Some issues I encountered that may help others:

    1.  MAKE SURE THAT SUBINACL IS RUN WITH ADMINISTRATOR PRIVILEGES.  In Vista, you have to use the "Run as Administrator" version of the command prompt to execute the batch file.  Otherwise, you will get Access Denied on many things.
    2.  In my case, subinacl crashed due to malformed registry entries in the Wow64 nodes (the nodes are like 12 deep, it's crazy) and worse they seem to be entries for Office 2007.  If this happens to you, after the crash, just REM out the items that already complete and the one that crashed, then run it again so it will complete.  If the script seems to be stuck for hours on end in Wow64 nodes, it is fine to break out of it and use the same procedure to run the rest of the script.  If you don't break out of it, it will eventually crash on its own due to running out of memory--it's just a matter of whether you want to wait 12 hours for that to happen.
    3.  After the reboot, my event log was working again but many other things were broken, including tcpip.sys failing to load which is a major headache.  At this point though you can use your event log to address the problems one-by-one (including the Network Lister issue that was described). 


    Friday, August 17, 2007 5:16 PM
  • Azul,

     

    I am glad you started making progress... I knew that the solution would probably not fit everyone's individual case.

     

    The point you made about running the script AS ADMINISTRATOR is an important item and I am glad you reiterated that.

     

    Perhaps that is why some of the other folks are having trouble getting it to run through...

     

    I did have to do it a couple of times because of the seeming hangup but resisted the tempation to interupt the script until I could see what problem it was running into.

     

    Hopefully Microsoft is monitoring this newsgroup, and I know that the several Microsoft Tech Support people that were helping me logged what they were finding.

     

    They did tell my that they had another case submitted to them and they were going to get a complete image of that persons drive so they could study what was happening. Hopefully they will come up with a hotfix or address it in the monthly patches.

     

    Good luck all!

    Gary.

     

    Friday, August 17, 2007 5:27 PM
  • I gave up, and did a format & reinstall. Everything is fine now, Event Log is working, all updates installed.  I realize that's not an option for everyone, but rather than dealing with the headache of trying to figure out the solution, I just killed the install and redid it. Easier for me that way.  Best of luck to everyone else.

    Friday, August 17, 2007 5:32 PM
  • I've not tried the workaround earlier in this thread because I reckoned that it was Microsoft's job to put this right, not mine. But time goes by and I still have the problem and I haven't seen anything from Microsoft on the subject. Does anybody know if Microsoft has come up with an answer to this yet?

    Mike
    Sunday, August 26, 2007 10:08 AM
  •  

    I too finally formatted and reloaded vista and hey presto it works.  Seems to be the only solution if you follow the instructions in this post to the letter and it doesn't work.

     

    The only peice off advice i would give after re-installing is to stay away from a windows update called Dreamscene, i read something somewhere about it being the reson for this issue.

     

    Sunday, August 26, 2007 4:00 PM
  • Hi guys,

              After doing many researches, I believe this problem is because we changed the permission of a folder incorrectly, the RtBackup folder which is under C:\Windows\System32\LogFiles\WMI\RtBackup .

             I solved the problem by rebooting the system-->safe mode--> go to RtBackup folder ---> reset the permission to defaut-->fixed.

     

             I hope this works for you.

    • Proposed as answer by AxelDralion Tuesday, October 27, 2009 3:51 PM
    Sunday, September 09, 2007 8:16 PM
  • That was a fantastic POST!!
    Worked for me like a charm.
    Sunday, September 16, 2007 9:01 PM
  • What do you mean by: "reset the permission to defaut"?
    Sunday, November 04, 2007 11:20 PM
  • WOW! I got to work!

     

    My RtBackup folder was unreadable. So I deleted it and rebooted. It recreated itself and all is working again.

     

    Thx all!

     

    Sunday, December 16, 2007 5:22 PM
  • Works like a charm, thank you from the bottom of my heart :-)

    But I couldn't reset/delete it even in safe mode. So I used my ERD-Commander (bootable CD with Windows XP) to delete it.

    Windows Event Log works again, and I could finally install SP1 RC.

    Btw, the other solution with the ACL-resetting encountered many problems and lasted 10h till it crashed partially and so it didn't change anything. But thanks for the suggestions anyway!
    Saturday, December 22, 2007 3:23 PM
  • Dear fellows,

     

    I've got a new laptop with Windows Vista and to get rid of the annoying security messages, I

    • disabled UAC User Account Control and
    • made my own user owner of the C-drive.

    I suspect the latter to be the culprit for not being able to view nor start the event log.

     

    When I try to view the Event Log I get this message:

    Event Log service is unavailable. Verify that the service is running.

     

    When I go to Services, select Windows Event Log and try to start this service I get

    Windows could not start the Windows event log service on Local Computer.
    Error 4201: The instance name passed was not recoganized as valid by a WMI data provider.

     

    Deleting the directory

    C:\Windows\System32\LogFiles\WMI\RtBackup

    and rebooting, as mentioned in the penultimate post, solved my problem to.

    Thanks for the good advice.

    Willem

     

    NB: In dutch...

    Gebruikersaccountbeheer
    Eigenaar van de C-drive

    Ga naar Systeembeheer, Computerbeheer
    Selecteer Systeemwerkset en Logboeken
    Event Log-service is niet beschikbaar. Verifieer dat de service is opgestart.
    Selecteer Services en toepassingen, selecteer Services, dubbelklik "Windows Event Log" en klik de knop Starten
    Kan de Windows Event Log-services op Lokale computer niet starten.
    Fout 4201: Een WMI-gegevensprovider heeft de doorgegeven exemplaarnaam niet als geldig herkend.

    Sunday, January 06, 2008 3:33 PM
  • Having same problem. This is the most useful thread I've come across in researching this issue for which I thank those who have previously posted.

    I am unable to delete the RtBackup folder or the EtwRTDiagLog.etl file contained therein.

    I don't have access to ERD Commander so I tried Knoppix 5.1.1 but that also said I was denied access when I tried to delete the file. Knoppix shows full owner/group permissions for the file so I'm assuming it's somehow corrupted and therefore won't let me delete it.

    Any other thoughts on how I might delete the RtBackup folder? I am very reluctant to reinstall Vista. (This was a clean install on a newly built PC by the way).

    Thanks.
    Tuesday, January 08, 2008 6:07 PM
  • I had the same problem (at least same symptoms) and I was able to rename the ..\RtBackup directory in safe mode.  I could not delete it, but I renamed it to ..\xRtbackup.  after a normal restart, the Event Log started just fine.

     

    now, on to the next problem that I was trying to solve when I found that the event log wasn't working.

    Saturday, January 26, 2008 11:49 PM
  • Thanks Gary,

    It solved the problem for me.

    Event Logs are back up and running.


    David

    Wednesday, February 06, 2008 11:37 PM
  •  xmasgoose wrote:

    Thanks Gary,

    It solved the problem for me.

    Event Logs are back up and running.


    David

     

    David,

     

    You're welcome... it obviously did not work for everyone, but my system has been holding steady since I got it corrected.

     

    I read and see all the hub-bub about how people are dumping Vista, but I like it... Yeah, it can be a little sluggish at times (because of all the stuff I run) but not enough to make me want to go back to XP

     

    Bring on the next one!

     

    Thursday, February 07, 2008 3:05 PM
  • Works great! Thanks I have had no evenlog for ages (real pain) and now everything works fine, no issues.

    Thanks for passing this on! Much appreciated!

    Cheers!

     

    Tuesday, February 12, 2008 4:05 AM
  • I just wanted to take a second and thank you. This solution worked fine for me.

    Brian
    Friday, February 15, 2008 9:27 PM
  •  

    Me too! Gary Bouchard, you're amazing. I was hesitant to try it after reading the posts saying that it took 6+ hours to run, but mine finished in 10 minutes. Thanks!
    Saturday, February 16, 2008 12:00 AM
  • Gary I am currently running your test here and hope to have success. I greatly appreciate your help with this issue.

    *Edit*

    It worked. Everything is back up and operational. Thank you VERY much.
    Wednesday, February 27, 2008 8:38 PM
  •  Giorgio Gamberini wrote:
    Great! It finally works!

    Just two little adjustment:

    1. when you run reset.cmd, you must run it as administrator (otherwhise it will not succed to fix all the files)

    2. the right command is:
        secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
        with /cfg parameter (not /CF)

    I had no problem with the Network List Service.

    Thank you very much!

    I a

    m sure I am having this problem since rthe Event logger doesn't wprk for me and I cannot install Vbista X64 SP1 however the reset.CMD printout doesn't worj for me, it says the command has a syntax error and I shall check /h for  syntax.

    Any help anybody please? I want to know this fixed, thanks in advance!

     ere is what I see:
    Resetting ACLs...
    (this may take several minutes to complete)

    ==========================================================================


    LookupAccountName : HKEY_LOCAL_MACHINE:administrators 1337 Die Struktur der Sich
    erheitskennung ist unzulässig.

    Current object HKEY_LOCAL_MACHINE will not be processed


    Elapsed Time: 00 00:00:00
    Done: 0, Modified 0, Failed 0, Syntax errors 1
    Last Syntax Error:WARNING : /grant=administrators=f : Error when checking argume
    nts - HKEY_LOCAL_MACHINE


    LookupAccountName : HKEY_CURRENT_USER:administrators 1337 Die Struktur der Siche
    rheitskennung ist unzulässig.

    Current object HKEY_CURRENT_USER will not be processed


    Elapsed Time: 00 00:00:00
    Done: 0, Modified 0, Failed 0, Syntax errors 1
    Last Syntax Error:WARNING : /grant=administrators=f : Error when checking argume
    nts - HKEY_CURRENT_USER


    LookupAccountName : HKEY_CLASSES_ROOT:administrators 1337 Die Struktur der Siche
    rheitskennung ist unzulässig.

    Current object HKEY_CLASSES_ROOT will not be processed


    Elapsed Time: 00 00:00:00
    Done: 0, Modified 0, Failed 0, Syntax errors 1
    Last Syntax Error:WARNING : /grant=administrators=f : Error when checking argume
    nts - HKEY_CLASSES_ROOT


    System Drive...
    WARNING : /grant : Invalid option : C:\Program Files (x86)\Windows Resource Kits
    \Tools
    Use :
    SubInacl /help to get the usage information
    or
    SubInAcl /help syntax to understand SubInAcl syntax.
    Current object C:\Program Files (x86)\Windows Resource Kits\Tools will not be pr
    ocessed


    Elapsed Time: 00 00:00:00
    Done: 0, Modified 0, Failed 0, Syntax errors 1
    Last Syntax Error:WARNING : /grant : Invalid option : C:\Program Files (x86)\Win
    dows Resource Kits\Tools


    Windows Directory...
    LookupAccountName : C:\Windows\*.*:administrators 1337 Die Struktur der Sicherhe
    itskennung ist unzulässig.

    Current object C:\Windows\*.* will not be processed


    Elapsed Time: 00 00:00:00
    Done: 0, Modified 0, Failed 0, Syntax errors 1
    Last Syntax Error:WARNING : /grant=administrators=f : Error when checking argume
    nts - C:\Windows\*.*


    ==========================================================================

    FINISHED.
    Press any key to exit . . .
     rücken Sie eine beliebige Taste .

    Wednesday, February 27, 2008 10:23 PM
  • Gary,

    Thank you very much for the detailed instruction! It fixed the Event Log Service, working of which allowed to install the SP1, installation of which allowed file copy/move/delete do seamlessly in the local network environment.

    Friday, March 14, 2008 3:04 AM
  • falkie,

     

    You are all most welcome... I just wish Microsoft would have figured this out by now and issued a fix!

     

    Since the problem was fixed I have not any further problems with it, so that seemed to do the trick.

     

    Friday, March 14, 2008 2:02 PM
  • Awesome thread!  Renaming the C:\Windows\System32\LogFiles\WMI\RtBackup   folder FIXED the problem!!

    Of course - - figuring out HOW to rename (or delete) that folder was a bit of a trick!!

    The permissions on my drives had been modified, and I could NOT revert them.  I did run the Secedit program, and tried to return all to default settings, but could NOT gain permissions to rename that folder.  So I looked around for a DOS system that would load an NTFS interface.

    The computer I've built uses RAID-1 for the "C" system drive, and RAID-5 for the 1TB data drive.  These are controlled by hardware on the motherboard, and unfortunately, the NTFS4DOS packages don't seem to allow addition of hardware drivers at boot time.

    Then I found the ERD-Commander, also referenced in this thread.  This basically loads a WinXP-like OS from a bootable CD-ROM, and permits loading of your motherboard hardware drivers via the standard system-installation "F6" trick (you have to watch for it at boot time - you have about 6 seconds to press the "F6" key - - otherwise it defaults to 'none').  Select "NONE" when it asks which OS you wish to repair.  You then have unrestricted access to EVERY folder on your drives.

    Renaming the RtBackup folder (I didn't want to delete it - - just in case), then rebooting back to Vista revealed that Windows Event Log Service was NOW RUNNING, and SP1 finally installed without a hitch.

    MICROSOFT obviously needs to patch their SP1 installation routine to regain permissions to access the RtBackup folder.

    AWESOME DUDES!!!  Great Job!!

    Now, if I can only find out why I can't open a command prompt in administrator mode - - but that's another thread 

    Merlin 

    Thursday, March 20, 2008 2:15 AM

  • Merlin,

    Have exactly the same problem as you but tried renaming rtBackup folder and could not do it with using Safe mode, turning off UAC etc.  Tried to download ERD-Commander - would appreciate knowing the site you used.  I've tried a couple - some just say MS bought this company out in 2006 whilst another allowed me to download an .rar file but you have to have password to extract it. 

    Have already wasted hours on this - am frusted with Vista!!!

    Di
    Friday, March 21, 2008 2:28 AM
  • Try this: http://ccollomb.free.fr/unlocker/

     

    It worked for me. Note that if you are using UAC, you have to set "Run as administrator" on "Compatibility" tab for file C:\Program Files\Unlocker\Unlocker.exe

     

    After installing and setting compatibility mode mentioned above, just go to C:\Windows\System32\LogFiles\WMI, right-click on "RtBackup", select "Unlocker", select "Rename" from drop-down list, type e.g. "RtBackup.bak" and click "OK" twice.

     

    I hope it would work for you.

    Friday, March 21, 2008 9:48 PM
  • Hi Some1

    Thanks for your reply.  I downloaded Unlocker and installed as per you instructions.  When I try to rename rtbackup I get the message "No locking handle found.  However Unlocker can help you deal with this Object.  Choose the action you want to perform on the Object"

    I then select Rename from the combo box and then enter the "new" name.  A message then says "The object could not be renamed, do you want to perform the requested rename operation at next boot?".  I confirm this and reboot.  After reboot I get an extra folder called rtbackup.bak but the original rtbackup is still there.  It appears to me that the unlocker program is copying the rtbackup folder to rtbackup.bak but still can't delete the original rtbackup folder

    I appreciate the time you took to reply to me - will take this matter up with MS tomorrow.  I've already wasted hours trying to fix this problem and to be honest my patience is wearing thin.

    Thanks again though for your help.

    Di
    Sunday, March 23, 2008 9:13 PM
  • Hi Some1

    Just thought I'd let you know.  After sending my earlier email had a thought that maybe the rtbackup folder had been deleted and then automatically recreated on the reboot.  I decided to apply the SP1 patch just in case. That must have been what happened as I applied the SP1 patch and it worked.  This was the 5th attempt at applying the patch so it would seem that the Event Log error certainly is the key to solving this problem.  Thanks again for your help - it WORKED!!

    Di
    Sunday, March 23, 2008 10:13 PM
  • Some1,

     

    Thanks for the tip.  I've been on the phone for at least a week with MSoft about this (not being able to install SP1) and the Event Viewer problem.  Your suggested fix worked like a charm.  I've since called MSoft back and explained in detail how to get this fixed for anyone else.  I pointed them to your post here.  They were thrilled.  Again, Thanks for help and efforts to help other less talented people. Ha ! Have a good 1.

     

    Thursday, April 03, 2008 4:32 PM
  •  trei wrote:

    Some1,

     

    Thanks for the tip.  I've been on the phone for at least a week with MSoft about this (not being able to install SP1) and the Event Viewer problem.  Your suggested fix worked like a charm.  I've since called MSoft back and explained in detail how to get this fixed for anyone else.  I pointed them to your post here.  They were thrilled.  Again, Thanks for help and efforts to help other less talented people. Ha ! Have a good 1.

     

     

    That is an unfortunate shame, because Microsoft Tech Support Engineers were in on finding the original solution...

     

    I just cannot believe that this was not documented and addressed... I told them several times while I was working with them that there were a lot of folks having the same issue.... there are probably many more folks that do not even know there is a problem, because they dont use the event logs!!!

     

    Microsoft needs to get their stuff together!

    Thursday, April 03, 2008 5:11 PM
  •  Gary Bouchard wrote:

     

     

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

     

     

     

    The process of using the Reset.cmd file does indeed work to fix problems related to the Vista SP1 installation which kills the Event Log process (and thereby EventViewer) and resulting in a 4201 error message when Event Log restart is attempted.  This was exactly the problem I had and I was able to fix it by following these instructions.

     

    Be aware though that the secedit command can mess with your other user profiles.  I lost the ability (due to the security change) to log into a standard user account immediately after running this.  In searching the internet, it appears that this command is directly related.  All of the files for the other (lost) users still exist, but the account cannot be recreated as an error message like "file names that contain */!?@ cannot be used" (I am paraphrasing the error but the suggestion is that a non-alphanumeric character is being used).

     

    Also, the subinacl.msi file will not run if UAC is on - it gives a message about installer couldn't be run due to invalid installer credentials (again paraphrased).  I thought at first this was related to the system requirements on the download site that did not list Vista.  It does run on Vista Sp1...just turn off UAC and reboot first.

     

    Lastly, I had no luck at all (even in SAFE mode) with getting permissions over the WMI\RtBackup file.  I even tried the Unlocker software.  I had full permissions over the Logfile and WMI folders, and the file itself, but could not get permissions over the System32 folder.  But the Reset.cmd method works!  Many thanks!

    Friday, April 11, 2008 10:02 PM
  •  Rick Win wrote:

    I had the same problem (at least same symptoms) and I was able to rename the ..\RtBackup directory in safe mode.  I could not delete it, but I renamed it to ..\xRtbackup.  after a normal restart, the Event Log started just fine.

     

    now, on to the next problem that I was trying to solve when I found that the event log wasn't working.



     I get a permissions denied error no matter what I do to try and set permissions and take ownership it won't allow me to rename it or delete it. HELP. I need this thing to work.
    Sad

    Edit: I figured it out. Thank you!

    Sunday, April 13, 2008 9:40 PM
  •  Some1 wrote:

    Try this: http://ccollomb.free.fr/unlocker/

     

    It worked for me. Note that if you are using UAC, you have to set "Run as administrator" on "Compatibility" tab for file C:\Program Files\Unlocker\Unlocker.exe

     

    After installing and setting compatibility mode mentioned above, just go to C:\Windows\System32\LogFiles\WMI, right-click on "RtBackup", select "Unlocker", select "Rename" from drop-down list, type e.g. "RtBackup.bak" and click "OK" twice.

     

    I hope it would work for you.



    Some1,

    Thank you so much! This worked for me! Finally! I couldn't delete the folder but it did allow me to rename it after reboot which is the option it gave me when it failed to delete it.

    I rebooted and it recreated the
    RtBackup folder.

    Now my Windows Log Viewer is working and I can install the Windows Service Pack 1! I quoted you in another forum because this seems to be an issue a lot of people are having now that it's time to install a Service Pack their either noticing that their Windows Event Log is no longer working or like me they're finally forced to do something about it. I just feel bad for the ones who don't know there is a connection.

    Thread at Re: Error Code 800706B5 on SP1 Failed Install


    Sunday, April 13, 2008 11:56 PM

  • Thank you very much!!!!

    It worked. I had problem installing Windows Vista SP1, and I was on the phone with microsoft for 3 days no one couldn't help. They're going to call me today again to try to fix my problem wich I solved last night with this fix.
    I found this page because I was trying to fix the problem I had with the event viewer. The event is now fixed and working beautifully.
    It worked beautifully I checked windows update history I saw Windows Vista SP1 "successfull" Just by following the steps you describe, you're genius.

    It works not only for the event viewer and also Vista SP1, I think even other installation related problems.

    This saved my 4 hrs I would have spent with microsoft on the phone today, now I won't pick up the phone when they will call, just carry on with my day and not having to worry about my computer.

    Thanks again!!!
    Thursday, April 17, 2008 1:33 PM
  •  cesco wrote:

    Thank you very much!!!!

    It worked. I had problem installing Windows Vista SP1, and I was on the phone with microsoft for 3 days no one couldn't help. They're going to call me today again to try to fix my problem wich I solved last night with this fix.
    I found this page because I was trying to fix the problem I had with the event viewer. The event is now fixed and working beautifully.
    It worked beautifully I checked windows update history I saw Windows Vista SP1 "successfull" Just by following the steps you describe, you're genius.

    It works not only for the event viewer and also Vista SP1, I think even other installation related problems.

    This saved my 4 hrs I would have spent with microsoft on the phone today, now I won't pick up the phone when they will call, just carry on with my day and not having to worry about my computer.

    Thanks again!!!

     

    Your Welcome... Now, when Microsoft calls you back, hammer them for not putting this info in the Tech Support database!!!

     

    It's been over a year, with many more people having this problem and I cannot believe that they havent addressed this!

     

    I'll bet there are a whole lot more folks that dont even realize that it's not working.

     

    Thursday, April 17, 2008 1:41 PM
  • And again - Thank you! 

     

    One minor (untested) suggestion.  Because "Standard Users" seeem to lose their login rights as a result of this procedure (all files remain intact, so it's not too bad), perhaps you should consider upgrading them to Administrator just prior to running this fix.  Once you are back in business, you can reset them to Standard Users.

     

    Tuesday, April 29, 2008 1:20 AM
  • I was able to resolve the 4201 error (could not start event log service) simply by reenabling UAC. This was after checking/changing all the permissions and was unable to delete that system32/logfiles file.

    Tuesday, May 06, 2008 5:22 PM
  • Gary Bouchard, I Love You!

    I have had this problem since Feb 2008 and several services would not run. I have tried just about everything and was not finding a solution until I finally received the error code  4201 so I could do a search under that instead of "event viewer ...."
    I Followed your directions and all is well. You're awesome.!!!!
    Wednesday, May 21, 2008 4:20 PM
  •  tami528 wrote:
    Gary Bouchard, I Love You!

    I have had this problem since Feb 2008 and several services would not run. I have tried just about everything and was not finding a solution until I finally received the error code  4201 so I could do a search under that instead of "event viewer ...."
    I Followed your directions and all is well. You're awesome.!!!!

     

    Tami528,

     

    I'm very glad this worked for you... as you can see, it doesn't work for everyone, but there are usually other circumstances that prevent it from working.

     

    I jumped into Vista in January '08 (when they went RTM) and found the problem right away because I use my event logs...

     

    It still irks me to no end that MS has not at least issued a patch for the problem...

     

    I directed the MS-Support engineers to this thread so they could see a lot of people are having this problem, but....

     

    Believe it or not, this has been the only issue I have had with Vista.... (knock on wood )

     

    Enjoy

     

    Wednesday, May 21, 2008 4:41 PM
  • Found the easy way to correct the log file problem and it is so simple.

    1. Reboot you machine with you Windows Vista instulation disk.

    2. Accept the default language selection

    3. On the install Vista screen select Repair Vista installation.

    4. On the repair Vista Installation selection screet select DOS prompt

    5. at the DOS prompt chanhe to you C drive.

    6. Change directory to the C:\windows\system32\logfiles\wmi\RtBackup directory

    7. Do a DEL *.* and reply "Y"

    8. Change back one directory "CD .."

    9. Do a "RD RtBackup"

    10 Exit Dos and reboot you system without you instulation disk. New RtBackup directory will then be created. No need to worry about permission with this way

     

    Saturday, May 31, 2008 8:30 PM
  • okay I haven't been able to install the SP1 update and noticed that my event viewer wasn't working either.  I did remove the files in the Rtbackup and tried event log again and it work, so I decided to try installing SP1 again and still it won't install, it reverts back.

     

    My question, if I try the other thing you suggested what profiles will I exactly lose.  For some reason I have 2 listed in profiles one that says Debbie PC/Administrater and one that says Debbie PC/Debbie.  I'm figuring this is why I can't instal SP1 all the way.  It wil let me delete or move the one that says administrater but not the other one, when I go under user profiles.

     

    Any help will be greatly appreciated.

    Monday, June 02, 2008 12:38 AM
  • 1.  Are you running in a Domain? If so you will need to logon to you system as a non Domain client with theMain administrator account.

    2.  Do you have access to System Administrator tools? If not they can be turn on through the toolbar properties/start menn/customize/System Administrator tools/Display on the ALL Programs menu and Start Menu.

    3. Is the System administrator account active Not Debbie PC/Administrater. If not you will ned to activate it.

      3a. to activate the system administrator account from the administrator tool start Local Security Policies.

      3b. In the policies window; Expand Local Policies/Security Options.

      3c. Double click on: Accounts: Administrator account status. and enable it.

      3d. Scroll all the way to the bottom of this window and Disable all User Accounts Control items listed except for the two  that begin with the word Behavior. They should be Elevate Without... and Prompt for ....

      3e. Close the policies window

    4. Start System Configuration utility from the Administrators tool menus

    in the utility disable all Startup Items. Then go to the services tab and check the Hide all Microsoft Services. then click on the disable all button. Click on the apply and then ok buttons. You will then be ask to reboot you system.

    5. Reboot the system and logon as the non domain system administrator. IE Computer name/Administrator

        example like pro300/administrator where PRO300 is the name of my computer. This will log you on to your system as a non-Domain system administrator. This may take a few munites longer to get you logon as the system need to create the administrator account.

    6. Once you are logon this way you should be able to start the Vista SP1 update and it should install fully.

    7. Before you return to normal pc activies you will need to turn back on all startup item and non microsoft services. Follow steps # 2. and # 4. In Step # 4 from the General tab just select Normal Startup. This will turn everthing back on. Click APPLY and OK and do a system reboot logoning on as you normaly do. 

     

    Monday, June 02, 2008 11:38 PM
  • I just wanted to give a HUGE thank you to Gary Bouchard - I followed his instructions and was able to get SP1 installed on Vista Ultimate x64.  I went about following Gary's instructions like this:
    1. run the reset.cmd script as Administrator
    2. kill the command window (subinacl process) running the reset.cmd script once it started reporting failures in the Wow6432Node registry node
    3. modify the first reset.cmd script registry reference to (added SYSTEM):
    subinacl /subkeyreg HKEY_LOCAL_MACHINE/SYSTEM /grant=administrators=f /grant=system=f
    4. save reset.cmd
    5. rerun reset.cmd as Administrator
    6. run this command from Gary: secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt
    7. reboot
    8. install Vista SP1 from Windows Update

    Also, I did not have to delete or rename System32\LogFiles\WMI\RtBackup to get my Windows Event Log service to run.

    Thank you again, Gary!
    Thursday, June 12, 2008 6:55 PM
  • I tried installing Vista SP1 five times.. but every time it failed. I was not sure why it was failing, untill I came across this post. Thanks a lot .... I have finally been able to install SP1.
    Wednesday, July 02, 2008 5:03 AM
  •  Gary Bouchard wrote:
     TJelly wrote:

    Hi

     

    I have this very same issue as well. The last thing i did was clean out all scheduled tasks and hidden tasks because I hate when my computer does things I don't not choose to do. Lil. let me what what you find out.

     

    J

     

    OK Ladies and Gentleman, here is what we have found;

     

    Apparently, one of the Windows updates is causing corruption of the Access Control List (ACL's) in the registry. I had entire sections of my registry nodes that lost the ACL'S.

     

    While I was researching the problem, I came across a website where someone had a similar problem with getting windows OS programs/services to run and they discovered that there was some registry corruption and missing ACL's.

     

    There are two different options that I ended up doing to get the system back in operation.

     

    It seems that running one or the other alone will not fix the problem, but doing both should get you back in service. 

    1. Make a backup of your registry (and a complete backup of the system wouldn't hurt either!)
    2. Go to Microsoft's website and download a program called subinacl.exe from this site; http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
    3. Install the subinacl.exe (it downloads as an MSI file).
    4. Copy the code below into a text file and then name the text file reset.cmd.
    5. I copied the command file to my temp folder to run, but as you can see from the cmd file, it contains the path to the executable subinacl.exe.

    @echo off

    title Resetting ACLs...

    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

    echo.

    echo Resetting ACLs...

    echo (this may take several minutes to complete)

    echo.

    echo ==========================================================================

    echo.

    echo.

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo System Drive...

    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo Windows Directory...

    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo ==========================================================================

    echo.

    echo FINISHED.

    echo.

    echo Press any key to exit . . .

    pause >NUL

     

    3. As this command file runs it will show you the status of the reset and create a log that you can go back into and inspect for problems.

    4. When this command file completes, you then need to open a command window (using Run As Administrator) and run the following command;

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

     

    These two actions combined will reset the permissions on the registry nodes back to their default settings.

     

    Reboot and check your Event Log service... at this point it should be running.

     

    After effects of this process which happened to me, were that the Network List Service would not run... I still had network and internet access, however the Network icon in the task notification area had a Red X, and mouse over displayed a tooltip that said "Server Execution Failed".  This was a result of resetting the ACL's.

     

    The Network List Service (netprofm) would not run because it did not have permission to run.

     

     In order to correct this issue, you must open the Component Services snap-in and drill down under Computers/My Computer/DCOM Config/netprofm (this is for Vista!) and right click the node, and select Properties.

     

    Click on the Security tab and make certain the correct user names are listed and that they have the appropriate permissions. I have 4 users listed with the same permissions; (your mileage may vary )

    1. Administrators - Perms; Local Launch, Local activation
    2. Interactive
    3. Local Service
    4. System

    Next, go to the Identity tab and ensure that The System account (services only) is the item that is checked. Make sure the changes you make get applied.

     

    Restart your computer so the ACL's are refreshed.

     

    Once you come back up from the reboot, things should be pretty much back to normal.

     

    You may find a stray program here and there that may need to have it's permissions reset, but you should be operational.

     

    I directed the Microsoft engineers to this forum (and Goggle search it) so they can see this is getting to be an issue for a lot of people. They in fact have a brand new case (same problem) that was just escalated to them and they are going to take an Image of that persons system first thing so they can determine what is causing this, and if necessary put out a hotfix or service pack to correct it.

     

    In the meantime, if you run into anyone else going through this problem, at least there was one solution that worked for me...

     

    I cannot guarantee that this will work for everyone and the issue may effect each machine differently, so just be aware that this is not the blue pill!

     

    I think that because the Registry database is so critical to the operation of Windows, Microsoft engineers should have some sort of utility that can repair and/or reset the registry and file permissions easily should something happen...

     

    I personally believe that this should be part of the base operating system and we should not have to shell out extra bucks to third party vendors for these type of utilities, particularly if the registry is prone to corruption either by Microsoft's own hands or by a third party application.

     

    I am not knocking third party programmers as I am one myself, I am just saying that this is Microsoft's OS and they should provide these easily accessible tools to keep us running!

     

    Good Luck!

     



    Thanks Gary..Worked wonders for me & i was even able to install SP1 wchich was bugging me since two days
    Thursday, July 03, 2008 3:43 PM
  •  

    Ditto from me, Gary. I had no idea I had this problem until today when, of course, I was in a crunch to figure it out. I followed your instructions and was back in business within 20 minutes. THANK YOU!!!!!!!

     

    Laura

     

    Monday, July 14, 2008 8:01 PM
  • Hi Everyone

     

    It has taken me almost 3 months to sort out why my Live Messenger Shared Folders would not work on my HP Compaq 6820s laptop but since finding this site - I have solved it in one morning !!  It also looks as if I will now be able to install SP1 (Vista) but I have not tried yet.

     

    I could not delete the rtbackup folder however much I tried because it kept saying Access is Denied so I downloaded the program Unlocker found at http://ccollomb.free.fr/unlocker/ and whilst it could not delete the folder whilst in Windows, it gave me the option for the program to delete the folder when next doing a re-start - and that is exactly what it did!

     

    All I can say to anyone is - Don't give up hope !! and keep trying because when I investigated asking Microsoft for help, I found out that I would be charged £40 - £50 for the privelege of asking them a question ?? !!! 

     

    I am just hoping now that after 8 attempts to install SP1 that I will be able to do it. As a by the by - all HP could do to help with these problems is to tell me to re-install Vista which would of course completely clean my programs and everything else - thank you HP and Microsoft for being so helpful - NOT

     

    Will keep you all posted

     

    Cheers to everyone who has posted on this issue - very much appreciated and you have saved my sanity !

     

    Liana

    Monday, July 21, 2008 2:54 PM
  •  

    Laura,

     

    I am really glad it worked out for you... as you can see from the entries on this thread, the problem still effects a lot of people, yet Microsoft still has no clue!

     

    I am definately noticing the pattern... most folks do not have the exact same issue I had but apparently the resolution corrects a whole host of problems folks are running into.

     

    Monday, July 21, 2008 3:09 PM
  • You can try to open a command window (using Run As Administrator) and run the following command:

    icacls C:\Windows\System32\winevt /grant *S-1-5-80-880578595-1860270145-4826
    43319-2788375705-1540778122:F /T
     

     

    Or you would check whether the WMI Repository corrupt:

    net start winmgmt

    run %windir%\system32\wbem\Wbemtest.exe

    and connect the root\cimv2 (or Root\Default)

    If conk out, perhaps should rebuild the WMI Repository:

    net stop winmgmt

    cd /d %windir%\system32\wbem
    ren Repository Rep_bak

    restart your computer.

     

    good luck.

     

    Monday, July 21, 2008 3:24 PM
  • If you want to delete the C:\Windows\System32\LogFiles\WMI\RtBackup folder, you should restart with safe mode with command prompt, as following steps:

     

    Please validate your  superuser account (default name "Administrator") is enabled.

     

    restart, hit F8 key, and the choose menu showing:

    Choose Advanced Options for: Microsoft Windows Vista

     

    Please select the third - "Safe Mode with Command Prompt", press ENTER key.

     

    Login with Administrator. (or you had already renamed the superuser's name, pls login in your superuser.)

     

    In the command window, run the following command:


     

    icacls C:\Windows\System32\LogFiles\WMI\RtBackup /grant Administrator:F /T

    (or you had already renamed the superuser's name, pls replace the Administrator with your superuser's name.

    also replace the Administrator with the Administrators, Administrators is a user group, include superuser.

    if you installed the Vista in other driver, pls replace the C: with your system driver sign)

     

    rd /s C:\Windows\System32\LogFiles\WMI\RtBackup

    Affirm pls enter y (yes).

    In this manner, you would delete the C:\Windows\System32\LogFiles\WMI\RtBackup folder.

    then restart your computer.

     

    Wish you luck!

    Monday, July 21, 2008 5:10 PM
  • Hi Gary

     

    What I did not make clear in my post ( I am new at this ) is that I had the Error 4201 and was unable to start the Event Service.

     

    I did not realise that this was affecting the SP1 installation until today and I only searched on the '4201' error because I noticed that the Messenger USN Journal depended on the Event Service so I gave up on trying to fix the Sharing Folders and concentrated on the Event 4201 error.

     

    (not being picky, but my name is Liana  not Laura - and as you can see, I am a little cheeky !!)

     

    Thanks once again and tomorrow morning I am going to try and install SP1 - for the 8th time !!   Wish me luck

     

    Liana

     

     

     

    Monday, July 21, 2008 9:37 PM
  •  Lazymare wrote:

    Hi Gary

     

    What I did not make clear in my post ( I am new at this ) is that I had the Error 4201 and was unable to start the Event Service.

     

    I did not realise that this was affecting the SP1 installation until today and I only searched on the '4201' error because I noticed that the Messenger USN Journal depended on the Event Service so I gave up on trying to fix the Sharing Folders and concentrated on the Event 4201 error.

     

    (not being picky, but my name is Liana  not Laura - and as you can see, I am a little cheeky !!)

     

    Thanks once again and tomorrow morning I am going to try and install SP1 - for the 8th time !!   Wish me luck

     

    Liana

     

     

     

     

    Liana,

     

    I apologize for the confusion, however I was replying to Laura's message to me that was a few entries above yours.

     

    I was trying to figure out some other problem when I learned that my event viewer service was not working, and that is what opened the can of worrns in the first place. I would not have even known there was a problem until I came across it looking for something else.

     

    Keep your fingers crossed! I heard from someone else that was trying to do the same thing (install SP1) and this apparently fixed it.

     

    Monday, July 21, 2008 10:08 PM
  • Hi Gary and All

     

    Eureka !!!

     

    SP 1 has finally installed

     

    Thanks to Gary and everyone

     

    Have a couple of other problems I need to investigate but thats another story

     

    Thanks again

     

    Liana x

     

    (PS Gary - sorry I didn't check the other posts re the name confusion - my fault    )

    Wednesday, July 23, 2008 7:38 AM
  • Thanks Gary!

    Your post on page 2 helped me to resolve the "event log" issue and finally install SP1 for my Vista Home Premium!

    But everybody should remember to run reset.cmd also as Administrator (i.e. right click the reset.cmd file and choose run as administrator), if UAC (user account control ) is enabled. Only then it'll work as it supposed to.

    I didn't have to do any of DCOM config. The only issue that I had was that I had to reinstall the sound drivers, but that just nothing comparing to the SP1 installation.



    Thanks again

    Tuesday, August 12, 2008 3:53 AM
  • thanks to all of you, you are great!!!!!
     
    after 2 months of desperate attempts......reading this 3D i fixed the problem event log error 4201, now Windows Event Log works again, and I could finally install SP1
     
    I was unable to delete the RtBackup folder from Vista, and i have not access to ERD Commander. for people in the same condition i can suggest
     
     
     
    1-Boot your PC, press F8 and select "startup mode with Command Prompt
       2-in DOS rename the Folder RtBackup (i was no able to delete it)
       3-reboot
     
    and everything magically works!!!!
     
    thanks you again
     

    Tuesday, August 26, 2008 8:52 AM
  • Gary,

     

    I have been experiencing this issue since March of this year. This appears to be the first thread that has real help available!

     

    I went through two weeks of throwing every quick fix at my notebook that the "special" Microsoft Vista SP1 Support Team asked me to do. Never did they suggest anything like this. Also, when I told thenm about the Event Log problems occurring at the same time as SP1 failing to install, they insisted that the two problems were definitely NOT related. ("They" being the support tech, Deland, and the supervisor that he supposedly was working with).

     

    I am on my desktop currently but I'll give this a try tomorrow on my notebook and post back my results.

     

    Thanks again!

     

    Jim

    Thursday, August 28, 2008 2:30 AM
  • Jim,

     

    You know... it's unfortunate that Microsoft has turned into a giant bureaucracy!

     

    As you can see from the 7 pages of this thread (so far), there are a lot of people having this problem and I am sure there are many more that don't even realize they are having the problem!!!

     

    I am starting to wonder if some corporations that decided to kick Vista to the curb ran into this difficulty and thought the OS was too unstable to use.

     

    I do have to say that once I got this problem figured out, I have not had any problems with the OS since, and I use my machine for VB6 software development.... if anything would make a system come apart it would be that!!!

     

    Anyway, the best of luck to all of you that found this thread, and I suggest following the direction of the good people that contributed to this fix.

     

    Gary.

     

    Thursday, August 28, 2008 1:44 PM
  • llevo aproximadamente 2 meses revisando distintos foros y no hay solucion al problema de este error, entre algunas soluciones se ha dicho que se debe borrar carpeta "\system32\logfiles\wmi" pero esa carpeta no se puede borrar, ni renombrar, ni cambiar de propietario. Mas aún el archivo que hay en su interior *.etl, que es al parecer quien tiene el problema, no tiene propietario. Creo que hay un problema

     

    Monday, September 01, 2008 2:37 AM
  • Gary,

    Sorry for not checking back in sooner. Your fix did get me going again. Amazing detective work, sir. I thank you! I agree that Vista seems to work fine once this was fixed - thanks to you, not MS. Pretty shameful of them to ignore this. After all I spent a week and a half corresponding with a support tech from their Vista SP1 Special Support Group and got no good help at all. I mean, he did have me try a lot of standard things: sfc, running the Vista SP1 Compatibility program, etc. But he was completely clueless as to the cause of this, and he assured me that the Event Log errors and the inability to install SP1 were not related.

    The six months and many, many hours I have spent trying to solve this issue, along with the absolutely horrendous shape of the hardware drivers that my Vista notebook shipped with, have really soured the entire Vista experience for me. As I said, it seems to be running great now - very fast - but I have spent much more time messing with these problems than I have with any previous Windows installation - and I was around for the initial Windows launch - the horrible one prior to what most people think of as the "original" 3.1. Six months playing with this issue - with Microsoft's "help" - is a disgrace, IMO.

    Again, I really thank you for this solution. Without it I was going to dump the notebook and was considering a Mac instead. Actually I am still considering getting a Mac next! I haven't used one since I had an original Lisa and the first Mac that followed, but I am getting weary of this kind of problem - I've seen way too many. Especially finding out that even Windows 7 will still not be the "Longhorn" experience we were promised, but basically an upgrade of Vista. If I am not pleased with my near-future experiments with Ubuntu, I am pretty sure I will be looking to Steve Jobs again.

    Jim

    PS - Can anyone explain to me why after submitting a post I am thrown back to Page 1 of this thread? With no button to take me to the last page of the thread like even old versions of most forum software does? MS never ceases to disappoint me...
    Monday, September 08, 2008 8:20 AM
  • Jim,

     

    I feel you're pain, but be careful what you wish for...

     

    Steve Jobs makes it sound like MAC users are always at Disney World, but if you look at the newsgroups, MAC users and particually the OS is not much different than Windows, and with similar problems.

     

    In other words, there all about equal, just different issues.

     

    I'm glad you got it working. Hopefully folks will find this thread if they search the right keywords... It comes up in Google at least.

     

    Peace,

    Gary

     

    Monday, September 08, 2008 2:35 PM
  • Hi Gary,

    I am aware of the issues with Apple computers, but I don't want to get into a Windows vs. Mac discussion here. Suffice it to say that friends and relatives of mine using Mac's are never tikkering, hacking, and fixing their OS nearly as much as I am. And they seem very happy about that!

    Thanks!

    Jim
    Monday, September 08, 2008 3:11 PM
  • Wow What a workaround. Wel done.

    However, I am unable to do this for some reason. I would be really, really, grateful if someone could help me.

    I reinstalled last week due to the same errors.  It also stopped my schedular from working correctly (backups too) aswell as event viewer.

    Please help.

    I have copied the txt's above as a txt file, into the dir C:win:temp. (as you have done)

    However even though I am using run as Admin, it says file not found. (what have I done wrong? )


    I typed: cd\ windows.

    C: dir>temp>reset.cmd.

    Nothing...

    I'm not sure if I am doing this correctly at all.

    Could someone please put me in the right direction?

    I have tried and tried, but I'm getting nowhere.

    I certainly don't want to have to format again.

    Thanks very much in advance for any help you can give me.



    Tuesday, September 30, 2008 11:45 AM
  • EDIT:

    I have managed to run the command but have the following error txt output:
    -------------------------------------------
    30 September 2008 14:38:58
    ----Configuration engine was initialized successfully.----

    ----Reading Configuration Template info...


    ----Configure User Rights...
            SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
            SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
        Configure S-1-5-19.
        Configure S-1-5-20.
        Configure S-1-5-32-544.
        Configure S-1-5-32-551.
        Configure S-1-5-32-559.
        Configure S-1-5-32-545.
        Configure S-1-1-0.
        Configure S-1-5-6.
        Configure S-1-5-21-4223068241-1154151717-3306758368-501.
        Configure S-1-5-32-555.

        User Rights configuration was completed successfully.


    ----Configure Group Membership...
        Configure Users.

        Group Membership configuration was completed successfully.


    ----Configure Registry Keys...
        Configure users\.default.
        Configure machine\software.
    Warning 1336: The access control list (ACL) structure is invalid.
         Error setting security on machine\software\Audible.

        Configuration of Registry Keys was completed with one or more errors.


    ----Configure File Security...
        Configure c:\program files\common files\speechengines\microsoft\tts.
    Warning 2: The system cannot find the file specified.
         Error setting security on c:\program files\common files\speechengines\microsoft\tts.
        Configure c:\programdata\microsoft\windows\drm.
        Configure c:\programdata\microsoft\windows\drm\cache.
        Configure c:\windows\repair\default.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\default.
        Configure c:\windows\repair\ntuser.dat.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\ntuser.dat.
        Configure c:\windows\repair\sam.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\sam.
        Configure c:\windows\repair\security.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\security.
        Configure c:\windows\repair\software.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\software.
        Configure c:\windows\repair\system.
    Warning 3: The system cannot find the path specified.
         Error setting security on c:\windows\repair\system.
        Configure c:\windows\system32\wbem\mof.
        Configure c:\windows\system32\windows media.
    Warning 2: The system cannot find the file specified.
         Error setting security on c:\windows\system32\windows media.

        File Security configuration was completed successfully.


    ----Configure General Service Settings...
        Configure sysmonlog.
    Error 1060: The specified service does not exist as an installed service.
         Error opening sysmonlog.
        Configure SamSs.
        Configure ntmssvc.
    Error 1060: The specified service does not exist as an installed service.
         Error opening ntmssvc.
        Configure netddedsdm.
    Error 1060: The specified service does not exist as an installed service.
         Error opening netddedsdm.
        Configure netdde.
    Error 1060: The specified service does not exist as an installed service.
         Error opening netdde.
        Configure dmserver.
    Error 1060: The specified service does not exist as an installed service.
         Error opening dmserver.
        Configure clipsrv.
    Error 1060: The specified service does not exist as an installed service.
         Error opening clipsrv.
        Configure Browser.

        General Service configuration was completed successfully.


    ----Configure available attachment engines...

        Configuration of attachment engines was completed successfully.


    ----Configure Security Policy...
        Configure password information.
        Administrator account is disabled.
        Guest account is disabled.

        System Access configuration was completed successfully.
        LSA anonymous lookup names setting : existing SD = DSadD;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17).
        Configure LSA anonymous lookup setting.
        Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
        Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
        Configure machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
        Configure machine\software\microsoft\windows nt\currentversion\winlogon\forceunlocklogon.
        Configure machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
        Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
        Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
        Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
        Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
        Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
        Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
        Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
        Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
        Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
        Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
        Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
        Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
        Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
        Configure machine\system\currentcontrolset\control\lsa\forceguest.
        Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
        Configure machine\system\currentcontrolset\control\lsa\limitblankpassworduse.
        Configure machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
        Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminclientsec.
        Configure machine\system\currentcontrolset\control\lsa\msv1_0\ntlmminserversec.
        Configure machine\system\currentcontrolset\control\lsa\nolmhash.
        Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
        Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
        Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
        Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
        Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
        Configure machine\system\currentcontrolset\control\session manager\protectionmode.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionpipes.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
        Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
        Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
        Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
        Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
        Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\maximumpasswordage.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
        Configure machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

        Configuration of Registry Values was completed successfully.
        Configure log settings.

        Audit/Log configuration was completed successfully.


    ----Configure available attachment engines...

        Configuration of attachment engines was completed successfully.


    ----Un-initialize configuration engine...


    Does anybody know what I can do?

    Can anyone help?

    Kind Regards



    Tuesday, September 30, 2008 1:31 PM
  • muchas gracias, problema solucionado

     

    Tuesday, September 30, 2008 9:13 PM
  • Hi Thanks for that, I applied all the steps but still no event viewer working. The WMI is also not running in task manager amongst other things. MY PC reboots fine and everything else seems to be working OK apart from the Windows programs Event Viewer, Reliability and Performance monitor and Generate a System Health Report.. Disk Defrag is fine.. I am now going to try System Restore back to when I know my system was healthy. If that does not work then I will try to restore from my backup.. if that does not work I will go back to putting XP Pro back on my new Laptop as I really can't be arsed trying to sort MS windows Vista problems.. will wait about 1 year and then try again..

     

    Sunday, October 12, 2008 2:10 AM
  • Hey SOMEONE1

     

    Your suggestion has worked for me.. after I rebooted my system.. Event Viewer is now working... and all my other parts of my OS.

     

    So to anyone out there who needs to change the access permissions and rename or delete windows system folders just download unlocker. forget all the other suggestions regarding ERD COMMANDER (its an XP only app), UAC, rename in SAFE Mode... etc etc They did not work for me. Access Permissions always prevented me from doing anything to the RTBackup folder or any file within it.

     

    I also ran the script posted on page 1 but still did not work.. So I was about to give up..

     

    The lesson I have learnt from all this is probably to start at the end of the forum posts and work your way back.. Microsoft you have wasted hours of our time on this problem and I have only just purchased my new laptop Oct 2008 and the problem in Vista is still there.. The source of the grief for me began when I played with UAC control and/or reset permissions on my C: root directory after using Vista's file transfer feature to port my files from my old Laptop.

     

    Now who was it who said never bother to upgrade any MS O/S because it will always cause you problems. Always best to start with a clean install and I suggest don't consider using File Transfer in Vista to pull files out from XP. If you look at what Vista does it creates a mesh of old XP programs (which I have not yet installed on the new machine) and the new vista programs in one program directory..Yuk the same applies to data files. You will then spend hours of time working out what access permissions you should or should not change.in order to erase files you don't want. it actually brought across the Admin account permissions from my old laptop. Maybe I am missing the point here but if your going to pull files across to a new PC, better to inherit the admin rights of the new PC.. will save quite a bit of agro. Having said all that I commend MS for making Vista very secure against being able to easily delete system files.. and UAC is obviously included to prevent dumb asses from destroying their O/S.. My only other problem I need to resolve is getting IE  history to work.. which is where I was 3 days ago before all this blew up in my face..

     

    Have checked my Event Viewer log.. it has obviously been busy tracking all the problems I have experienced

    Log Name:      Microsoft-Windows-Diagnostics-Performance/Operational
    Source:        Microsoft-Windows-Diagnostics-Performance
    Date:          27/09/2008 10:31:39 p.m.
    Event ID:      100
    Task Category: Boot Performance Monitoring
    Level:         Critical
    Keywords:      Event Log
    User:          LOCAL SERVICE
    Computer:      scooby-PC
    Description:
    Windows has started up:
         Boot Duration  : 226042ms
         IsDegradation  : true
         Incident Time (UTC) : 27/09/2008 10:27:21 a.m.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Diagnostics-Performance" Guid="{cfc18ec0-96b1-4eba-961b-622caee05b0a}" />
        <EventID>100</EventID>
        <Version>1</Version>
        <Level>1</Level>
        <Task>4002</Task>
        <Opcode>34</Opcode>
        <Keywords>0x8000000000010000</Keywords>
        <TimeCreated SystemTime="2008-09-27T10:31:39.898Z" />
        <EventRecordID>70</EventRecordID>
        <Correlation ActivityID="{00000000-B6C8-0000-8B23-2CA08B20C901}" />
        <Execution ProcessID="2036" ThreadID="1892" />
        <Channel>Microsoft-Windows-Diagnostics-Performance/Operational</Channel>
        <Computer>scooby-PC</Computer>
        <Security UserID="S-1-5-19" />
      </System>
      <EventData>
        <Data Name="BootTsVersion">2</Data>
        <Data Name="BootStartTime">2008-09-27T10:27:21.656Z</Data>
        <Data Name="BootEndTime">2008-09-27T10:31:35.795Z</Data>
        <Data Name="SystemBootInstance">21</Data>
        <Data Name="UserBootInstance">3</Data>
        <Data Name="BootTime">226042</Data>
        <Data Name="MainPathBootTime">168742</Data>
        <Data Name="BootKernelInitTime">20</Data>
        <Data Name="BootDriverInitTime">14969</Data>
        <Data Name="BootDevicesInitTime">7406</Data>
        <Data Name="BootPrefetchInitTime">32479</Data>
        <Data Name="BootPrefetchBytes">192364544</Data>
        <Data Name="BootAutoChkTime">0</Data>
        <Data Name="BootSmssInitTime">20441</Data>
        <Data Name="BootCriticalServicesInitTime">5371</Data>
        <Data Name="BootUserProfileProcessingTime">906</Data>
        <Data Name="BootMachineProfileProcessingTime">10</Data>
        <Data Name="BootExplorerInitTime">10854</Data>
        <Data Name="BootNumStartupApps">18</Data>
        <Data Name="BootPostBootTime">57300</Data>
        <Data Name="BootIsRebootAfterInstall">false</Data>
        <Data Name="BootRootCauseStepImprovementBits">8</Data>
        <Data Name="BootRootCauseGradualImprovementBits">0</Data>
        <Data Name="BootRootCauseStepDegradationBits">13632000</Data>
        <Data Name="BootRootCauseGradualDegradationBits">13632000</Data>
        <Data Name="BootIsDegradation">true</Data>
        <Data Name="BootIsStepDegradation">true</Data>
        <Data Name="BootIsGradualDegradation">true</Data>
        <Data Name="BootImprovementDelta">0</Data>
        <Data Name="BootDegradationDelta">42060</Data>
        <Data Name="BootIsRootCauseIdentified">true</Data>
      </EventData>
    </Event>

     

    Anybody fancy making sense of all the above...

    Sunday, October 12, 2008 11:52 AM
  • Thanks, I couldn't be bothered to try out the suggestions on the first page, so I came to the fifth page (just luck). I saw your simple method and gave it a go. SP1 installed! And event log works! You are awesome! I must say though, sitting and waiting for SP1 to install and then wait in despair while it uninstalled after is just plain boring.
    Also, every program that is useful is some way gets to stay on my system, and Unlocker is staying!
    Thanks again for the useful help (and simple/non-boring/quick)
    Friday, October 24, 2008 7:05 PM
  • I had this very same issue. Could not open event viewer nor instal sp1. I had run an ownership command accidently on the entire windows directory. I could not delete or fix it with any of the directions here, though Im sure they work I simply do not have enough patience to do them right. I did however figure something out that did work. Went into RTBackup/Properties/Security. Sure enough SYSTEM was not in the Group or users name. I clicked edit then click add and wrote in SYSTEM gave it full control and rebooted. Everything works and SP1 installed without a hitch.
      Without this thread I never would have found the right file. Thanks!
    • Proposed as answer by Miss.Ruth Wednesday, June 08, 2011 12:45 AM
    Friday, November 21, 2008 11:12 PM
  • I couldn’t get Windows Vista Service Pack 1 to instal on my computer. The service pack would install through the 3 steps, but it would fail at the last minute and revert. I was getting the Event Log error 4201, which means that it can’t start the Event Log. I used the solution above by doing these steps:

    1. Navigate to C:\Windows\System32\LogFiles\WMI\RtBackup 
    2. Right-click on RtBackup and select Properties > Security 
    3. In the list of “Group or user names” is “SYSTEM” listed? 
    4. If not, click Edit > Add . . . and type in “SYSTEM” in the dialog box and click OK. 
    5. Restart your computer and try installing Windows Vista Service Pack 1 again.

    This worked for me. I bloged about it (http://www.bloomingthorn.com/pages/read/instal-error-with-windows-vista-service-pack-1/)

    • Proposed as answer by TonysBodywork Thursday, March 01, 2012 1:51 AM
    Monday, November 24, 2008 6:28 PM
  •  Some1 wrote:

    Try this: http://ccollomb.free.fr/unlocker/

     

    It worked for me. Note that if you are using UAC, you have to set "Run as administrator" on "Compatibility" tab for file C:\Program Files\Unlocker\Unlocker.exe

     

    After installing and setting compatibility mode mentioned above, just go to C:\Windows\System32\LogFiles\WMI, right-click on "RtBackup", select "Unlocker", select "Rename" from drop-down list, type e.g. "RtBackup.bak" and click "OK" twice.

     

    I hope it would work for you.



    Use Unlocker to rename the RtBackup folder to RtBackup.bak. It will ask for a restart, and after that there should be two things in the WMI folder, RtBackup (folder) and RtBackup.bak. The Vista SP1 installation should work now.
    It just shows how useful trailing through old posts is...
    Monday, November 24, 2008 7:12 PM
  • This forum has offered exceptionally useful information.  I wound up here when i was trouble shooting a Sierra Wireless air card that had recently been working properly on Vista Home Prem - which did have SP1.  Someone rebuilt the machine and then the card would not work at all; not in the Watcher software and nor could I set up DUN. Interestingly, even though the air card modem and the internal fax modem showed up in Device Man as functioning properly, when i tried to set up DUN in Vista, it did not find any modems.  I went to Event Viewer and discovered that i could not start the service - and thus noticed the 4201 error message.  After trying a few other the other suggestions in this thread i downloaded Mr. Collomb's Unlocker and followed the instructions above.  It worked perfectly.  Upon reboot, Event Viewer was back in action and the air card worked immediately; both in DUN and in the Watcher software. Thanks to all - especially Mr. C. 

     

    Cary M

    Monday, December 08, 2008 4:58 AM
  • thanks, gary. i had the same sp1 install as everyone else. i searched for days for an answer. finally found this linked in another site forum. sp1 installed with no problems after following your instructions. microsoft had nothing i could find on their site. apparently they don't think it's worth the time. my computer is now running well and none of the glitches left after it reverted from the many attempts to install.
    Monday, May 25, 2009 5:02 AM
  •  

     

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    Marvelles !

    Small point to be added: If the user's system is run in an other langueage than english, s/he  should run a "search and replace" where "administrators" is replaced by native term, e.g. German: administratoren or Danish: administratorer .

    Otherwhise the script won't run.

    As soon as I figures that one out, this worked as a charm. I'll buy you a pint, if you get to Copenhagen :-)
    Thursday, June 11, 2009 1:34 PM
  • I researched several forums and none of the suggestions worked.  So I compared the folder permissions to c:\windows\system32\logfiles\wmi\RTbackup to a working machine.  Navigate to RTbackup properties and check security settings.  It requires SYSTEM - full control.  I added this permission and rebooted PC to fix the issue.  I can now access my event viewer.

    Tuesday, June 30, 2009 3:33 PM
  • I was getting a similar error when trying to view system log in windows vista. It wasn't logging anything for system. Was telling me to check to make sure event service was running. I checked and it was "windows event service". Went back to event viewer and cleared log, viola, it started logging events. Strange........
    Thursday, September 17, 2009 2:03 AM
  • We have experienced the same issue on a fresh Windows 7 Enterprise installation too. For us, deleting the folder actually didn't work.
    Tuesday, October 20, 2009 12:36 PM
  • I researched several forums and none of the suggestions worked.  So I compared the folder permissions to c:\windows\system32\logfiles\wmi\RTbackup to a working machine.  Navigate to RTbackup properties and check security settings.  It requires SYSTEM - full control.  I added this permission and rebooted PC to fix the issue.  I can now access my event viewer.


    Worked like a charm for me in Windows 7, I had the same issue on two PC's, seems that taking ownership of said folder messed up the permissions, so manually re adding system with full permissions worked for me.

    Great work seubanks!
    Sunday, October 25, 2009 1:59 AM


  • Worked for me on Windows 7 Pro. I had the same situation where I needed to take ownership of some directories and subs., and then lost the event veiwer. Just find that file and give System full control and reboot. Worked like a charm. I could not find this anywhere else on the net and was ready to re-install.

    Thanks to seubanks---great job!!

    Can anyone tell me what the problem is here, and why this works?

    Harry.
    Tuesday, October 27, 2009 12:48 AM
  • I also had taken ownership of Windows and have run into a handful of problems.  My Event Viewer symptom was only prohibiting the Security logs.  But the fix for rtbackup as SYSTEM  control fixed things up! Yea!  

    One problem down... at least 3 or 4 to go.  sad and happy...

    [win 7 ultimate not upgrade...brand new]
     
    too bad windows can't let user know in an alert style that a critical service is not running. That would be a start to solving this fluky symptoms.    I suppose that's not so easy a task tho. 

    Sunday, November 22, 2009 5:42 AM
  • Hi all,

    I have been using Windows 7 Professional for one month and

    Deleting the directory

    C:\Windows\System32\LogFiles\WMI\RtBackup

    and rebooting, as mentioned some of the above posts, solved my problem too. Many thanks for this good and valuable advice. 

    I have recognized the problem while checking the backup of SQL 2008 databases. I saw that recent backup was made 2 days ago although it should be done everyday.
    First of all, I went to check SQL Server Agent Service and it was stopped. I tried to start more than 3 times but it was not starting. I decided to check Event Logs after unsuccessful attempts.

    Ooops!.. I have  got the same issue at that time. Some other services including SQL Server Agent also that depend on Windows Event Log were stopped at that time...

    Thanks again...

    Monday, November 23, 2009 8:51 PM
  • thanks all, solved my problems on Windows 7. prior to a reboot i just did a Take Ownership of my whole system32 folder using the right-click context menu shortcut that this .reg key adds http://www.howtogeek.com/downloads/TakeOwnership.zip, pretty handy shortcut!
    Wednesday, December 09, 2009 11:30 AM
  • Just wanted to add another confirmation of the simple Unlocker rename-on-reboot fix. Nailed it on a Vista Home Premium system I was tuning up today. Event viewer running again. Thanks to everyone who's contributed to this thread.
    Tuesday, January 19, 2010 4:41 AM
  • All I got to say is that "YOU DE MAN"... worked great... thanks for the post
    Monday, January 25, 2010 7:02 PM
  • thanks all, solved my problems on Windows 7. prior to a reboot i just did a Take Ownership of my whole system32 folder using the right-click context menu shortcut that this .reg key adds http://www.howtogeek.com/downloads/TakeOwnership.zip, pretty handy shortcut!
    This has worked for Me. I recommend this Action to all who have this problem.
    Monday, February 01, 2010 1:33 AM
  •  to whomever is was that first suggested deleting the backup folder for wmi. (new to "forums".....and find exactly which one to reply to a bit foncusing, lol ).........ty, ty ,ty.........a thousand times ty !..........ding dong the wicked bit#h is dead !...........i now have my event viewer back (and being a very suspicious and snoopy windows user, lol, it was driving me nuts not having it )........may all your days be good ones ;-)
    Wednesday, February 03, 2010 4:39 PM
  • Thanks for the help -- this worked great on Windows 7.
    Thursday, February 11, 2010 10:13 PM
  • Guys this is awesome!!!! Thank you so much for sharing this! I was really desperate and this solved ALL my PROBLEMS! unbelivable!

    Ok this is in short what I was dealing with:

    1. I am runing windows 7 Ultimate x64
    2. problems started when I wanted to use my vodafone broadband wireless usb to connect to Interent for the first time -> failed to connect despite new VMC application version :/
    3. I found out that my services RasMan (Remote Access Connection Manager) and RasAuto (Remote Access Auto Connection Manager) were not running, and could not be started for some reason...
    4. I realized that above mentioned services could not be started due to dependencies with SSTP (Secure Socket Tunneling Protocol Service) which wasn't running as well..
    5. Then I realized that Eventlog is not running as well which brought me to this forum...and somehow I suspected that all these troubles where connected with Eventlog service..
    6. Finally I put SYSTEM with full control on c:\windows\system32\logfiles\wmi\RTbackup folder as instructed and this SOLVED MY headache! Everything works perfectly now :)

    Microsoft should issue patch ASAP... this is a really huge issue! I have lost 2 working days on this cra*p...

    Cheers!












    • Proposed as answer by rrdor Monday, April 12, 2010 11:39 AM
    Wednesday, February 24, 2010 3:56 AM
  • Thank You!
    Tuesday, March 02, 2010 6:09 AM
  • Thanks, i had the same problems as Tony_Croatie. I installed my wireless usb stick and i got errors. After that i could n't connect with my wired internet to my vpn ... --> cause RAS was not started. Ras couldn't start because event service was down. Event service could't start because system doesn't have full access to RTBACKUP directory.

    Solution --> grant user SYSTEM with FULL ACCESS to RTBACKUP directory. After that reboot system.
    Friday, April 02, 2010 11:01 AM
  • Thanks, i had the same problems as Tony_Croatie. I installed my wireless usb stick and i got errors. After that i could n't connect with my wired internet to my vpn ... --> cause RAS was not started. Ras couldn't start because event service was down. Event service could't start because system doesn't have full access to RTBACKUP directory.

    Solution --> grant user SYSTEM with FULL ACCESS to RTBACKUP directory. After that reboot system.
    Friday, April 02, 2010 11:01 AM
  • Had the same issue. followed [Tony_croatia] instructions and after restarting my Lap everything was fine. one of many problems i had\have with Win7.

    Thank you Tony.

    Monday, April 12, 2010 11:43 AM
  • Thank you everyone who contributed to this solution. I'm on Win 7 Ultimate and had a whole heap of problems as of a couple of days back when I got a particularly nasty virus out of nowhere. spent a day clearing that up, and then this problem when I tried to look at the logs to find out why an App Pool on IIS kept shutting down.

    All sorted now after running Gary's reset.cmd - even though there were considerable failures logged during it. Hopefully this doesn't mean there'll still be problems. Either way THANK YOU ! rebuilding this laptop was NOT an option.

     

    Wednesday, May 12, 2010 11:23 PM
  • WOW! I got to work!

     

    My RtBackup folder was unreadable. So I deleted it and rebooted. It recreated itself and all is working again.

     

    Thx all!

     

    Awesome.... This worked for me on Windows 7... I don't know about the rest of you but Windows 7 has given me more headaches than productivity.  Seriously thinking of going back to XP Pro.  Gotta run XP Mode in Win7 inorder to install Oracle...  If that's the case I might as well be on XP in the first place... Again Thanks All.

    Tuesday, May 25, 2010 1:48 AM
  • HOLY SHIZZLE!

    You guys are awesome! A couple years after this thread began and it still is able to help me fix things.

    My issue was with MANY services giving me the 1068 error (can't start...dependencies...).

    I did a Windows 7 install for a client and he has a Huawei E176 USB/cell Sim wireless adapter. After installing all the necessary apps, I would reboot and then the wireless stick would not work anymore. I reinstalled the stupid OS (yeah it was stupid when it didn't work properly) and tried tracking down the culprit by backing up registry AND setting restore points, while rebooting after each install. Only after I would install the dev apps like Photoshop and Corel would it not work. But nothing fixed it. Until I got here.

    *Deleting the RtBackup folder worked flawlessly!*

    Thank you all for the input that saved me HOURS by making this work. Also thanks for helping me look like a damn genius to my client. :)

    Saturday, June 05, 2010 9:04 PM
  • Thanks  to all. I searched many months back but gave up til I decided to look again and  ta da!! Great brainstorming and problem solving to all involved.

     

    Thanks

    Miss B

    Thursday, June 10, 2010 6:14 PM
  • Great Work, i discover this issue on my Windows 7 64 Bits Home Edition Machine when i need to discover why the explorer gone freeze after my dvd drive try to read some bad dvd's and suprise! the event viewer don't works... reason the same message that you described.  One hour i need to found the result of your great efforts that you share... i want to recognize to all of you with a "Thanks for your work and sharing"  the solutions works perfectly for me.

     

    Alx.

    Friday, June 25, 2010 12:30 AM
  • I had to go into C:\Windows\System32\LogFiles\WMI\RtBackup and manually rename each file, then I was able to delete the directory - now I'm finally able to view my log files! And now to tackle why my win7 machine randomly reboots. At least this is a starting point. Thanks to the person that discovered this.
    Saturday, November 13, 2010 1:19 AM
  • I found help on this error 4201 on another site.  To Fix, Navigate to C:\Windows\System32\LogFiles ; Rename your WMI directory to WMI.old .  Now Reboot your system.  you will find that when you go to manage, The events will be there.   Curiously, I still am not able to change how the Event Log loggs on.  the password and settings are greyed out.  I hope this helps.

     

    Monday, November 22, 2010 5:12 PM
  • thanks deleted the rtbackup folder---rebooted and all fixed
    Thursday, December 02, 2010 7:02 PM
  • Unbelievable... After 3 years the problems still exists in server 2008 R2... The solution is the same (I rewrote the permissions manually on rtbackup folder and on its files)... thnx
    Saturday, December 25, 2010 10:38 PM
  •  TJelly wrote:

    Hi

     

    I have this very same issue as well. The last thing i did was clean out all scheduled tasks and hidden tasks because I hate when my computer does things I don't not choose to do. Lil. let me what what you find out.

     

    J

     

     

     

    OK Ladies and Gentleman, here is what we have found;

     

    Apparently, one of the Windows updates is causing corruption of the Access Control List (ACL's) in the registry. I had entire sections of my registry nodes that lost the ACL'S.

     

    While I was researching the problem, I came across a website where someone had a similar problem with getting windows OS programs/services to run and they discovered that there was some registry corruption and missing ACL's.

     

    There are two different options that I ended up doing to get the system back in operation.

     

    It seems that running one or the other alone will not fix the problem, but doing both should get you back in service. 

    1. Make a backup of your registry (and a complete backup of the system wouldn't hurt either!)
    2. Go to Microsoft's website and download a program called subinacl.exe from this site; http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en
    3. Install the subinacl.exe (it downloads as an MSI file).
    4. Copy the code below into a text file and then name the text file reset.cmd.
    5. I copied the command file to my temp folder to run, but as you can see from the cmd file, it contains the path to the executable subinacl.exe.

    @echo off

    title Resetting ACLs...

    cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

    echo.

    echo Resetting ACLs...

    echo (this may take several minutes to complete)

    echo.

    echo ==========================================================================

    echo.

    echo.

    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

    echo.

    echo.

    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo System Drive...

    subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo Windows Directory...

    subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

    echo.

    echo.

    echo ==========================================================================

    echo.

    echo FINISHED.

    echo.

    echo Press any key to exit . . .

    pause >NUL

     

    3. As this command file runs it will show you the status of the reset and create a log that you can go back into and inspect for problems.

    4. When this command file completes, you then need to open a command window (using Run As Administrator) and run the following command;

    secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

     

    These two actions combined will reset the permissions on the registry nodes back to their default settings.

     

    Reboot and check your Event Log service... at this point it should be running.

     

    After effects of this process which happened to me, were that the Network List Service would not run... I still had network and internet access, however the Network icon in the task notification area had a Red X, and mouse over displayed a tooltip that said "Server Execution Failed".  This was a result of resetting the ACL's.

     

    The Network List Service (netprofm ) would not run because it did not have permission to run.

     

     In order to correct this issue, you must open the Component Services snap-in and drill down under Computers/My Computer/DCOM Config/netprofm (this is for Vista!) and right click the node, and select Properties.

     

    Click on the Security tab and make certain the correct user names are listed and that they have the appropriate permissions. I have 4 users listed with the same permissions; (your mileage may vary )

    1. Administrators - Perms; Local Launch, Local activation
    2. Interactive
    3. Local Service
    4. System

    Next, go to the Identity tab and ensure that The System account (services only) is the item that is checked. Make sure the changes you make get applied.

     

    Restart your computer so the ACL's are refreshed.

     

    Once you come back up from the reboot, things should be pretty much back to normal.

     

    You may find a stray program here and there that may need to have it's permissions reset, but you should be operational.

     

    I directed the Microsoft engineers to this forum (and Goggle search it) so they can see this is getting to be an issue for a lot of people. They in fact have a brand new case (same problem) that was just escalated to them and they are going to take an Image of that persons system first thing so they can determine what is causing this, and if necessary put out a hotfix or service pack to correct it.

     

    In the meantime, if you run into anyone else going through this problem, at least there was one solution that worked for me...

     

    I cannot guarantee that this will work for everyone and the issue may effect each machine differently, so just be aware that this is not the blue pill!

     

    I think that because the Registry database is so critical to the operation of Windows, Microsoft engineers should have some sort of utility that can repair and/or reset the registry and file permissions easily should something happen...

     

    I personally believe that this should be part of the base operating system and we should not have to shell out extra bucks to third party vendors for these type of utilities, particularly if the registry is prone to corruption either by Microsoft's own hands or by a third party application.

     

    I am not knocking third party programmers as I am one myself, I am just saying that this is Microsoft's OS and they should provide these easily accessible tools to keep us running!

     

    Good Luck!

     

    I realize this thread is old. But before I try the fixes on it I want to be sure I am having the same issue. I am trying to install a program that relies on the Event Log and task Scheduler to run correctly. My Event Log service will not start. I get the same error message the OP had mentioned in the beginning, but it is the only service I have noticed that is not working correctly. Should I still do the fixes mentioned here? Or is my problem something different?

    I have also noticed random icons changing back to a windows classic icon, and have ran SFC /Scannow and it has come up with a corrupt explorer.exe.mui file member? I'm not sure what that means, and I have made my own post about this problem, but no one has responded.

    Friday, January 07, 2011 12:32 AM
  • Thanks Alex !  It worked for me. As suggeste, I deleted the folder(RtBackup) and after the restart it created the folder automatically... and now everything is working normally.. Thank You So Much
    Tuesday, January 25, 2011 5:30 PM
  • Thanks Alex indeed! I'm running a W2K8R2 server 32bit, and had the same 4201 error. I noticed that it started after a network connection error and a failed policy push...if that helps anyone else. To resolve the issue all I did was set the permissions on the RTBackup folder to include SYSTEM account full permissions. I did not have to startup in safe mode, but I did have to log in as network administrator for proper ownership to assign permissions for the SYSTEM account. After rebooting the error went away and all seems to be working as expected.

    I did not want to run the recommended reg script as using them is always sketchy in my opinion. In my 20+ years of working with MS OS's I have found that 99% of the errors I get are from permissions setting...FYI.

    Now I can get back to developing, Cheers!

    Thursday, March 17, 2011 10:42 PM
  • This works also for Windows 2008 Server R2. Worked like a champ! Inherited the permissions to the folder level and rebooted the server, my Event Viewer service started with all dependencies included and I can view the events once again. Thank you for this fix.
    Friday, March 18, 2011 1:19 PM
  • I also had this problem for the last 2 years with both Windows Vista and Windows 7 ultimate. No spyware. No virus. System files were intact. I got the problem solved by RESETTING ALL USER PERMISSIONS TO DEFAULT. http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-to-reset-all-user-permissions-to-default/9da312d2-c99b-4283-a275-e74d93dcc366
    Thursday, April 07, 2011 11:02 AM
  •  

     

    Gary Bouchard this helped me so much.  I was having a problem originally with installing MSMQ on my Windows 7 machine.  In attempting to submit an issue to Microsoft for help, I was researching the issue to put it together as a nice wrapped present for Microsoft when I noticed my Event Log was messed up!  Having never experienced this before I started researching that issue and thankfully stumbled across this amazing thread.  I followed the instructions and not only did it fix my Event Viewer problem but also the problem with installing MSMQ!  To say thanks I am going to attempt to Gary's post with the instructions along with some other tips found in the thread together.  THIS is not my work but the contributes to this thread.  Without them I would probably be having to have my IT schedule me for a reinstall and missing days of work to it.

    Gary Bouchard's Original Instructions (with the fixes needed I think he updated his post as well)

    1. Make a backup of your registry (and a complete backup of the system wouldn't hurt either!) BACKUP BACKUP BACKUP!
    2. Go to Microsoft's website and download a program called subinacl.exe from this site http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&amp;displaylang=en
    3. Install the subinacl.exe (it downloads as an MSI file).  <-- Fairly Fast install nice program to have anyhow!
    4. Create a new text file and copy the following into it:
      @echo off
      
      title Resetting ACLs...
      
      cd /d "%ProgramFiles%\Windows Resource Kits\Tools"
      
      echo.
      
      echo Resetting ACLs...
      
      echo (this may take several minutes to complete)
      
      echo.
      
      echo ==========================================================================
      
      echo.
      
      echo.
      
      subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
      
      echo.
      
      echo.
      
      subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
      
      echo.
      
      echo.
      
      subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
      
      echo.
      
      echo.
      
      echo System Drive...
      
      subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
      
      echo.
      
      echo.
      
      echo Windows Directory...
      
      subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
      
      echo.
      
      echo.
      
      echo ==========================================================================
      
      echo.
      
      echo FINISHED.
      
      echo.
      
      echo Press any key to exit . . .
      
      pause >NUL
    5. Rename the text file or save the text file as RESET.CMD. Suggestion is to save it in c:\temp.
    6. Run this file.  NOW Supposedly this creates a output file you can look through.  Mine did not.  But it still worked.  IT DOES take quite sometime to run any I had lots of 20,000+ errors while running and watching it!
    7. After completion you need to open a command window as administrator.  See here for help  http://www.sevenforums.com/tutorials/47415-open-command-window-here-administrator.html
    8. secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose &gt;c:\temp\secedit_output.txt
      1. Navigate to C:\Windows\System32\LogFiles\WMI\RtBackup 
      2. Right-click on RtBackup and select Properties > Security 
      3. In the list of “Group or user names” is “SYSTEM” listed? 
      4. If not, click Edit > Add . . . and type in “SYSTEM” in the dialog box and click OK. 
      5. Restart your computer and try installing Windows Vista Service Pack 1 again.
      1. Open the registry and go to "HKEY_CLASSES_ROOT\CLSID\{<CLSID in the event message>} to find out friendly name of this component. In my case, this is "Machine Debug Manager” (CLSID: 0C0A3666-30C9-11D0-8F20-00805F2CD064).
      2. Go to Component Services via Start -> Control Panel -> Administrative Tools -> Components Services. Expand the Component Services branch then expand "Computers", "My Computer", and "DCOM Config". Right-click on "Machine Debug Manager" (or whatever your CLSID represents) and choose Properties. Click on the Security tab and under “Launch and Activation Permissions” select "Use Default". Click OK, close the Component Services window. The error should disappear now.
      1. Open the registry and go to "HKEY_CLASSES_ROOT\CLSID\{<CLSID in the event message>} to find out friendly name of this component. In my case, this is "Machine Debug Manager” (CLSID: 0C0A3666-30C9-11D0-8F20-00805F2CD064).
      2. Go to Component Services via Start -> Control Panel -> Administrative Tools -> Components Services. Expand the Component Services branch then expand "Computers", "My Computer", and "DCOM Config". Right-click on "Machine Debug Manager" (or whatever your CLSID represents) and choose Properties. Click on the Security tab and under “Launch and Activation Permissions” select "Use Default". Click OK, close the Component Services window. The error should disappear now.

      (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

      Before Rebooting I also suggest going through something similar to the following by Nathaniel Bluedorn

       

       A blog about this can be found at (http://www.bloomingthorn.com/pages/read/instal-error-with-windows-vista-service-pack-1/)

      Still others have choose to delete the directory RTBackup and recreate it, or to just delete the files inside.  Using either Unlocker (http://ccollomb.free.fr/unlocker) or through safe booting into windows and deleting the file from there.

      For the most part this works like a charm however some permissions on some programs or files might be ill-affected.  You can either reinstall those files or like in my case use I had a DCOM Error 10016 and used the following:

    I found this solution at http://community.spiceworks.com/windows_event/show/84-dcom-10016

    I am guessing 99% of the people with this sorta problem reinstall.  So if you manage to follow this and get it working good again, consider yourself lucky, and also pat yourself on the back for a job well done; or have a beer or something!  Good job!

    Friday, April 08, 2011 3:23 PM
  • It worked. Thank you Gary. I was thinking to format my machine, but it worked great.  Thanks again.
    Friday, April 08, 2011 6:33 PM
  • hmmm
    Saturday, May 07, 2011 11:30 AM
  • I tried a lot of solutions, but couldn't get access to the C:\Windows\System32\LogFiles\WMI\RtBackup folder.

    Here's how I solved it (WARNING--DANGEROUS):

    -Granted Full Permissions to the Administrator user on the \RtBackup folder

    -Took ownership of the folder and subfiles referencing this article:

    http://www.blogsdna.com/2159/how-to-take-ownership-grant-permissions-to-access-files-folder-in-windows-7.htm

    -Saved Changes

    -Removed all permissions for SYSTEM user on \RtBackup

    -Rebooted System.  SYSTEM user couldn't lock any files.

    -Renamed \RtBackup to RtBackup2

    -Rebooted Again.  Problem Solved.

     

    The huge benefit was that I didn't have to reboot in safe mode....I'm not on-site and can't reboot in safe mode.  You just have to take great care when removing permissions for SYSTEM.

    Friday, June 24, 2011 11:30 PM
  • I find it very telling that after 4years 4 months and 9 days, nothing has been done by Microsoft to address this serious issue that has also leached into the WIN2K8 product. Microsoft you have had almost 1600 days to address this. Now it's time for a class action law suit, will take me about 120 days to get it started, so that's how much more time you have to address, solve and fix.
    Wednesday, July 06, 2011 1:49 PM
  • This problem also/still exists in W7 Home Premium.

    The same "cure" applies: ie delete RtBackup C:\Windows\System32\LogFiles\WMI\RtBackup.

    Permissions are, of course, an issue, so I used Revo UnInstaller and deleted it and it's contents completely and cleanly.

    Rebooted and viola - Event Viewer AND Diagnostics work again!

    SQL 2005 runs 1st time everytime as well now.

    Tuesday, August 02, 2011 3:00 AM
  • I'm experiencing the same error, can't run the Event Log Service and receive the same error message. Running Windows 7 Ultimate.
    Stuart A Beggs
    Friday, September 30, 2011 5:33 PM
  • Like so many others here, I tried to take control of my UAC because I was tired of the constant refusals of permission when I wanted to move/change/delete files that were written by me. I am the only user on this OS. And so I believe this is Microsoft's Control-Curse to punish those of us who would step out of line. That's why you'll never see any "fix" come from Microsoft, even though this issue is quite prevalent.

    Of all the attempts at fixing this problem (I've found various supposed fixes on many levels of Microsoft's Answers forum, and others), and many hours wasted wrestling with command strings and step-by-step procedures from the experts, Nathaniel Bluedorn has come up with the REAL SOLUTION you see above. Just in case this post gets shifted to the bottom:

    Nathaniel Bluedorn wrote:

    1. Navigate to C:\Windows\System32\LogFiles\WMI\RtBackup 
    2. Right-click on RtBackup and select Properties > Security 
    3. In the list of “Group or user names” is “SYSTEM” listed? 
    4. If not, click Edit > Add . . . and type in “SYSTEM” in the dialog box and click OK. 
    5. Restart your computer and try installing Windows Vista Service Pack 1 again.

    This worked for me. I bloged about it (http://www.bloomingthorn.com/pages/read/instal-error-with-windows-vista-service-pack-1/)

    Yes, believe it or not, it's that simple. Just do as he suggested above and it should fix the issue. It did for me on Win Vista x64 Home Premium. The cure for Microsoft’s Control-Curse is here and it’s way easier than a flu shot. You just ‘gotta know the secret!

    Best of luck to everyone!

    Thursday, March 01, 2012 1:50 AM
  • Hey Gary,

    Please take a look at Nathaniel Bluedorn's post below. This is the answer that finally cleared up my Vista x64's case of what I'm calling Microsoft's Control-Curse. My RtBackup folder didn't have "SYSTEM" in it's permissions options and I had no clue how to put it there and wasn't allowed to change anything anyway... even though I had taken over permissions for the whole system... which seems to be what started the issue to begin with. What a long strange journey this has been. I thought you should know.

    Thanks for all your hard work on this issue!

    Thursday, March 01, 2012 2:09 AM
  • For those that follow:

    For those Vista users that have registry issues caused by the update to Vista, it seems that the "SubInACL" tool and script provided by Gary are necessary to undo the damage caused by that update.  This is in addition to renaming and setting permissions for the RtBackup folder.

    In my case, as a Windows 7 user, I found that Nathaniel's suggestion was a complete solution.  The ONLY issue to solve is giving SYSTEM ownership and full privileges to the RtBackup folder that is automatically created after renaming / deleting that folder, which in my case had an event log that had grown until it hit the 2Gb size limit.  It appears the inherited permissions applied to the automagically recreated folder are not sufficient and SYSTEM must be added manually as owner with Full Control.

    Kudos and thanks to those that contributed to ferreting this all out and helping me avoid a reinstallation!

    Thursday, July 12, 2012 4:12 PM
  • Hi everyone,

    An easy solution would be to  Open the "C:\Windows\System32\LogFiles\WMI" folder then set permission for SYSTEM user to everything and then restart the computer. 

    Cheers


    Tuesday, August 13, 2013 2:48 AM