Event Viewer Service problem RRS feed

  • Question

  • Hi friends

    When i try to open my EventViewer in Vista it gives a message like

    "Event log service is unavailable. Verify the service is running"

    Then i tried to start the Windows Event Log service from the windows services but it is giving another error message.

    "Windows could not start the Windows event log service on Local Computer.

    Error 4201: The instance name passed was not recoganized as valid by a WMI data provider."

    Wednesday, May 2, 2007 6:57 AM

All replies

  • I'm having the same problem. Even tried to reset the WMI, still same problem occurs.


    I'm also having problem with trying to start Generate Health Report, error was "Unknown Interface"


    Can anyone hellllpppppp!! Pls!!!!!!


    Sunday, May 13, 2007 4:51 PM
  • Hi all,


    I have same problem when i try to start Event Log service.


    No response from Microsoft corporation, it seems to be a major bug in Vista installation, but no addtionals information.


    Wait and see...may be a service pack should fix this critical bug for other services or for applications.



    Saturday, May 19, 2007 10:10 AM
  • Same problem here too......... and problems with windows search ............and problems with "move" or "rename" file (hangs).

    Roll on service pack update!

    Thursday, May 24, 2007 9:48 AM
  • Hi Peter,

    I have the same problem with the Vista EventViewer. Diskeeper won't work either, but I don't know if these are related.

    Good luck,


    [Lenovo TP-T60: 2xCPU T7200, 2GHz, 1.5 GB RAM; Vista 32-bit Business, build 6.0.6000; No other programs running]

    Monday, May 28, 2007 12:29 PM
  • Hi Phil & other interested parties


    Some of the other clues:

    When I updated from XP, I used the files & settings transfer wizard.....after which time the keyboard didnt work properly. Thats fixed now though. Still I wonder if settings from Xp somehow clash?


    Also had installed  Nero Essentials.7......well I only noticed problems after that. Co-incidence maybe? Uninstalled now and no fix yet.


    Then there's the bios update question.....will that improve reliability, etc. It's a bit daunting and the Asus website appears somewhat ambiguous as to which update is fitting.


    Post back any thoughts. Thanks.



    Tuesday, May 29, 2007 6:44 AM
  • I have the same problem, also after a Nero install then uninstall.
    Saturday, June 9, 2007 3:59 AM
  • The same problem here. Cant start some services. 
    Any response  from  MS?! Is  it  bug or something broken in my installation?
    Sunday, June 17, 2007 5:43 AM
  • Have fixed the copy/ move file problem by disabling indexing and windows search in services. Also search runs ok now too.


    The event viewer is as yet unsolved.


    .....error message is: Unhandled excetion in managed code snap-in.


    Other article has more info but no fix for me:







    Sunday, June 17, 2007 9:05 AM
  • All Vista machines at our company are having this issue.  Anyone find a fix yet? 
    Monday, June 18, 2007 8:26 PM
  • I found this tip on another forum.
    Run regedit.
    Go to computer\HKLM\system\currentcontrolset\services\eventlog\
    run through all subkeys looking for path names and make sure the folders exist and have write privileges.
    For example, the log file may be stored in:
    If the folder is not there or is not write enabled, the service may fail to start.
    You would get an error "file path not found" or "file access denied" or something like that.

    Sunday, July 1, 2007 7:57 PM
  • Hi Peter,


    The history of my system is similar to yours in certain respects, but I don't know if there's a causal relationship between the changes and our Event Viewer problem. These similarities/differences are:

    - Files & Settings Transfer Wizard - I used this, plus the System Migration Assistant, to move settings and files from one laptop to another. The former had Win XP Pro SP2 installed and the latter Vista 32 Business. My experience with this process was that there appeared to be a massive shuttling/shuffling of many files from one system to the other and it inspired no confidence in me that everything happened as it should.

    - Keyboard Problems - I've been having persistent problems with an external USB keyboard becoming inactive, but that seems to occur only when I connect the keyboard via a USB hub, not directly to the laptop.

    - Nero Essentials - I too installed and uninstalled this, and there appears to be vestiges of Nero fiddling around. For instance, it still appears as an entry (which I've disabled) in System Services.


    Office 2007 - I also uninstalled this suite, which was pre-installed as a trial version on my laptop, in favor of Office 2003, and there are still pieces of Office 12 all over the place.


    The difficulty with trying to locate the problem by researching histories is that there were so many widespread system changes occuring at different times that it's impossible to identify those that might be responsible. Nonetheless, I hope that this helps.


    Good luck,


    Tuesday, July 10, 2007 4:39 PM
  • My event viewer is working again. This was just after I fixed the problem of not being able to un-install I-tunes & Adobe8.

    The problem there was with "permissions" with some windows registry keys......... (of course it could be co-incidence)

    I seem to remember, the event viewer error came up with a number.....this could refer to the key that has incorrect permission settings. Hope this helps....good luck.


    Tuesday, November 6, 2007 7:13 AM
  • Has anyone came up with a "clean" solution to this problem?


    Wednesday, November 21, 2007 1:12 PM
  • Hey,


    I had this exact problem. Not sure what triggered it but I only noticed Event Log service wasn't working after installing Norton Ghost v12.


    To resolve this problem I modified the ACL to the HKEY_LOCAL_MACHINE registry key and the ACL for %windir%\system32\winevt


    To change the ACL's for these, i recommend using SubinACL (download from: http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B)


    Install SubinACL and run a Command Prompt as an Administrator and execute the following commands:


    subinacl /subregkeys HKEY_LOCAL_MACHINE /grant=administrators=f /grant=SYSTEM=f

    subinacl /subdirectories %windir%\system32\winevt /grant=administators=f /grant=SYSTEM=f


    I hope this helps you with this problem. Let me know if you can.




    Wednesday, December 5, 2007 5:44 AM
  • Guys,


    Been futzing with this for hours. MY solution: added ACL for Local Service to %systemdrive% (D: in my case). Gave it full control. Forced it to save "down the tree". Rebooted and Event Viewer is alive again. Phew... what a fight.


    Hope this helps those still scratching heads...




    Friday, August 1, 2008 2:47 PM
  • im having the same problem help
    Tuesday, May 26, 2009 8:34 AM
  • make sure windows error reporting service, windows event collector and windows event log are running.
    this solved the problem for me

    Friday, July 3, 2009 5:45 PM
  • I had the same problem after an upgrade from Vista to Windows 7.

    I just changed the permissions of "HKLM/System/CurrentControlSet/services/eventlog" and the service starts up normally.

    • Proposed as answer by Darii Tuesday, October 18, 2011 4:21 PM
    Wednesday, July 6, 2011 11:19 AM
  • I would like to know if you had tried updating your windows may be that can fix the problem



    Tuesday, July 19, 2011 10:37 PM
  • I had the same problem after an upgrade from Vista to Windows 7.

    I just changed the permissions of "HKLM/System/CurrentControlSet/services/eventlog" and the service starts up normally.


    Nice and simple.  Thank you.  This solution works perfectly for all versions of server 2008 as well.
    Tuesday, October 18, 2011 4:23 PM
  • I have a Windows 7 Home Pre upgraded to Windows 7 Ultimate with the

    Windows could not start the Windows event log service on Local Computer.

    Error 4201: The instance name passed was not recoganized as valid by a WMI data provider."

    What key inside of "HKLM/System/CurrentControlSet/services/eventlog"  did you changed the permission and from what to what?


    Thursday, December 22, 2011 7:13 PM
  • Make sure SYSTEM account has full permission on the folder C:\Windows\System32\LogFiles\WMI\RtBackup
    Thursday, March 29, 2012 1:05 AM