Error 2: The system cannot find the file specified ... Windows Event Log service could not start.


  • This error occurred in five windows servers 2008.

    Error 2: The system cannot find the file specified ... Windows Event Log service could not start.

    I tried the following steps:

    1) Link

    2) Full control for administrator user in the folder C:\Windows\System32\winevt\Logs

    3) Delete files in the C:\Windows\System32\winevt\Logs

    Plz i need help.

    I did a test, and I believe it is a hotfix that was applied. Now the question is what is the hotfix that is causing this problem.
    Tuesday, January 19, 2010 5:44 PM

All replies

  • Plz i need help
    Wednesday, January 20, 2010 12:01 PM
  • Hummmm anyone ?
    Thursday, January 21, 2010 11:20 AM
  • I met the exact problem yesterday, and tried the  3 options as you mentioned, but the problem remained.

    However, with the help of procmon, it turned out that the issue was caused by an incorrect registry entry at:



    Event Log service by default will look at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\ServiceDll for the service dll to start the service, however, when "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Parameters" presents, it will look for ServiceDll underneath the "Parameters" sub key.

    And in my case, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Parameters\ServiceDll was referring to an empty string, so Event log service cannot find the service dll file to start the service.

    So, I just deleted the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Parameters, and after that, Event log service starts correctly.

    Hope this helps.
    • Proposed as answer by thomasvdb Friday, May 20, 2011 2:53 PM
    Thursday, April 28, 2011 9:17 AM
  • thanks
    Tuesday, June 28, 2011 2:10 PM
  • Thanks very much Chris.. Your solution really helped me in fixing this bad guy.. Thanks for the info..
    Monday, July 11, 2011 2:52 PM
  • I experienced this issue on my Windows 7 Professional machine (SP1 not installed). The solution above (by Chris.Chen) worked for me too. Thanks a lot Chris!
    Monday, July 11, 2011 4:11 PM
  • Thanks Edurado..After i deleting the Parameters from registry its working fine....tons of thanx...
    Wednesday, July 13, 2011 9:24 AM
  • Chris' solution worked for me as well. Geez, did some new update cause this problem recently? This post is from a year and a half ago, and now 5 people (myself included) have responded in the past 5 days.
    Saturday, July 16, 2011 4:48 PM
  • Thank you Chris.Chen,

    Your solution is working very well for me. As  phhlho said, seems there are recent surge of this problem. I actually fix 3 computers related to this problem, and this may be very well related to recent update.

    Tuesday, August 02, 2011 2:25 AM
  • interesting the parameters folder was empty, but renaming it fixed the issue


    Thanks, Chris,

    Saturday, August 20, 2011 8:57 PM
  • @mchern 

    Thank you so much-you saved me a looooot of time reseting a new VM

    Wednesday, October 19, 2011 9:06 AM
  • Thanks Chris.  I thought I'd have to re-install Windows!
    Thursday, November 17, 2011 12:02 AM
  • Thank you Chris.Chen,

    Your solution is working very well for me. Windows 7 Pro 64bit.

    Thanks for the info..

    Sunday, December 04, 2011 1:31 PM
  • This solution solved the problem on our side as well.

    One question remains though : WHERE Did this parameters key come from ?

    Thursday, December 08, 2011 12:20 PM
  • Thanks Chris! That worked on my Windows 7 Enterprise machine. This issue was preventing the IIS Application Pool to start.
    Wednesday, June 13, 2012 2:30 PM
  • I'm a novice, but I'm having these exact same problems, can you please tell me how to go about finding the registry key or locating 

    it and how to delete it? Thank you so much, I cant update some programs or even use some because they need updating to run!

    PS. Do I need to look for that exact key?

    Wednesday, August 08, 2012 2:41 PM
  • Thank you SO much!

    Every so often over the past 2 years I have had a problem and tried to look at the event log only to be told the event service is not running but then found I could not start it - and all previous attempts to fix it have failed.

    At last I have found somebody who has actually experienced the problem and actually worked out how to fix it and I can now use my event viewer!

    By the way, I saw a thread somewhere that said this problem can be caused in the first place by using JV16 Power Tools 2008 - but they did not know how to get the event service working again.  Don't know if any of you used it.  I did and did wonder at the time if it was wise to keep using an old version after upgrading to Windows 7.  If I can find that thread again I will post a link to this.

    Thans again!

    Alan K

    Saturday, November 24, 2012 9:47 PM
  • Thank you Chris! In my case the solution worked for Windows Server 2012 R2
    Thursday, March 20, 2014 8:27 AM
  • Dear Chris,

    I am reading your solution with interest however I dont know where to find "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Parameters" . Please guide me exact location.



    Thursday, August 21, 2014 7:17 AM
  • This worked like magic. 

    Thanks mate. 

    Thursday, September 11, 2014 2:33 PM
  • Chris,

    This solution worked great for me ...  until the server was rebooted then the Parameters key was back.  Is there a way to keep it from being recreated?

    EDIT:  I renamed the key instead of trying to delete it.  After a reboot the key has not been recreated.  Hopefully, this will help someone else.

    • Edited by amc_km Thursday, November 20, 2014 2:34 PM
    Thursday, November 20, 2014 2:16 PM
  • After many days of trying every hotfix and every other solution across all forums and third party sites, this one was what worked for me. Thanks Chris!
    Saturday, July 23, 2016 2:05 PM
  • wow!!!! you are my saviour!!! been looking for a valid solution and finally read yours!!!

    thank you so much!!!!!!!!! :)

    Monday, August 08, 2016 1:51 AM