Printable View
When trying to start the Windows Event Log service, I get:
"Windows could not start the Windows Event Log service on Local Computer.
Error 4201: The instance name passed was not recognized as valid by a WMI
data provider."
MSKB and Google searches yield nothing useful - just a few people trying to
get this question answered.
Anyone have a clue? If I can't fix this my only option is to reformat and
reinstall as all repair options have failed.
I would add in addition to the two Startup Repair options and five F8
options I gave you, to do an SFC from an elevated command prompt:
Right click run box on start menu>run as admin>type sfc/ scannow at cmd
prompt.
I'm probably one of the other people who's messages you came across
searching Google for the answer to this problem - my event log service
has been down probaby for months now. :(
I tried running the sfc command and got the same results as well.
It tests OK:
"Windows Resource Protection did not find any integrity violations."
However, I still can't run the Windows Event Log service.
The way I ended up getting mine to work again was permissions related.
Someone suggested that the permissions on some %systemroot% sub-dirs was
messed up... and when I checked, it was true... when I reset the owner
on a number of them, and rebooted, that fixed it. :)
Note that this might still be the same problem as is resolved by moving
the Logs and Logfiles dirs/files - since that might have been one of the
ones I reset the owner on, and deleting them would probably just cause
them to be re-created with proper permissions.
The -reason- my permissions were messed up is because I set up to
dual-boot Vista 64 and windows XP - and at one point from Win XP I
couldn't get at some files, I did a take owner, at some point on the
Vista system drive, I think probably the root... by the time I realized
the event log wasn't working, I'd forgotten about the take-owner. (I
didn't notice right away...)
With MoveFile...
http://www.microsoft.com/technet/sys...PendMoves.mspx
...you can delete folders before the system blocks files.
I sheduled "C:\Windows\Logs" and "C:\Windows\System32\LogFiles" to delete at startup, rebooted and the EventLog was online again.
You are right:Code:"X:\***\movefile.exe" "C:\Windows\System32\LogFiles" ""
"X:\***\movefile.exe" "C:\Windows\Logs" ""
It -IS- a permission problem. But the snag was, that I wasn't able to change something with the permissions, because these files were in use. (Well... I believe that was the reason)
So add to my solution: The root-folders of the logfiles (Windows and System32) have to have permission sets, where the "system"-account is able to read and write files.
Then -after you delete the messed up folders- Windows will copy the permission for the recreated log-folders from their root-folder (and the system, as well as the services, are able to use the files).
And why the permissions were messed up at my PC I can only guess - I use a more or less virgin Vista and not any other OS ((Well... at -this- PC *gg*)).
I am also facing the same issue, can any body help me out in this...???
My OS = WIN 2008 Enterprise (sp1)
Windows could not start the Windows Event Log service on Local Computer.
Error 2: The system cannot find the file specified.
When starting "Vee Doc" application, an error warning comes on with the following information:
(16 bit MS-DOS subsystem
error while setting up environment for the application.)
Kindly help me with solution for this error to enable me work this application.
Your input, along with the following, worked on my Vista Home Premium 64 - Had used PC mover to migrate from WinXP Pro to Vista and all of the administrative issues, less two minors, were resolved. Prior to utilizing your instructions, here are another set worth review, as this took care of 200k subkeys:
Please perform the following steps to reset the permissions in registry.
1. Download and install the SubInACL utility.
1. Download and install the SubInACL utility.
Link: http://www.microsoft.com/downloads/d...displaylang=en
2. Create a new text file named fix_registry_permissions.bat and add the following text to it and save it. If your program files are on another drive or your Windows directory is somewhere else or with a different name than below, simply substitute what is shown:
----------------
cd c:\program files (x86)\Windows Resource Kits\Tools
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories c:\ /grant=administrators=f /grant=system=f
subinacl /subdirectories c:\Windows\*.* /grant=administrators=f /grant=system=f
----------------
3. Run the file from the elevated command prompt.
You can also try the following command if the above mentioned steps doesnt help you:
a) secedit
b) icacls
In Regedit - You may also try this:
Right-click the Key,
Click Premissions (puts you in Security)
Click Advanced,
Click Owner,
Click Other users or groups,
Click Advanced,
Click Find Now,
Select your account - (the usual one you are signed in as)
Click Ok,
Click Ok,
Select your account,
Click Ok.
Now you can set permissions as you wish.
Do this for every major Key you want (all of the subkeys will follow).
Thanks again for your assist - it was the capper, as the Event Log is it's own animal for admin permission...