Windows could not start the Windows Event Log service on Local Compurter. Error 5: Access is denied
-
17. března 2010 23:15
I am logged on as administrator. Usin Win7 Ultimate 32 bit. can not start Event Log service. Any suggestions?
Všechny reakce
-
19. března 2010 1:31Moderátor
Hi Bob,
This issue can be caused due to the incorrect permission settings for the administrators group.
I would like to suggest you perform the following steps to troubleshoot the issue.
1. In the "Start" menu, locate "Command Prompt". Right-click and choose "Run as Administrator". If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
2. Type the following commands, then press "Enter" to execute them one by one. Please note the space before the command and its parameter.
takeown /f C:\windows\system32\logfiles\wmi\rtbackup
cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F
3. Restart the computer to check the issue.
What’s the result?
Arthur Li - MSFT- Označen jako odpověď Arthur_LiMicrosoft Contingent Staff, Moderator 22. března 2010 2:06
-
19. března 2010 22:48
Arthur_Li
Thank you for your help. This did solve my problem. I do not understand what the problem was? What do you mean by incorrect permission settings fot the admin group? I thought that they were all enabled when I checked.
Thanks, Bob Bilmanis
-
22. března 2010 2:06Moderátor
I would like to explain that the administrators group do not have the correct permission on rtbackup folder. It’s hard to say what cause such issue.
Regards,
Arthur Li - MSFT -
16. srpna 2010 8:39
This hint did NOT work for me. I have been using Windows 7 RTM Ultimate 32b and without ANY system modification my Event Log service failed to start.
The above and all over the net suggestions for solving this issue did not work in my case.
In my case I had to change NTFS permissions on %WINDIR%\System32\WinEvt\Logs directory for Local Service and Network Service to FULL access.
I'm just curious what kind of software Windows is if it fails to run after half of a year? Viva la Windows XP!!!1Rosomak
- Navržen jako odpověď 1Rosomak 16. srpna 2010 8:39
-
24. srpna 2010 7:18Arthur, that worked for me too (Win 7 Professional 64-bit), thanks! One has to wonder why there is such a glaring bug in Windows 7 though.
-
8. září 2010 2:58did any of you also getting error 4201 beside error access denied?
-
2. února 2011 18:41
On two occasions, this Windows 7 Ultimate 32-biy system has inexplicably disabled the event viewer with "Error 5: Access is denied" In the first instance, I was able to repair the system by adding SYSTEM permissions to the RTBackup folder. On the recent failure, nothing works. i've tried the above fix, the reset repository fx, the permissions fix, the delete and recreate the logfiles fix. No soap.
The startup window on the Services panel is grayed out. If it was assessable, one might be able to find a user account that would work.
So the questions are:
What is the bug in W7 that causes the event service to fail intermittently?
Why is the Log On panel grayed out (I'm running the Services panel as administrator)?
Ted
Ted Gage -
21. března 2011 0:36
Hi Tedmac did you ever solve this issue? Ive tried everything on every forum to try fix and start my event viewer but nothing has worked.
I was alerted to it whilst trying to install symantec and it kept failing! After more research the failing pointed to event sevice problems. I have been trying ever since to restart service to no avail.
Please help someone!! Im on windows 7 64bit and all else seems normal with my system. Its the same error 4201 when i try start it in services.msc.
-
1. dubna 2011 11:42
Well.. I tried everyhting here without avail... then I ran cmd as Administrator and typed netsh winsock reset
Rebooted
Which worked perfectly.
- Navržen jako odpověď Nasreddine 14. května 2011 8:54
-
16. listopadu 2011 17:02
In my case I had to change NTFS permissions on %WINDIR%\System32\WinEvt\Logs directory for Local Service and Network Service to FULL access.
1RosomakEven though this thread is over a year old, the trouble still exits....
Checking a machine that was working showed that "Event Log Readers" needed full permission to %WINDIR%\System32\WinEvt\Logs
-
14. prosince 2011 1:56
I have found a solution for my machine. First, let me say that I tried every single suggestion and idea that I could find online/think of and none of them worked, so if you're in the same shoes then I hope this will fix you right up. The error I was receiving would occur when I manually tried to start the event log service and it would say error 5: access is denied, however this method *may* help (or at least provide some clues) for other errors as well.
1. Download Process Monitor & Install: http://technet.microsoft.com/en-us/sysinternals/bb896645
2. When you run it, it will start collecting data. Hit Control+E to stop it. Then Control+X to clear the data.
3. Pull up your services snap-in and find the event log service. Fit both on your screen.
4. Press Control+E in Process Monitor to begin data collection then try to start the event log service so that you receive the error. Close the error and return back to Process Monitor, press Control+E to stop collection. Doing this quickly will reduce the amount of data to scroll through.
5. Scroll down and look for any results that say ACCESS DENIED (or use the filter to remove all SUCCESS results). I had a handful of results that didn't say SUCCESS, but as far as I know, those are not an issue. What you're looking for is ACCESS DENIED (or perhaps you were getting a different error code, then look for anything out of place or doom-sounding).
6. The field(s) with ACCESS DENIED will tell you which file caused the error. Simply browse to the folder this file is in and right-click -> properties. (Mine was system32/winevt/logs).
(I have a feeling the following steps will require some trial and error, this is what I did)
7. Goto the security tab -> click advanced -> click the owner tab. Set yourself as the owner and return to the security tab.
8. Make sure SYSTEM, yourself and the administrator account all have full access. Click ok.
9. At this point my event viewer service started running when I tested it. Good luck!
- Navržen jako odpověď Yiannis Mihail 20. června 2012 9:27
-
20. prosince 2011 16:37
This hint did NOT work for me. I have been using Windows 7 RTM Ultimate 32b and without ANY system modification my Event Log service failed to start.
The above and all over the net suggestions for solving this issue did not work in my case.
In my case I had to change NTFS permissions on %WINDIR%\System32\WinEvt\Logs directory for Local Service and Network Service to FULL access.
I'm just curious what kind of software Windows is if it fails to run after half of a year? Viva la Windows XP!!!1Rosomak
Thanks mate.. its 100% correct.. -
27. prosince 2011 0:49
Thanks, that worked for me. It took me a quite a while to find out what had been changed to cause the service not to start.
Dave
-
2. února 2012 21:27
to those who are still having issues:
The service starts in c:\windows\system32 Make sure LOCAL SERVICE and NETWORK SERVICE has full rights to this and all sub folders. If you do not see it ADD IT.
NOTE: Use the ADVANCED button on the folder properties to make your changes.
Also make sure %computername%\administrators (the %computername% is the name of your machine) has OWNERSHIP and full control of the entire c:\windows\system32 and subfolders directory
make sure you place a check mark next to the "Replace all child object permissions with inheritable permissions from this object"
Ckick Apply and watch the files fly by as the change is made. If you have Symantec endpoint or anyother protection it might prompt you that there is a change happening.
Restart
-
3. února 2012 19:33
to those who are still having issues:
The service starts in c:\windows\system32 Make sure LOCAL SERVICE and NETWORK SERVICE has full rights to this and all sub folders. If you do not see it ADD IT.
NOTE: Use the ADVANCED button on the folder properties to make your changes.
Also make sure %computername%\administrators (the %computername% is the name of your machine) has OWNERSHIP and full control of the entire c:\windows\system32 and subfolders directory
make sure you place a check mark next to the "Replace all child object permissions with inheritable permissions from this object"
Ckick Apply and watch the files fly by as the change is made. If you have Symantec endpoint or anyother protection it might prompt you that there is a change happening.
Restart
After going through EVERY suggested method on this thread, it's this last one that worked for me. I was getting Error 5: Access Denied when trying to start Event Viewer service.Thank you!
-
9. května 2012 7:45I'm getting the 4201 error and NOTHING has been able to fix it. I've even been able to delete the RtBackup folder, but it comes back and Event Log Service STILL won't turn on. Any luck, snakeybidder?
-
14. června 2012 22:18
This worked for me & I did not even have to reboot the computer.to those who are still having issues:
The service starts in c:\windows\system32 Make sure LOCAL SERVICE and NETWORK SERVICE has full rights to this and all sub folders. If you do not see it ADD IT.
NOTE: Use the ADVANCED button on the folder properties to make your changes.
Also make sure %computername%\administrators (the %computername% is the name of your machine) has OWNERSHIP and full control of the entire c:\windows\system32 and subfolders directory
make sure you place a check mark next to the "Replace all child object permissions with inheritable permissions from this object"
Ckick Apply and watch the files fly by as the change is made. If you have Symantec endpoint or anyother protection it might prompt you that there is a change happening.
Restart
-
19. července 2012 14:46
Hi Bob,
Give this guide a try - it's written for Server 2008 R2 but is basically the same procedure. Let me know if this works on Win 7 OK.
- Navržen jako odpověď A. TheOne 19. července 2012 14:46
-
6. srpna 2012 2:01
using Procmon.exe I discovered access denied for the LOGS folder for the "LOCAL" system user
edit the permisions for the folder "%systemroot%/system32/winevt/logs"
find users
select LOCAL {enter}
Select ALL permissions {enter} accept warning {yes}
restart service where access was denied.
Use procmon.exe to capture the event and search for denied to verify if it persists. then check properties to identify user name such as LOCAL or NETWORK , jumpto address and change permissions to include,,,
- Navržen jako odpověď SunnySkyGuy1 6. srpna 2012 2:01
.png)
