Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Windows event log agent won't start in Windows 2008 server.

Answered Windows event log agent won't start in Windows 2008 server.

  • Wednesday, February 27, 2013 12:07 AM
     
     
    Sign In to Vote
    0

    Someone changed a GPO setting and now my Windows Event Log agent won't start, it is running as a local system.

    Other "Local System" logon's are running. What GPO could be blocking this from starting?

    I can't find it. Suggestions?

     

     

All Replies

  • Wednesday, February 27, 2013 3:09 AM
     
     
    Sign In to Vote
    0
    try gpresult /h gp.html to generate a HTML file with all the GP setting applied on that Computer/User.

    More info on GPRESULT can be found here - here

    You may want to check who can access/change group Policy settings and put measures in place to stop this from happening again.


    Sravan


     
  • Wednesday, February 27, 2013 9:23 AM
    Moderator
     
     Answered
    Sign In to Vote
    1

    Hi,

    As sravane mentioned before, we could use gpresult command to generate a GP report to check the GPO settings applied to the Windows server. In addition, the issue could be caused due to the incorrect permission settings for the administrator group. We could try to perform the following steps to troubleshoot the issue.

    1. In the "Start" menu, locate "Command Prompt". Right-click and choose "Run as Administrator". If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    2. Type the following commands, then press "Enter" to execute them one by one. Please note the space before the command and its parameter.

    takeown /f C:\windows\system32\logfiles\wmi\rtbackup

    cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F

    3. Restart the computer to check the issue.

    Hope this helps.

    Best Regards,

    Andy Qi

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Andy Qi
    TechNet Community Support