locked
event viewer cannot open the Security event log or custom view RRS feed

  • Question

  • Dear All

    When I m doing DC maintenance I accidently cut and paste security event log file from logs folder

    Now I m getting following error when I open security event

    "Event viewer cannot open the Security event log or custom view. Verify that event log service is running. Access denied (5)”

    Its on of my DC and 2008 server std

    RGD

    BaN

    Friday, September 3, 2010 5:42 AM

Answers

  • Hi,

     

    Please paste the same event logs to logs folder again and check, If you want to take the back the backup of your event logs then save and clear the logs from eventvwr.msc


    Thanks and Regards, Vikas This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Proposed as answer by Vikas Siingh Friday, September 3, 2010 10:19 AM
    • Marked as answer by Bruce-Liu Friday, September 24, 2010 2:52 AM
    Friday, September 3, 2010 9:58 AM
  • Hi,

     

    Have you confirmed event log service is started? Did you use domain admin account to view event log?

     

    If so, go to %SystemRoot%\System32\Winevt\Logs, check whether the Eventlog account has full control permission on the folder winevt, logs and the file security.evtx. If not, add it back and reboot machine to take effect. Then try to access security log again.

     

    Regards,

    Bruce

    • Marked as answer by Bruce-Liu Friday, September 24, 2010 2:52 AM
    Tuesday, September 7, 2010 10:19 AM

All replies

  • Check the security permission settings of "C:\Windows\System32\winevt\Logs", also verify that the user have permission to acccess the folder.

    Regards,
    Mani
    JiJi Technologies Team,

    Friday, September 3, 2010 8:48 AM
  • Hi,

     

    Please paste the same event logs to logs folder again and check, If you want to take the back the backup of your event logs then save and clear the logs from eventvwr.msc


    Thanks and Regards, Vikas This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Proposed as answer by Vikas Siingh Friday, September 3, 2010 10:19 AM
    • Marked as answer by Bruce-Liu Friday, September 24, 2010 2:52 AM
    Friday, September 3, 2010 9:58 AM
  • Hi,

     

    Have you confirmed event log service is started? Did you use domain admin account to view event log?

     

    If so, go to %SystemRoot%\System32\Winevt\Logs, check whether the Eventlog account has full control permission on the folder winevt, logs and the file security.evtx. If not, add it back and reboot machine to take effect. Then try to access security log again.

     

    Regards,

    Bruce

    • Marked as answer by Bruce-Liu Friday, September 24, 2010 2:52 AM
    Tuesday, September 7, 2010 10:19 AM
  • Make sure you are opening the Security log with elevated privileges - to eliminate impact of UAC

    hth
    Marcin

    Tuesday, September 7, 2010 10:52 AM
  • Hi,

     

    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.

     

    Have a great day!

    Thursday, September 9, 2010 1:45 AM