Windows event log service Error 5: Access is Denied

All replies

• 

  

  0

  Sign in to vote

  This issue has been discussed before. Have look here:

  http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/44479c49-55e6-4bd7-b25e-3f2a6497306e

  ---

  MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  Monday, December 12, 2011 6:15 AM
• 

  

  0

  Sign in to vote

  The knowledge base gives you an answer. Look here http://support.microsoft.com/kb/971256

  Regards

  Milos

   

  
  

  • Edited by Milos Puchta Monday, December 12, 2011 3:08 PM

  Monday, December 12, 2011 3:08 PM
• 

  

  0

  Sign in to vote

  Hi All,

    I have tried mentioned steps in MS KB but still the problem is same.

  Regards,

  RK.

  ---

  RAhamath

  Tuesday, December 13, 2011 4:56 AM
• 

  

  0

  Sign in to vote

  double click the Windows event service and oin the properties tab go to Log on using different credentials and use domain admin account if it works then your issue is related to ACL on the services. Try running sfc /scannow.

  ---

  MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  Tuesday, December 13, 2011 7:03 AM
• 

  

  0

  Sign in to vote

  I have realized, that you have not revealed the history of problem. It is not normal, that this service cannot be started. Please specify other information that may help (logs in events, application installations, updates, cange of configuration...)

  1. Have you used elevated administrator rights, when you tried procedures in 971256?

  2. Use Process Monitor from Sysinternals and make you own analysis of  what has failed. Monitor your  attempt  ti start service.

  3. Use Autoruns from Sysinternals to find if there are "foreign"processes (uncommon/strange  names with no vendor specification). Deaktivate then before you kill them

  4. I look for dependences of the service and found that it is not on other service. Either the Local Service has problem itself or it does not have sufficient rights to start service.

  5. For sure I would recommend logging boot (Enable... after F8)

  4. reveal possible conflict with Process Explorer from Sysinternals.

  Regards

  Milos

   

  Tuesday, December 13, 2011 8:01 AM
• 

  

  3

  Sign in to vote

  Hi All,

    It has been fixed.

  Open Windows Explorer and navigate to C:\Windows\System32\winevt\Logs folder

  Rename application.evtx file to application.evtxold

  Go to “services” and start Windows EventLog service manually.

  check if application.evtx file has been created and check it’s security settings.

  Regards,

  rk

  ---

  RAhamath

  • Marked as answer by Rahamathullah Thursday, December 29, 2011 7:22 AM

  Thursday, December 29, 2011 7:22 AM
• 

  

  1

  Sign in to vote

  In my case I had to change NTFS permissions  %WINDIR%\System32\WinEvt\Logs directory for Local Service and Network Service to FULL access
  

  Rebooted
  

  Which worked perfectly

  Wednesday, April 24, 2013 2:43 PM
• 

  

  2

  Sign in to vote

  First, rename all the eventlog files in:

  from command prompt:

  CD c:\windows\system32\winevt\logs  (enter)

  ren *.evtx *.evtxold    (enter)

  At services console, restart Windows Event Log service

  If that doesn't work, make sure the service account is set to "NT Authority\Local Service"

  run regedit

  drill down to HKLM\System\CurrentControlSet\Services\eventlog

  ObjectName should be "NT Authority\Local Service"  (make it that value if it isn't, then try restarting the service)

  Also, can check the permissions of above log directory for Local Service having full rights.

  • Proposed as answer by senthilgmtech Wednesday, April 5, 2017 9:39 PM

  Thursday, March 27, 2014 1:59 AM
• 

  

  0

  Sign in to vote

  Awesome!

  This was the fix.

  Thanks

  Tuesday, December 22, 2015 2:53 PM
• 

  

  0

  Sign in to vote

  Worked for me, thank you!

  Saturday, January 16, 2016 7:36 AM
• 

  

  2

  Sign in to vote

  The below steps works for me!

  Windows Event Viewer service was not starting:

   

  • sc.exe config "eventlog" obj= "NT AUTHORITY\LocalService"

  • CD c:\windows\system32\winevt\logs  (enter)
  • ren *.evtx *.evtxold    (enter)

  At services console, restart Windows Event Log service

  Wednesday, April 5, 2017 9:40 PM
• 

  

  0

  Sign in to vote

  Worked like a charm!

  Saturday, July 22, 2017 4:23 PM
• 

  

  0

  Sign in to vote

  I did followed the below article, and my issue got resolved.
  
  https://support.microsoft.com/en-in/help/971256/error-message-when-attempting-to-start-the-windows-event-log-service-a
  
  In my case “Eventlog” security group didn’t had “Full Control” permissions on “C:\Windows\System32\winevt\Logs” folder

  Friday, November 3, 2017 6:35 AM
• 

  

  0

  Sign in to vote

  thanx, best solution.

  Saturday, November 18, 2017 2:47 PM
• 

  

  0

  Sign in to vote

  Awesome, this worked for me Perfectly :-)
  

  This was the fix. Thanks
  

  
  

  Friday, December 15, 2017 7:55 AM
• 

  

  0

  Sign in to vote

  Hi All,

    It has been fixed.

  Open Windows Explorer and navigate to C:\Windows\System32\winevt\Logs folder

  Rename application.evtx file to application.evtxold

  Go to “services” and start Windows EventLog service manually.

  check if application.evtx file has been created and check it’s security settings.

  Regards,

  rk

  ---

  RAhamath

  Thank U, 

  This solutions works for me too..

  I have 3 evtx files.. renamed all three, then only the service resumes

  Wednesday, January 24, 2018 7:24 AM
• 

  

  0

  Sign in to vote

  Thanks!

  Tuesday, April 23, 2019 4:40 PM