none
Event Log service is unavailable. Verify that the service is running.

    Question

  • Hello,

    Environment : Windows Server 2008 R2 ENT

    I get error message Event Log service is unavailable. Verify that the service is running. whenevr I try to open event viewer.

    When I try to start the service from Services console, I get below error

    I tried sfc /scannow, there were no integrity errors.

    Please help me to fix this issue.

    Thanks


    ~ Knowledge Seeker

    Tuesday, February 7, 2012 7:24 PM

Answers

All replies

  • please try deleting all the files in the C:\Windows\System32\winevt\Logs folder and check. and if doesn't help try to do a reboot.

    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

    Tuesday, February 7, 2012 7:53 PM
  • Thanks for the reply. I deleted the files from  C:\Windows\System32\winevt\Logs folder and even rebooted server. However, issue still persists.

    ~ Knowledge Seeker

    Tuesday, February 7, 2012 8:20 PM
  • A quick update !

    I came across following thread and tried steps mentioned in that discussion; it appears that, WMI provider has crashed permanently and I have no other option but to rebuild the OS !

    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e516aa8b-9304-4fd9-a313-6a1942872df9/


    ~ Knowledge Seeker

    Tuesday, February 7, 2012 9:04 PM
  • check for the dependancies of the service and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog : "Start"=dword:00000002
    • boot to the safemode and check it.
    • Try doing cleanboot and see it works.
    • can you make sure you have the permission of the Logs folder.

    refer to this : http://support.microsoft.com/kb/972999

    and also refer to the thread :http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e516aa8b-9304-4fd9-a313-6a1942872df9

    I am not sure about this fix : netsh winsock reset.. what winsock has to do with this but some of them said it fixed up the issue. reference :http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/1b6b52b5-52f1-4f37-934e-c4d4e499e668/


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

    • Marked as answer by Jayawardhane Tuesday, February 7, 2012 10:09 PM
    Tuesday, February 7, 2012 9:10 PM
  • check for the dependancies of the service and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog : "Start"=dword:00000002
    • boot to the safemode and check it.
    • Try doing cleanboot and see it works.
    • can you make sure you have the permission of the Logs folder.

    refer to this : http://support.microsoft.com/kb/972999

    and also refer to the thread :http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e516aa8b-9304-4fd9-a313-6a1942872df9

    I am not sure about this fix : netsh winsock reset.. what winsock has to do with this but some of them said it fixed up the issue. reference :http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/1b6b52b5-52f1-4f37-934e-c4d4e499e668/


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

    Thanks, I will try the steps suggested in your post and revert in a while.

    ~ Knowledge Seeker

    Tuesday, February 7, 2012 9:31 PM
  • Ok, I downloaded fix from  http://support.microsoft.com/kb/972999 

    When I try to install the fix ( Windows6.0-KB972999-v2-x64.msu ), I get following error

    I even tried instructions from This KB Article to install the fix, but in vain.

    Finally, rebooted server after Resetting winsock , Bingo !!! Event Viewer Came Up :-))


    ~ Knowledge Seeker


    • Edited by Jayawardhane Tuesday, February 7, 2012 10:09 PM correction
    Tuesday, February 7, 2012 10:01 PM
  • that fix is applicable for 2008 sp2 and ur using 2008 R2

    is this Prodcution server / Lab server ?? and any roles installed on it.

    and did u try doing cleanboot and tried checking in Safemode.??


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.


    • Edited by Gopi Kiran Tuesday, February 7, 2012 10:09 PM
    Tuesday, February 7, 2012 10:08 PM
  • that fix is applicable for 2008 sp2 and ur using 2008 R2

    is this Prodcution server / Lab server ?? and any roles installed on it.

    and did u try doing cleanboot and tried checking in Safemode.??


    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.


    Edited my reply, few minutes before ! Issue is resolved now ! By the way, the server in question would going to become a production server :-)

    ~ Knowledge Seeker

    Tuesday, February 7, 2012 10:12 PM
  • Glad it worked.

    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

    Tuesday, February 7, 2012 10:17 PM
  • Glad it worked.

    Gopi Kiran |Facebook| This posting is provided AS IS with no warranties,and confers no rights.

    Thanks for your time, much appreciated. 

    ~ Knowledge Seeker

    Tuesday, February 7, 2012 10:21 PM
  • Hi All,

    Issue is when we start the windows event log service (services.msc) we will be getting access denied error. to correct this please follow the  steps mentioned at the below path.

    http://support.microsoft.com/kb/971256

    then services.msc start windows event log service. then you will be able to browse eventvwr without any issues.

    Thursday, June 14, 2012 1:43 PM
  • Hi All,

    Issue is when we start the windows event log service (services.msc) we will be getting access denied error. to correct this please follow the  steps mentioned at the below path.

    http://support.microsoft.com/kb/971256

    step1:

    • Right-click on %SystemRoot%\System32\winevt\logs and select Properties.
    • Select the Security tab.
    • Administrators - Full control
      SYSTEM - Full control
      EventLog - Full control

    Step2:

     Default permissions on the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability

       CREATOR OWNER - Full control 
       SYSTEM - Full control 
       LOCAL SERVICE - Query Value, Set Value, Create Subkey, Notify and Delete
       Administrators - Full control
       Users - Read

    then services.msc start windows event log service. then you will be able to browse eventvwr without any issues.

    • Proposed as answer by Aronbabu S Friday, June 15, 2012 5:11 AM
    Friday, June 15, 2012 5:05 AM
  • Implement following steps to start the eventlog service,
    1. Go to C:\Windows\System32\winevt\logs folder and Right Click on system and application event --> Click on properties --> Uncheck Read only option--> click on Apply and Ok. 
    2. Start the windows eventlog service now and it will run fine with out any issues.
    3. All the events stored back to the eventvwr console automatically.
    Monday, September 1, 2014 12:04 PM
  • This netsh winsock reset was the only thing that fixed the problem for me (Win 7 Pro, fully patched as of Nov 22 2016)

    After hours of troubleshooting why a PC would lock up shortly after desktop load, I narrowed it down to the Windows Event Log service.  Every time I'd turn that off, the system was fine, and everytime it was on, the system froze within seconds of desktop load (usually triggered by a click or opening something). 

    I had tried setting that Start= from dword 4 to dword 2, this set the service state to Running as per msconfig, even though under Services in msconfig, the Windows Event Log service as unchecked (thus, msconfig deems it a Selective Startup).  So I'm not sure what the start types are as this dword refers to, but as the winsock fix was the more complete solution, allowing me to have msconfig showing Normal startup, I went with that instead. 

    Wednesday, November 23, 2016 12:56 PM
  • Just my 2 cents: I did this to no avail.  So it was the netsh winsock reset that ultimately worked. 
    Wednesday, November 23, 2016 12:58 PM
  • Thanks this worked for me!!!
    Monday, January 22, 2018 11:59 AM