locked
Event Log Service missing on my windows 7 machine RRS feed

  • Question

  • Hi all,

    I am trying to reactivate my event log service that was missing from my machine. I do have the file itself "C:\Windows\System32\wevtsvc.dll". I've done a lot of searching on the web for something that could help on that issue, installed a couple of related HotFixes -- currently installed the 6.1.7601.21772 version of the file.

    Yet, the service isn't running -- I tried running that using the "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" -- But I didn't know where to look for a log for an error that might occur while running that.

    In addition I followed a couple of guide lines allowing access of the administrators to the LogFiles/RtBackup directory. Without success either... the service just won't run.

    When running the mmc Computer Management tool -- it doesn't of course present the Event Viewer -- due to the lack of the Event Log Service which isn't running.

    How can I reconstruct the service?

    Any ideas would be great.

     


    AB
    Monday, October 3, 2011 7:36 PM

Answers

  • Try to open a command prompt with elevated privileges and type the following command:

     

    SC SDSET eventlog D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    • Marked as answer by Niki Han Wednesday, February 15, 2012 9:34 AM
    Friday, December 16, 2011 10:26 AM

All replies

  • Hi,

     

    Please try to start the service manually and let me know the error message you receive.

     

    1. Click Start, type Services.msc in Start Search bar, and then press Enter.

    2. In the right pane, double-click Windows Event Log.

    3. In the Startup type list, click Automatic, click Apply, click Start, and then click OK.

     

    If you cannot find Windows Event Log anywhere, please open an elevated command window, type the following command to create the service.

     

    sc create eventlog binpath= "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" type= share start= auto error= normal group= "Event Log" tag= no obj= "NT AUTHORITY\LocalService" DisplayName= "Windows Event Log"

     

    Best Regards,

    Niki


    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, October 5, 2011 8:09 AM
  • After writing the command you wrote the service does appear on the services.

    Yet, when starting the service, it wrote:

    "Windows could not start the Windows Event Log service on Local Computer. Error 1314: A required privilege is not held by the client"

    How do I apply privileges? -- and to which user?

     

    Thanks in advance,

    ---

    Amit


    AB
    Wednesday, October 5, 2011 8:27 AM
  • Niki,

             Great answer, and I think I am close. The message I get is [SC] OpenSCManager FAILED 5: Access is denied 

    but stupidly I made myself the only user,  any idead on what I need to do? 

     

    Thanks,

    Jim

    Sunday, December 11, 2011 3:08 PM
  • Hi all,

     

    i have the same Problem.  The Service "Windows Eventprotocol" on "local Machine" could not be started.

    FAILED 5: Access is denied.

     

    Do anybody have an idea to resolve?

    thx,

    Thomas

    Friday, December 16, 2011 8:32 AM
  • Try to open a command prompt with elevated privileges and type the following command:

     

    SC SDSET eventlog D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;SA;DCRPWPDTCRSDWDWO;;;WD)(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

    • Marked as answer by Niki Han Wednesday, February 15, 2012 9:34 AM
    Friday, December 16, 2011 10:26 AM
  • I have exactly the same problem and have followed the advice so far.

    The sc create eventlog has successfully completed and has restored the eventlog service to the list of services, however a manual start is not sucessful for the same reason as Nighthawk07 posted above:

    "Windows could not start the Windows Event Log service on Local Computer.

    Error 1314: A required privilege is not held by the client."

    I carried out the SC SDSET command which reported success, but the service still reports the same error.

    Regards

    Richard

    Friday, April 6, 2012 1:50 PM