none
Windows 10 events viewer: cannot open the event log RRS feed

  • Question

  • Hello,

    I've a brand new installation of Windows 10 Enterprise. When I try to view the application, security and System logs in the event viewer I am getting the following error:

    "Event Viewer cannot open the event log or custom view. Verify that Event Log Service is running or query is too long. The security descriptor structure is valid (1338)"

    Yes, verified that Event log service is running.

    Thanks,


    • Edited by tamangketa Wednesday, September 18, 2019 1:44 PM
    Wednesday, September 18, 2019 1:39 PM

Answers

  • Old GPOs were messing up. I completely created new GPOs for windows 10 and the error went away.
    • Marked as answer by tamangketa Monday, October 7, 2019 4:53 PM
    Monday, October 7, 2019 4:53 PM

All replies

  • Hi,

    Firstly, we could try the steps in the link below:

    Fixing "Event Viewer cannot open the event log" When Viewing System Logs

    https://www.howtogeek.com/howto/windows-vista/fixing-event-viewer-cannot-open-the-event-log-when-viewing-system-logs/

    Also it's a new installation of Windows 10, I suggest that we could use the "check for update" option in Settings to install updates to check.

    Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 19, 2019 9:26 AM
    Moderator
  • Windows 10 is fully updated and also cleared the log. Getting same error.

    Event Viewer will show the setup log but not the application, security and system log.


    • Edited by tamangketa Thursday, September 19, 2019 11:50 AM
    Thursday, September 19, 2019 11:49 AM
  • To evaluate the computer environment please post logs for troubleshooting.

    Using administrative command prompt copy and paste this whole command.

    Make sure the default language is English so that the logs can be scanned and read.

    https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html

    The command will automatically collect the computer files and place them on the desktop.

    Then use 7zip to organize the files and one drive, drop box, or google drive to place share links into the thread for troubleshooting.

    https://support.office.com/en-us/article/Share-OneDrive-files-and-folders-9fcc2f7d-de0c-4cec-93b0-a82024800c07

    This command will automatically collect these files:  msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.

    Open administrative command prompt and copy and paste the whole command:

    copy %SystemRoot%\minidump\*.dmp "%USERPROFILE%\Desktop\"&dxdiag /t %Temp%\dxdiag.txt&copy %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\"&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"&reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"&reg export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"

    There is one file for you to find manually:  dxdiag:  

    In the left lower corner search type:  dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread

    1) Open administrative command prompt and type or copy and paste:
    2) sfc /scannow
    3) dism /online /cleanup-image /scanhealth
    4) dism /online /cleanup-image /restorehealth
    5) sfc /scannow
    6) chkdsk /scan
    7) wmic recoveros set autoreboot = false
    8) wmic recoveros set DebugInfoType = 7
    9) bcdedit /enum {badmemory}

    10) net user test /add

    11) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread

    12) After posting the results into this thread reboot the computer and logon with the new user named test.  Report into the thread whether there is a change in the ability to use the event viewer.

    13) Place the computer in clean boot:


    https://www.tenforums.com/tutorials/41804-perform-clean-boot-windows-10-troubleshoot-software-conflicts.html

    .
    .
    .
    .
    .

    Please remember to vote and to mark the replies as answers if they help.
    .
    .
    .
    .
    .



    Thursday, September 19, 2019 12:06 PM
  • Old GPOs were messing up. I completely created new GPOs for windows 10 and the error went away.
    • Marked as answer by tamangketa Monday, October 7, 2019 4:53 PM
    Monday, October 7, 2019 4:53 PM