Announcement

Collapse
No announcement yet.

Windows 2008 Server Event viewer - Event Log is unavailable

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 Server Event viewer - Event Log is unavailable

    Dear

    Since a few days I can no longer access my event viewer on my Windows Std 2008 Server. When trying to access it I get "the Event Log Service is unavailable".
    The EventLog service is set to automatic but when I try to start it I get "error5: Access Is Denied".
    I am logged in with administrator account.
    I wanted to check the log on information of this service but I am unable to change anything in here. The account is greyed out and set to Local Service which I assume is ok.
    Rebooting the server did not help.

    Any help is welcome.

    Kind Regards
    Bert

  • #2
    Re: Windows 2008 Server Event viewer - Event Log is unavailable

    Hi,

    How are you logging into the 2008 machine? Interactively or through RDP?

    http://support.microsoft.com/kb/946390
    Last edited by L4ndy; 10th February 2009, 14:17. Reason: Added link
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Windows 2008 Server Event viewer - Event Log is unavailable

      please review:
      http://blogical.se/blogs/johan/archi...ble-issue.aspx
      http://www.techtalkz.com/windows-vis...ailable-2.html
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Windows 2008 Server Event viewer - Event Log is unavailable

        Originally posted by L4ndy View Post
        Hi,

        How are you logging into the 2008 machine? Interactively or through RDP?

        http://support.microsoft.com/kb/946390
        Hi

        I am logging in through RDP. What I understand from the article below is that when I would have a vista client I would be able to view the event viewer.

        Strange thing is that I can view the event viewer on another 2008 server without problems, same permissions are set.

        I have installed VNC but machine needs to reboot. Tomorrow I will check if event viewer works when I am logged on to the console via VNC.

        Thanks.

        Bert
        Last edited by bertk; 11th February 2009, 09:45.

        Comment


        • #5
          Re: Windows 2008 Server Event viewer - Event Log is unavailable


          First option did not work, this was one of the few articles I already found on this problem.

          For the second I will wait untill the reboot. If I can check event viewer when logged on to the console via VNC it's ok.

          Still, a fix from MS would be nice.

          Regards

          Bert

          Comment


          • #6
            Re: Windows 2008 Server Event viewer - Event Log is unavailable

            Hi

            i finally went on site, logged on to the server with admin account on the console but the win event viewer service is still down. When trying to restart the service it still says "access is denied". I have checked svchost permissions, administrator has full access to it.

            I have run cacls system.evtx with the following output:

            C:\Windows\System32\winevt\Logs\System.evtx
            NT AUTHORITY\SYSTEMID)F
            BUILTIN\AdministratorsID)F
            BUILTIN\UsersID)R

            Seems ok.


            I'm out of ideas.

            reagrds

            Bert
            Last edited by bertk; 18th February 2009, 12:27.

            Comment


            • #7
              Re: Windows 2008 Server Event viewer - Event Log is unavailable

              Hi

              Does someone still has an idea what the solution might be for this problem?

              Regards

              Bert

              Comment


              • #8
                Re: Windows 2008 Server Event viewer - Event Log is unavailable

                Have you considered making a customised MMC template with the event viewers added to all servers? It is worth testing. It doesn't resolve your issue but if this allows you to view the event viewer, gets the important event viewer checking part up and running.

                Comment


                • #9
                  Re: Windows 2008 Server Event viewer - Event Log is unavailable

                  customised MMC does not work. "unable to complete the operation on "system". The interface is unknown"

                  Comment


                  • #10
                    Re: Windows 2008 Server Event viewer - Event Log is unavailable

                    I have checked on another 2008 server. The only difference I can see for the issue with the event viewer is on the permission level. The Trustedinstaller permissions on svchostis are missing on the problematic server. svchost should have full permissions set for trustedInstaller by default but these are missing.

                    As TrustedInstaller is a service and not a user or group I do not know how to add it back to the permission of svchost.

                    FYI - Windows event log = C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

                    Comment


                    • #11
                      Re: Windows 2008 Server Event viewer - Event Log is unavailable

                      Just a vague suggestion,
                      Can you give this a go: http://support.microsoft.com/kb/929833
                      I am not sure if it works on win 2008 as the KB is intended for Vista but there is no harm in giving it a go and see if it does the trick.

                      Ta
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment


                      • #12
                        Re: Windows 2008 Server Event viewer - Event Log is unavailable

                        tried the procedure described in kb929833 but nothing changed. To be sure I will reboot the machine overnight and check tomorrow but my guess is that the reboot will not change anything.

                        Comment


                        • #13
                          Re: Windows 2008 Server Event viewer - Event Log is unavailable

                          Reboot did not change anything. I am pretty stuck here. With an aperational server and no event viewer, it is for from ideal.

                          Any input appreciated.

                          Did someone ever tried to reset security settings on system folders to default on a 2008 server. If so, please link me to a procedure.

                          Comment


                          • #14
                            Re: Windows 2008 Server Event viewer - Event Log is unavailable

                            The following services are down, it is not only he event viewer
                            Windows event log service
                            Windows Com+ Event
                            Background Intelligent Transfer

                            Also the dependencies on these services are missing.

                            What I am trying to find out is how to reset default permissions for these services and the system files these services are using. Few things seem to be published about this ... did not find anything yet.

                            Would it be worth reinstalling windows 2008. Possible to reinstall only system files / folders. Problem that this is a live TS server with quiet some published applications running on it.

                            Comment


                            • #15
                              Re: Windows 2008 Server Event viewer - Event Log is unavailable

                              Next step is to run the system file checker hoping the sfc can repair the corrupted files.

                              If this is not working I will consider an OS recovery as there is no progress anymore.

                              Comment

                              Working...
                              X