Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problem with Event Log

53 views
Skip to first unread message

Christian Reizlein

unread,
Jan 23, 2009, 12:40:30 AM1/23/09
to
Im having some troubles, aparently, with the event log service
Its set to automatically, but when i start the OS it does not start, if i go
to services and manually start it then it start just fine, and quick. But as
soon as i open the event log snapin the service stop itselfs. And basically
i can never reach to read a log entry to determine what the problem can be.
I had been searching around without too much look, but one of the things i
did was apply this patch:

http://support.microsoft.com/?kbid=952664
The Event Log service may stop responding because of a deadlock on a Windows
Server 2008-based or Windows Vista-based computer

Anyway, this didnt resolved anything, the problem persists
What is more problematic is that due that service beign fault all the system
starts to act really odd, i have partials hangs, for a few secs, and the
Software license service is also getting stopped and that makes the system
more unstable, sometimes my control panel does not open and its due the
software license service beign stopped, when i start it then i got the
control panel back.

here is the debug i got with the SC, but i have no idea and didnt found
information about the exit code 23

>sc query eventlog (when running)

SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

>sc query eventlog (when it got stopped by itself)

SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 23 (0x17)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Does anyone know what else can i do?
Thanks,
Christian

Christian Reizlein

unread,
Jan 23, 2009, 12:43:21 AM1/23/09
to
I forgot to mention that im running windows server 2008 enterprise 32bits -
[Version 6.0.6001]


"Christian Reizlein" <crei...@hotmail.com> wrote in message
news:AC5DA75E-5F99-49A9...@microsoft.com...

Dave Patrick

unread,
Jan 24, 2009, 12:31:44 PM1/24/09
to
You might have some event log file corruption. You can try deleting them.
Control Panel|Administrative Tools|Services|Event Log Service|General, set
the "Startup Type:" to "Disabled" restart the pc, then delete (or move) the
corrupt *.evt file(s) from %systemroot%\system32\config then set the Event
Log Service "Startup Type:" back to "Automatic", restart for effect.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

Christian Reizlein

unread,
Jan 24, 2009, 1:31:18 PM1/24/09
to
there are no .evt files in that folder
are you sure that does this apply for win2008?


"Dave Patrick" <DSPa...@nospam.gmail.com> wrote in message
news:u0fwhmkf...@TK2MSFTNGP05.phx.gbl...

Dave Patrick

unread,
Jan 24, 2009, 1:36:42 PM1/24/09
to
Yes, I have them. Did you set Windows Explorer to view hidden, system files?

Christian Reizlein

unread,
Jan 24, 2009, 1:58:59 PM1/24/09
to
yes, of course, i have a bounch of files in there, but none of them is .EVT,
i have .SAV, .LOG, .LOG1 and .LOG2
but no .EVT files

should i delete them all? :)


"Dave Patrick" <DSPa...@nospam.gmail.com> wrote in message

news:eZT$LLlfJH...@TK2MSFTNGP04.phx.gbl...

Dave Patrick

unread,
Jan 24, 2009, 2:25:59 PM1/24/09
to
No, absolutely not! Only *.evt files. You'll need to figure out why you
can't see them. Try;

Explorer|Tools|Folder Options|View, then radio button for "Show hidden files
and folders", then uncheck the box for "Hide protected operating system
files" and uncheck the box for "Hide extensions for known file types",
finally button for "Apply to All Folders"

Dave Patrick

unread,
Jan 24, 2009, 2:53:52 PM1/24/09
to

OMG! I'm sorry! Would you believe I was on my 2008 test box but was TS (full
screen mode) into a 2003 box. Should have been;


Server Manager|Configuration|Services , set the "Startup Type:" to
"Disabled" restart the pc then delete (or move) the corrupt *.evt file(s)
from %systemroot%\system32\winevt\logs then set the Event Log Service

"Startup Type:" back to "Automatic", restart for effect.

(yes, I just tested this as well)

Dave Patrick

unread,
Jan 24, 2009, 3:06:22 PM1/24/09
to
I'm sure you noticed but the files are EVTX not EVT

Christian Reizlein

unread,
Jan 24, 2009, 6:21:30 PM1/24/09
to
There we go, now that makes sense, i found the files, and yes, u where
right, they are .etvx ,
That was the reason i wasnt able to find any .evt on my disk :)

Now the service seems to be working fine, the odd thing is that once i moved
the files, then started it and cleared all the logs, just in case.
Now i cannot restart the service since when i want to stop it, it also want
to stop the task schedule and i got access denied to it, the stop/restart
options for the task scheduler service are greyed, that is pretty odd

i guess i will need to restart the machine and see if that helps...

"Dave Patrick" <DSPa...@nospam.gmail.com> wrote in message

news:%237nh81l...@TK2MSFTNGP05.phx.gbl...

Dave Patrick

unread,
Jan 24, 2009, 7:41:18 PM1/24/09
to

Yes, after you delete the files then set the 'Windows Event Log' service
back to 'Automatic' then restart the box.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

0 new messages