One of our readers faced a problem where the Windows Event Log failed to start, and as a result, a couple of other services failed as well. Attempting to start the Windows Event Log service manually via the Services MMC resulted in error 4201. The complete error message is provided below:
Windows could not start the Windows Event Log service on Local Computer.
Error 4201: The instance name passed was not recognized as valid by a WMI data provider.
And the following errors popped up when opening the Event Viewer and Task Scheduler.
Event Log service is unavailable. Verify that the service is running.
Task Scheduler service is not available. Task Scheduler will attempt to reconnect to it.
Upon checking the Event Log service registry key and values, they were intact. Eventually the problem turned out to be the incorrect permissions for the C:\Windows\System32\LogFiles\WMI\RtBackup directory. The SYSTEM group needs full control permissions for the directory only then the Windows Event Log service would start. Thanks to Alexzhu for sharing the solution here. Note that we didn’t have to rename or delete the RtBackup directory.
Fixing the Permissions for RtBackup Folder in Windows 7 and Windows Vista
1. Start Windows in Safe mode
2. Open the "C:\Windows\System32\LogFiles\WMI" folder
3. Right-click on the RtBackup folder and choose Properties
4. Click the Security tab, and click the Edit button.
5. Click Add
6. Type SYSTEM and hit ENTER
7. Enable "Full control" Permission to "Allow"
8. Click OK, and then click Yes when asked for confirmation.
9. Restart Windows (in Normal mode), and verify if the Windows Event Service has started.
Unable to assign permissions for the RtBackup folder?
If you’re unable to assign permissions for the RtBackup folder, try taking ownership of the folder, and then repeat the steps 1-9 above.
Related Posts
- Fix for Event Log Service Startup Error 1079
- Fix for Windows Search Service Startup Error 1053 in Windows 7
- Wevtutil Error “the Specified Channel Could Not Be Found” When Clearing an Event Log File
- How to Determine the Last Shutdown Date and Time in Windows XP/2003/Vista
- How to Become a Microsoft Most Valuable Professional (MVP)?
If you enjoyed this post, make sure you subscribe to our RSS feed! We feature Tips, Troubleshooting information, Scripts and Utilities for Microsoft Windows Operating Systems!
Prefer an E-mail subscription?
Fixed my problem………….thank you!
Eyy! Tahnks man I fix me issue, I had been loking a lot web sites tos fix the problem and dindnt work any topic, your solution runn well, thanks one time more.
I also had this problem for the last 2 years with both Windows Vista and Windows 7 ultimate. No spyware. No virus. System files were intact.
I got the problem solved by RESETTING ALL USER PERMISSIONS TO DEFAULT.
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-to-reset-all-user-permissions-to-default/9da312d2-c99b-4283-a275-e74d93dcc366
Thanks for the walk through, it worked for me. However I’m running a W2K8R2 server and didn’t need to startup in safe-mode…but I did have to log in as network administrator to set the permissions. For those wanting more info on this issue, there is a MSDN social thread that expands on the “permissions of ALL registry keys” here; http://social.msdn.microsoft.com/Forums/en/windowscompatibility/thread/c75ae899-d05b-411d-a7f2-00fdd33b8589
Thanks again!
Thanks, thats worked for us, after restart !
thank you this worked perfectly for us on a windows 2008 server. Fortunately we didn’t go through with the instructions found elsewhere to reset the permissions of ALL registry keys!!
worked like a champ
Worked perfectly.
Very Thanks!!!
Well, its realy a nice post, you cover advance troubleshooting and provide very unique things, thanks
Hmmm… I see an improvement in your blog, Ramesh. No more any of those “How disable …” Instead, you are actually posting very useful topics. Very nice.
Still, I wonder how that one of your readers managed to get himself into this trouble…