One of our readers faced a problem where the Windows Event Log failed to start, and as a result, a couple of other services failed as well. Attempting to start the Windows Event Log service manually via the Services MMC resulted in error 4201. The complete error message is provided below:
Windows could not start the Windows Event Log service on Local Computer. Error 4201: The instance name passed was not recognized as valid by a WMI data provider.
And the following errors popped up when opening the Event Viewer and Task Scheduler.
Event Log service is unavailable. Verify that the service is running. Task Scheduler service is not available. Task Scheduler will attempt to reconnect to it.
Upon checking the Event Log service registry key and values, they were intact. Eventually, the problem turned out to be the incorrect permissions for the C:\Windows\System32\LogFiles\WMI\RtBackup
directory. The SYSTEM
account needs full control permissions for the directory — only then the Windows Event Log service would start. Note that I didn’t have to rename or delete the RtBackup
directory.
Solution for Event Log Service Error 4201
Fix the Permissions for RtBackup Folder
- Start Windows in Safe mode.
- Open the “
C:\Windows\System32\LogFiles\WMI
” folder. - Right-click on the
RtBackup
folder and choose Properties.
- Click the Security tab, and click the Edit button.
- Click Add.
- Type
SYSTEM
and click OK.
- Enable “Full control” Permission to “Allow.”
- Click OK, and then click Yes when asked for confirmation.
- Restart Windows (in normal mode), and verify if the Windows Event Service has started.
Unable to assign permissions for the RtBackup folder?
If you’re unable to assign permissions for the RtBackup folder, try taking ownership of the folder and then repeat steps 1-9 above.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
Hmmm… I see an improvement in your blog, Ramesh. No more any of those “How disable …” Instead, you are actually posting very useful topics. Very nice.
Still, I wonder how that one of your readers managed to get himself into this trouble…
Well, its realy a nice post, you cover advance troubleshooting and provide very unique things, thanks
Worked perfectly.
Very Thanks!!!
worked like a champ
thank you this worked perfectly for us on a windows 2008 server. Fortunately we didn’t go through with the instructions found elsewhere to reset the permissions of ALL registry keys!!
Thanks, thats worked for us, after restart !
Thanks for the walk through, it worked for me. However I’m running a W2K8R2 server and didn’t need to startup in safe-mode…but I did have to log in as network administrator to set the permissions. For those wanting more info on this issue, there is a MSDN social thread that expands on the “permissions of ALL registry keys” here; http://social.msdn.microsoft.com/Forums/en/windowscompatibility/thread/c75ae899-d05b-411d-a7f2-00fdd33b8589
Thanks again!
I also had this problem for the last 2 years with both Windows Vista and Windows 7 ultimate. No spyware. No virus. System files were intact.
I got the problem solved by RESETTING ALL USER PERMISSIONS TO DEFAULT.
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/how-to-reset-all-user-permissions-to-default/9da312d2-c99b-4283-a275-e74d93dcc366
Eyy! Tahnks man I fix me issue, I had been loking a lot web sites tos fix the problem and dindnt work any topic, your solution runn well, thanks one time more.
Fixed my problem………….thank you!
Excellent, Thanks a lot!.
Cheers
Amazing.
Still valid to Windows Server 2008 R2 X64
Save a lot of time
Regards
thanksssssssssssssss worked on windows 7 Sp1
Thanks! Simple, effective, and probably the most “correct” fix. No screwy backdoor registry renaming deletion foolishness. If you must do all that, fine, but why not fix the problem instead of playing hide and seek with an unknown? Followed your directions exactly, worked perfectly. Windows 7 64bit.
That sorted the problem. Thanks very much. Great easy to follow instructions.
The “Allow” boxes are grayed out on my Windows 7
Thank you, it fixed the problem on Win 2008 R2.
“Most Excellent”! Myself and my customers deeply appreciate your recommendation…Problem is “fixed”!
Well, I think Occam said it already, no need for me to repeat it. Excellent, intuitive and perfectly effective. If only this process would catch on in the entire programming world!…
Thanks a ton! Solved the issue perfectly!
After trying to install Office 2013 Pro Plus many, many times and each time getting a very generic error of:
Microsoft Office Professional Plus has encountered an error during setup.
Then getting the message:
Microsoft Setup Bootstrapper has stopped working.
I tried a lot of remedies proffered by various websites
I was about to throw in the towel when I came across your suggestion.
Voilà – Office 2013 installed flawlessly!
Many thanks, very much appreciated.
Windows 7 Ultimate N Service Pack 1
I tried the sloution on windows 2008 R2 Enterprise as well and it worked.
Thx a ton 🙂
Tks for that – tried a few other solutions posted elsewhere and none proved effective for various reasons but your solution immediately worked. Brilliant!
This worked but messed up some of my files and i can’t access windows explorer… please help. I need to undo this!!
I worked on Normal mode itself…. I applied the premission through normal mode only…. Its is working fine
I had this same issue “Error 4201: The instance name passed was not recognized as valid by a WMI data provider.”
The problem was the incorrect permissions. Solved thanx!
Didn’t work. System already has full control.
this worked for me:
changed start from 0 to 1 in these three in AutoLogger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\
\EventLog-Application\
\EventLog-Security\
\EventLog-System\
Thank you very much! This certainly solved my problem.
Fantastic. Finally got Event Viewer running again.
The RtBackup folder was deleted by me!
Created a new folder and checked permissions. All was good.