After ADPREP - no access to event viewer !

Hello there,

I've just DCPROMOed a newly cleaned up Windows 2003 into my existing 2000 domain.

For those that know, you have to run ADPREP /forestprep and /domainprep which went well.

Not sure if this is related, but this morning, I cannot view any of the Event Logs (except System) on the machine - I am using the Domain Administrator account.

I'm a little concerned - but I can actually view the events using DAMEWARE tools (3rd party networking tools) from my local machine ... which is perhaps even odder !

I've tried using a MMC from another DC to view them and have the same issue.

The AD itself seems fine and usable from the Windows 2003 machine.

I'm a bit a baffled.

Any ideas ?

S.S.

SpencerSteelAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Debsyl99Commented:
Hi

So the event viewer actually opens - you just can't read the logs except system?

Have you tried deleting or moving the logs, and recreating them? It maybe worth a try to see if you can get the functionality back,
How to Delete Corrupt Event Viewer Log Files
http://support.microsoft.com/kb/172156/EN-US/

Deb :))
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SpencerSteelAuthor Commented:
Hello again Debs,

I'm actually thinking this is a little more serious than this - it's a 'permissions' things - that my 'Administrator' account is somehow screwed

I have another system of SQLAGENT starting and then stopping instantly as a service ... that runs under the ./Administrator account.

I'll post more when I get a chance to look at it properly.

Thanks Debs

S.S.
0
corneliupCommented:
Had same problem a year and so ago, right click your logs (the ones that you can't see) and check under view if you have checked "all records" or "filter".
The logs are there but you can't see them, they are hidden by a filter.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

SpencerSteelAuthor Commented:
Just to clarify ...

As soon as I click, say, 'Application' on the right hand pane, the icon changes into one with a red cross on it ... and I get a popup in the left hand side that says

"Unable to complete the operation on "Application". Access is denied"

I'm sorry for the misunderstanding.

Basically, this looks like the Administrator account has lost some of it's 'Enterprise' type priviledges.

I just had a similiar thing with the SQLAGENT - once I changed it to run under SYSTEM account, it started fine.

Therefore I may have to open a new ticket called 'resetting Administrator priviledges' or something

It's quite worrying and very odd, as SQL Server itself and the rest of the server seem to be OK ... can't see anything in the Event log (from looking at it from my software) that seems to be too worrying either.

So, it's 'just' a permissions things, with this Event viewer being a visible 'symptom'

The machines hate me.

All of them.

Thanks

S.S.
0
SpencerSteelAuthor Commented:
The machines hate me - and I can't tell my left from my right ....

As soon as I click, say, 'Application' on the LEFT hand pane, the icon changes into one with a red cross on it ... and I get a popup in the RIGHT hand side that says

"Unable to complete the operation on "Application". Access is denied"


My head hangs in shame

S.S.
0
corneliupCommented:
have you checked the rights on:

C:\%SYSTEMROOT%\SYSTEM32\CONFIG\*.EVT

wich are the logs?

On my servers I have only System and Administrators "full controll"

0
Debsyl99Commented:
Eek - looks like some messed up permissions somewhere for sure - check that the account that you're using is member of the correct groups:

ie Administrators
Domain Admins
Domain Users
etc etc.

I'd also check the permissions on the root drive ie C: - Default is full control everyone - scary I know, but changing this can lead to problems - if it has changed, you'll need to change it back, or I'll post a link on hardening it up,

Deb :))
0
SpencerSteelAuthor Commented:
Just to let you know, i've logged an email 'incident' with MS to look into this, as I want to make sure there is nothing untoward going on with the Administrator account at a low level in the AD.

I'll let you know the results.

S.S.
0
Debsyl99Commented:
No probs S.S - Have you checked into the group membership of the admin account, and the assigned priveleges to the various admin related groups? Most of the rights assigments to carry out server based tasks is assigned to the administrators group, of which the Administrator account is a member of.

Have you tried creating a specific user account, then giving it membership of the groups relevant to the built in Administrator account and seeing if that works - Administrators, Domain Admins, Enterprise Admins etc

It's most unusual that rights should just spontaneously change........ Will look forward to seeing what the great MS have to say.

Deb :))
0
Debsyl99Commented:
Is this by any chance related to your twin mutant admin accounts? (ROFL - I know it's not funny, sorry!) - Keep us updated!
Deb x
0
SpencerSteelAuthor Commented:
OK - after many, many weeks of twatting around ... we (MS and I) came to the conclusion there was *something* running in the Computer Associates Arceserve 11.01 'trail' software (I was awaiting the keys from an 9.01 upgrade!) ... once the keys came the the software was fully 'unlocked' both the Permissions Denied on the event log and 'mutant admin account' were fine.

No. I have NO IDEA either. But it's all sorted itself out.

And thank God this has been documented by MS or I wouldn't believe it either.

I'm giving the points to Debs because I can't be arsed to find the refund button and she's always there for me.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.