After ADPREP - no access to event viewer !

Hello there,

I've just DCPROMOed a newly cleaned up Windows 2003 into my existing 2000 domain.

For those that know, you have to run ADPREP /forestprep and /domainprep which went well.

Not sure if this is related, but this morning, I cannot view any of the Event Logs (except System) on the machine - I am using the Domain Administrator account.

I'm a little concerned - but I can actually view the events using DAMEWARE tools (3rd party networking tools) from my local machine ... which is perhaps even odder !

I've tried using a MMC from another DC to view them and have the same issue.

The AD itself seems fine and usable from the Windows 2003 machine.

I'm a bit a baffled.

Any ideas ?


Who is Participating?
Debsyl99Connect With a Mentor Commented:

So the event viewer actually opens - you just can't read the logs except system?

Have you tried deleting or moving the logs, and recreating them? It maybe worth a try to see if you can get the functionality back,
How to Delete Corrupt Event Viewer Log Files

Deb :))
SpencerSteelAuthor Commented:
Hello again Debs,

I'm actually thinking this is a little more serious than this - it's a 'permissions' things - that my 'Administrator' account is somehow screwed

I have another system of SQLAGENT starting and then stopping instantly as a service ... that runs under the ./Administrator account.

I'll post more when I get a chance to look at it properly.

Thanks Debs

Had same problem a year and so ago, right click your logs (the ones that you can't see) and check under view if you have checked "all records" or "filter".
The logs are there but you can't see them, they are hidden by a filter.
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

SpencerSteelAuthor Commented:
Just to clarify ...

As soon as I click, say, 'Application' on the right hand pane, the icon changes into one with a red cross on it ... and I get a popup in the left hand side that says

"Unable to complete the operation on "Application". Access is denied"

I'm sorry for the misunderstanding.

Basically, this looks like the Administrator account has lost some of it's 'Enterprise' type priviledges.

I just had a similiar thing with the SQLAGENT - once I changed it to run under SYSTEM account, it started fine.

Therefore I may have to open a new ticket called 'resetting Administrator priviledges' or something

It's quite worrying and very odd, as SQL Server itself and the rest of the server seem to be OK ... can't see anything in the Event log (from looking at it from my software) that seems to be too worrying either.

So, it's 'just' a permissions things, with this Event viewer being a visible 'symptom'

The machines hate me.

All of them.


SpencerSteelAuthor Commented:
The machines hate me - and I can't tell my left from my right ....

As soon as I click, say, 'Application' on the LEFT hand pane, the icon changes into one with a red cross on it ... and I get a popup in the RIGHT hand side that says

"Unable to complete the operation on "Application". Access is denied"

My head hangs in shame

corneliupConnect With a Mentor Commented:
have you checked the rights on:


wich are the logs?

On my servers I have only System and Administrators "full controll"

Eek - looks like some messed up permissions somewhere for sure - check that the account that you're using is member of the correct groups:

ie Administrators
Domain Admins
Domain Users
etc etc.

I'd also check the permissions on the root drive ie C: - Default is full control everyone - scary I know, but changing this can lead to problems - if it has changed, you'll need to change it back, or I'll post a link on hardening it up,

Deb :))
SpencerSteelAuthor Commented:
Just to let you know, i've logged an email 'incident' with MS to look into this, as I want to make sure there is nothing untoward going on with the Administrator account at a low level in the AD.

I'll let you know the results.

No probs S.S - Have you checked into the group membership of the admin account, and the assigned priveleges to the various admin related groups? Most of the rights assigments to carry out server based tasks is assigned to the administrators group, of which the Administrator account is a member of.

Have you tried creating a specific user account, then giving it membership of the groups relevant to the built in Administrator account and seeing if that works - Administrators, Domain Admins, Enterprise Admins etc

It's most unusual that rights should just spontaneously change........ Will look forward to seeing what the great MS have to say.

Deb :))
Is this by any chance related to your twin mutant admin accounts? (ROFL - I know it's not funny, sorry!) - Keep us updated!
Deb x
SpencerSteelAuthor Commented:
OK - after many, many weeks of twatting around ... we (MS and I) came to the conclusion there was *something* running in the Computer Associates Arceserve 11.01 'trail' software (I was awaiting the keys from an 9.01 upgrade!) ... once the keys came the the software was fully 'unlocked' both the Permissions Denied on the event log and 'mutant admin account' were fine.

No. I have NO IDEA either. But it's all sorted itself out.

And thank God this has been documented by MS or I wouldn't believe it either.

I'm giving the points to Debs because I can't be arsed to find the refund button and she's always there for me.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.