Solved

After ADPREP - no access to event viewer !

Posted on 2004-10-27
148 Views
Last Modified: 2010-04-14
Hello there,

I've just DCPROMOed a newly cleaned up Windows 2003 into my existing 2000 domain.

For those that know, you have to run ADPREP /forestprep and /domainprep which went well.

Not sure if this is related, but this morning, I cannot view any of the Event Logs (except System) on the machine - I am using the Domain Administrator account.

I'm a little concerned - but I can actually view the events using DAMEWARE tools (3rd party networking tools) from my local machine ... which is perhaps even odder !

I've tried using a MMC from another DC to view them and have the same issue.

The AD itself seems fine and usable from the Windows 2003 machine.

I'm a bit a baffled.

Any ideas ?

S.S.

0
Question by:SpencerSteel
    11 Comments
     
    LVL 20

    Accepted Solution

    by:
    Hi

    So the event viewer actually opens - you just can't read the logs except system?

    Have you tried deleting or moving the logs, and recreating them? It maybe worth a try to see if you can get the functionality back,
    How to Delete Corrupt Event Viewer Log Files
    http://support.microsoft.com/kb/172156/EN-US/

    Deb :))
    0
     

    Author Comment

    by:SpencerSteel
    Hello again Debs,

    I'm actually thinking this is a little more serious than this - it's a 'permissions' things - that my 'Administrator' account is somehow screwed

    I have another system of SQLAGENT starting and then stopping instantly as a service ... that runs under the ./Administrator account.

    I'll post more when I get a chance to look at it properly.

    Thanks Debs

    S.S.
    0
     
    LVL 7

    Expert Comment

    by:corneliup
    Had same problem a year and so ago, right click your logs (the ones that you can't see) and check under view if you have checked "all records" or "filter".
    The logs are there but you can't see them, they are hidden by a filter.
    0
     

    Author Comment

    by:SpencerSteel
    Just to clarify ...

    As soon as I click, say, 'Application' on the right hand pane, the icon changes into one with a red cross on it ... and I get a popup in the left hand side that says

    "Unable to complete the operation on "Application". Access is denied"

    I'm sorry for the misunderstanding.

    Basically, this looks like the Administrator account has lost some of it's 'Enterprise' type priviledges.

    I just had a similiar thing with the SQLAGENT - once I changed it to run under SYSTEM account, it started fine.

    Therefore I may have to open a new ticket called 'resetting Administrator priviledges' or something

    It's quite worrying and very odd, as SQL Server itself and the rest of the server seem to be OK ... can't see anything in the Event log (from looking at it from my software) that seems to be too worrying either.

    So, it's 'just' a permissions things, with this Event viewer being a visible 'symptom'

    The machines hate me.

    All of them.

    Thanks

    S.S.
    0
     

    Author Comment

    by:SpencerSteel
    The machines hate me - and I can't tell my left from my right ....

    As soon as I click, say, 'Application' on the LEFT hand pane, the icon changes into one with a red cross on it ... and I get a popup in the RIGHT hand side that says

    "Unable to complete the operation on "Application". Access is denied"


    My head hangs in shame

    S.S.
    0
     
    LVL 7

    Assisted Solution

    by:corneliup
    have you checked the rights on:

    C:\%SYSTEMROOT%\SYSTEM32\CONFIG\*.EVT

    wich are the logs?

    On my servers I have only System and Administrators "full controll"

    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Eek - looks like some messed up permissions somewhere for sure - check that the account that you're using is member of the correct groups:

    ie Administrators
    Domain Admins
    Domain Users
    etc etc.

    I'd also check the permissions on the root drive ie C: - Default is full control everyone - scary I know, but changing this can lead to problems - if it has changed, you'll need to change it back, or I'll post a link on hardening it up,

    Deb :))
    0
     

    Author Comment

    by:SpencerSteel
    Just to let you know, i've logged an email 'incident' with MS to look into this, as I want to make sure there is nothing untoward going on with the Administrator account at a low level in the AD.

    I'll let you know the results.

    S.S.
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    No probs S.S - Have you checked into the group membership of the admin account, and the assigned priveleges to the various admin related groups? Most of the rights assigments to carry out server based tasks is assigned to the administrators group, of which the Administrator account is a member of.

    Have you tried creating a specific user account, then giving it membership of the groups relevant to the built in Administrator account and seeing if that works - Administrators, Domain Admins, Enterprise Admins etc

    It's most unusual that rights should just spontaneously change........ Will look forward to seeing what the great MS have to say.

    Deb :))
    0
     
    LVL 20

    Expert Comment

    by:Debsyl99
    Is this by any chance related to your twin mutant admin accounts? (ROFL - I know it's not funny, sorry!) - Keep us updated!
    Deb x
    0
     

    Author Comment

    by:SpencerSteel
    OK - after many, many weeks of twatting around ... we (MS and I) came to the conclusion there was *something* running in the Computer Associates Arceserve 11.01 'trail' software (I was awaiting the keys from an 9.01 upgrade!) ... once the keys came the the software was fully 'unlocked' both the Permissions Denied on the event log and 'mutant admin account' were fine.

    No. I have NO IDEA either. But it's all sorted itself out.

    And thank God this has been documented by MS or I wouldn't believe it either.

    I'm giving the points to Debs because I can't be arsed to find the refund button and she's always there for me.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    Lean Six Sigma Project Manager Certification

    There are many schools of thought around successful project management, but few as highly regarded as the Six Sigma and Lean methods. With 37 hours of learning, this training will explain concrete processes for increasing efficiency and limiting wasted time and effort.

    Suggested Solutions

    Title # Comments Views Activity
    Adprep 12 26
    Application Deployment - Simple 7 610
    Problems executing VBS script in Windows 2000 16 142
    windows 2000 image 3 105
    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    This video Micro Tutorial is the second in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 (http://www.experts-exchange.com/articles/17490/). But the ability to create custom scanning profiles a…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…

    877 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now