Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Security Event Log Full, cannot log on

Posted on 2005-05-06
10
Medium Priority
?
748 Views
Last Modified: 2012-06-27
Came in to see this on my screen when I got in this morning:

Windows XP machine in Active Directory error message security log is full only administrator can logon to fix.
Message occurrs at login.

Can't connect to the machine using the management console from another machine, can't locate it on the network, how can I clear the event log from the command prompt or fix this without having to go to a restore point?

If I have to I will do a restore point, just would prefer not.
0
Comment
Question by:rgusek
  • 5
  • 4
10 Comments
 

Author Comment

by:rgusek
ID: 13944226
Ok can't get in even on the command prompt.  Anything short of doing a recovery?
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13944242
Log onto the computer with an administrator account and then you can clear the event log.  And for the future, make sure you right click the event category choose properties and then check to overwrite events as needed so this doesn't happen again (unless it is critical you save the event logs for x amount of days).

Can you get to the console of the machine to log in?
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13944245
If you are physcially at the machine then you shouldn't have any problems logging on with an administrator account
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:rgusek
ID: 13944323
Ok, if I cannot get the machine to boot, not even the command prompt, then I can't get to the event log normally.  I cannot even get to the management console from another machine.  
0
 

Author Comment

by:rgusek
ID: 13944331
Let me make this extremely clear:

From the recovery menu none of the options (safe mode, safe mode with networking, command prompt etc) work.  The machine will always hang and stop.

I cannot access the management console from another machine, it can't be seen by the network because it's not booting up completely.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13944557
Ok, you said:

"error message security log is full only administrator can logon to fix.
Message occurrs at login"

So I assumed you got the logon screen, tried to logon, and got this message at logon.  Is this correct?

When you say the machine hangs and stops...does it stop when you try to logon and tell you "only administators can log on, security log full"??

Do you get to the logon screen in normal mode as you said in your first post?

And if so, are you using either a local admin or domain admin account to logon?
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 13944609
This is a common scenerio when the security log is full. I've had it happen on machines before and then I use and admin account to log in and no problem. When the security log is full then XP by default will require than only an admin log on to clear the log.  
0
 

Author Comment

by:rgusek
ID: 13944697
The logon user name and password is disabled, you cannot enter anything in there, not even the administrators id and password, so it's not possible to logon to the machine.  The logon was only displayed when I first came in, when I re-booted it will now hang no matter what.

The machine starts to boot, i.e. goes through post etc, windows XP startup screen with the little scroll bar, then black screen and hangs.

This is all the machine will do now no matter what mode you try to start up in on the recovery console.

I tried to use the recovery console on the install disc, but that is hanging at the startup where it says 'Starting Windows XP'

0
 
LVL 6

Accepted Solution

by:
jholland79 earned 2000 total points
ID: 13944872
One possible solution (and I have no idea what possible problems this could cause!!) is to slave the hard drive in another machine and rename the SecEvent.Evt file in the WINDOWS\system32\config folder to something like SevEven1.evt.
That might do the trick, but you should make sure to check the settings for the Security log to prevent this from happening in the future.
In fact, I wonder if there isn't a GP issue here as booting into Safe Mode with the Administrator account should not be affected by this.
John.
0
 

Author Comment

by:rgusek
ID: 13944995
Ok tried one other thing after I couldn't get it to even boot up Knoppix.  Disconnected my USB devices (except for keyboard and mouse) and then it finally booted up correctly.  No idea why this was causing it issues, but I was able to logon as administrator, clear the logs, set the purge and reconnect the hub and everything is back working like normal now.

Thanks for the help
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are 2 things you must have in order to connect to the internet behind a router, The "Gateway IP" of the router, which is usually something like 192.168.xxx.1, I've seen routers with default values of: 192.168.0.1, 192.168.1.1, 192.168.11.1, …
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Screencast - Getting to Know the Pipeline
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question