asked on Error reading event log
I have a realy strange error on one of our servers.
When I open the event viewer and try to open one of the eventlogs (application, system...) the MMC freeze up and the OS totally loose control of that session with MMC. I'm able to start another MMC and perform whatever I want except looking at eventlogs.
When I try to log off the server it is not able to log me off, and if I try to log on locally or connect to the server on RDP it's not possible. To be able to logon I have to disconnect the power or hold the powerbutton pressed until the server is turned off.
And now to the situation which to me makes this really peculiar...
If I open the log files from another server (event viewer/connect to another computer) I'm able to open the logs without any problem. If I have opened the logs remotly BEFORE I open them locally I have no problem at all! I can open the event logs, log off/on open the eventlogs and everything looks great. I'm also able to log off and log on again and still able to open the eventlogs.
Any suggestions?
When I open the event viewer and try to open one of the eventlogs (application, system...) the MMC freeze up and the OS totally loose control of that session with MMC. I'm able to start another MMC and perform whatever I want except looking at eventlogs.
When I try to log off the server it is not able to log me off, and if I try to log on locally or connect to the server on RDP it's not possible. To be able to logon I have to disconnect the power or hold the powerbutton pressed until the server is turned off.
And now to the situation which to me makes this really peculiar...
If I open the log files from another server (event viewer/connect to another computer) I'm able to open the logs without any problem. If I have opened the logs remotly BEFORE I open them locally I have no problem at all! I can open the event logs, log off/on open the eventlogs and everything looks great. I'm also able to log off and log on again and still able to open the eventlogs.
Any suggestions?
Windows OSWindows Server 2008
Last Comment
NAF-Data
I would suggest checking the resources on that particular server e.g available Memory, Disk.
There are also some hotfixes that could help.
http://support.microsoft.com/kb/957414
http://support.microsoft.com/kb/972999
Btw, when you check the logs remotely are there any relevant event entries?
There are also some hotfixes that could help.
http://support.microsoft.com/kb/957414
http://support.microsoft.com/kb/972999
Btw, when you check the logs remotely are there any relevant event entries?
Try to run the system file checker with your server 2008 r2 setup dvd first.
sfc /scannow
sfc /scannow
Yeah, event logs do occasionally get corrupted. I've had similar situations where I could view the first screen full of entries, but after I paged through a few more, I'd get a lockup (or an error message). In those cases, I just copied the corrupted log file to a safe place, and then just emptied the log file to fix the problem.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
The eventlog tok a "self-repair"...
!I have done this two or three times on 2003 Servers (*.evt) and have not tryed it out on 2008+ Servers with XML eventlogs yet!
1. Disable the Startup of Eventlog Service -> Set to Startup Disabled
2. Restart Server
3. Rename or move the corrupt *.evtx files from the following location: %SystemRoot%\System32\Conf
4. re-enable the EventLog service by setting it back to the default of Automatic startup