Solved

System cannot access one or more event logs after upgrade to Windows 2012 R2

Posted on 2014-09-17
11
3,374 Views
Last Modified: 2014-09-29
Hello,
I recently upgraded a Windows 2008 R2 SP1 virtual VMware server to Windows 2012 R2.  The upgrade went well and all applications are functioning properly.  The only hiccup that I have is when I open the Server Manager Dashboard I get a warning the says "Refresh completed with one or more warning messages".  In the Details I get the following:

Configuration refresh message:  the system cannot access one or more event logs because of insufficient access rights, file corruption, or other reasons.  For more information, see the Operational channel in the ServerManagerProvider error log on the target server.

Okay, no problem, I'm logged in as a domain admin so I don't think I really have a permissions issue so here I come Google.  Not surprisingly I find a few posts that point to removing the Microsoft-Windows-DxpTaskRingtone/Analytic registry key.  I don't see that one in my registry.  I find another article that talks about deleting 4 other registry keys:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-DxpTaskRingtone/Analytic
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-Roaming/Analytic
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-SCDICCOMPILER/Analytic
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-IME-SCTIP/Analytic
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-SPB-HIDI2C/Analytic

I do that and still no love.   Please help if you have any further words of wisdom.

Thanks!
0
Comment
Question by:blkfoot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +1
11 Comments
 
LVL 23

Expert Comment

by:bhanukir7
ID: 40329852
Hi blkfoot,

have you verified the permissions on the C:\windows\system32\winevt this needs to have permissions for "eventlog" user and authenticated users normally these two accounts have special permissions.

Try setting the permissions on this folder and confirm if this fixes your issue.

http://social.msdn.microsoft.com/Forums/windowsserver/en-US/c231b5d0-2a36-4ddf-a457-e5f471667302/server-2008-event-log-restore?forum=winserver2008appcompatabilityandcertification

The above link gives the SID of eventlog account.

regards
Bhanu
0
 
LVL 43

Expert Comment

by:Davis McCarn
ID: 40330063
Before doing that, I would always clear the event logs because, most of the time, one of them actually got corrupted.
0
 

Author Comment

by:blkfoot
ID: 40330403
Thanks, Bhanu.  I verified the permission you asked about above as well as the KB article and all of the permissions are correctly set.  I still get the same error.

Thanks, Davis.  I did clear EVERY log and I still get the same error.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 43

Expert Comment

by:Davis McCarn
ID: 40330460
What version of VMware and the 2012 is a guest (meaning virtualized)?
0
 

Author Comment

by:blkfoot
ID: 40330463
We are running vmWare 5.5 and yes the Windows 2012 R2 server is virtualized.
0
 

Author Comment

by:blkfoot
ID: 40330474
I guess I should add a little more history to this server in case it's relevant.  This was a physical server that we cloned to vmWare 4.0 and then recently upgraded to vmWare 5.5.  It has always been Windows 2008 R2 though since we virtualized it.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40331540
Leave out virtualization, it does not operate at that layer.
To find your problem, please run procmon while provoking the error, then search procmon's log for "access denied".
0
 

Author Comment

by:blkfoot
ID: 40331652
Thanks.  I'll give this a try as soon as my application upgrade finishes and let you know what I find.
0
 

Accepted Solution

by:
blkfoot earned 0 total points
ID: 40342023
Sorry, McKnife.  I forgot to respond to this.  I ran procmon but did not find any access denied when I recreated the problem.  I did find that I was having a problem with one of my third party apps though on this server that required me to build a replacement server and migrate away from this server.

I think I had more problems with my upgrade than I thought.

Thanks all for your efforts but this time a rebuild was required.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40342060
Alright, no problem... glad it worked out for you.
Others forget their threads for several weeks and then come back as if nothing's happened ;)
0
 

Author Closing Comment

by:blkfoot
ID: 40349498
I had to rebuild this server for other reasons so I didn't need to continue pursuing a solution.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question