Windows Server 2008 R2 Exchange 2010 Mailbox Server Windows Event Logged Not Started (Error 5: Access Denied)

Hi all,
I have client who counter strange issue on one of their Exchange 2010 Mailbox Server running on Windows Server 2008 R2. The Windows Event Log services was unable to started even after reboot. The error message was "Error 5: Access Denied". The Exchange services unable to started due to Windows Event Log issue. Have tried few KB articles and support to check permission on winevt\logs folder but no avail. Glad that the Mailbox have another set of copies on the other server. But just worried if something happened to the other server.

Some info:
3 x Ex2k10 CAS/HT
4 x Ex2k10 Mailbox
Windows: 2008 R2 SP1
AV: Trend Micro OfficeScan / ScanMail for Exchange

Any ideas guys?

Mohd Azrul KusrinAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
have you tried renaming the files?
go to winevt\logs folder and rename the .evtx files then start the service
is that logs folder excluded from officescan?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohd Azrul KusrinAuthor Commented:
Hi Seth,
I already stopped the Antivirus and rename the .evtx files. But, when I start the services with the same error code, there are no new evtx file created. Most of the suggestion found online had been tried.

Mohd Azrul KusrinAuthor Commented:
Thanks for your input sir!
At first I rename just application.evtx to application.evtxold and restart the services but the same. Then I need to rename all files inside the Logs folder and restart the service. Work like a charm!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.