Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 14, 2018 4:40 AM
Attempting to open the event log to view a chkdsk or wininit result may display:
.
.
Event Viewer cannot open the event log or custom view.
Verify that Event Log service is running or query is too long.
The event log file is corrupted (1500)
.
.
a) How do you troubleshoot this message?
b) Does this hotfix work to fix the problem with Windows 10:
https://support.microsoft.com/en-us/help/811143/error-message-the-event-log-file-is-corrupt
c) Would an in place upgrade repair using a Windows 10 iso have any impact on this errror?
d) Does a registry repair have to be done as in this link:
https://support.microsoft.com/en-us/help/172156/how-to-delete-corrupt-event-viewer-log-files
e) Does this software fix the problem:
https://docs.microsoft.com/en-us/sysinternals/downloads/psloglist
.
.
.
.
Please explain in detail what the pro and con is for each of the above methods.
Please explain in detail any pitfalls in using any of the above techniques. (For example if files are not backed up........)
Are these methods dummy proof or is it easy to make mistakes and have further operating system or registry problems?
There were multiple approaches to troubleshoot or fix the problem. How do you decide which method to use? What other methods are there to fix the event viewer?
Which troubleshooting /fix methods will allow viewing the results of the chkdsk /x /f /r scan and which troubleshooting / fix methods result in loss of all of the event logs?
How can the chkdsk /x /f /r fix and restore test results be viewed without having to repeat the test?
All replies (4)
Thursday, March 15, 2018 1:48 AM
Hi,
Please try the following steps to fix the issue, then check the symptom again.
Disable the Windows Event log Service in Service console.
Delete the C:WINDOWS\system32\config\SysEvent.Evt file
Re-enable the Windows Event log service.
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, March 15, 2018 2:08 AM
That appears to be choice d.
Would you have any information on the pro and con of the above choices?
If choice d fails what is the backup plan?
Friday, April 6, 2018 1:24 AM
Hi,
We also could try the following command line to repair event viewer.
net stop winmgmt (You will be prompted to Press Y to stop the WMI Instrumentation service)
cd C:\Windows\System32\LogFiles\WMI
rename RtBackup RtBackup2
exit
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, April 9, 2018 11:07 AM
Hi,
Please try to check if the issue occur when you try to restart event log service manually.
Please try to check the access privilege of C:\Windows\System32\winevt\Logs.
Bests,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].