Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, September 18, 2019 1:39 PM
Hello,
I've a brand new installation of Windows 10 Enterprise. When I try to view the application, security and System logs in the event viewer I am getting the following error:
"Event Viewer cannot open the event log or custom view. Verify that Event Log Service is running or query is too long. The security descriptor structure is valid (1338)"
Yes, verified that Event log service is running.
Thanks,
All replies (7)
Monday, October 7, 2019 4:53 PM âś…Answered
Old GPOs were messing up. I completely created new GPOs for windows 10 and the error went away.
Thursday, September 19, 2019 9:26 AM
Hi,
Firstly, we could try the steps in the link below:
Fixing "Event Viewer cannot open the event log" When Viewing System Logs
Also it's a new installation of Windows 10, I suggest that we could use the "check for update" option in Settings to install updates to check.
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, September 19, 2019 11:49 AM
Windows 10 is fully updated and also cleared the log. Getting same error.
Event Viewer will show the setup log but not the application, security and system log.
Thursday, September 19, 2019 12:06 PM
To evaluate the computer environment please post logs for troubleshooting.
Using administrative command prompt copy and paste this whole command.
Make sure the default language is English so that the logs can be scanned and read.
https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html
The command will automatically collect the computer files and place them on the desktop.
Then use 7zip to organize the files and one drive, drop box, or google drive to place share links into the thread for troubleshooting.
This command will automatically collect these files: msinfo32, mini dumps, drivers, hosts, install, uninstall, services, startup, event viewer files, etc.
Open administrative command prompt and copy and paste the whole command:
copy %SystemRoot%\minidump\.dmp "%USERPROFILE%\Desktop\&dxdiag /t %Temp%\dxdiag.txt© %Temp%\dxdiag.txt "%USERPROFILE%\Desktop\SFdebugFiles\&type %SystemRoot%\System32\drivers\etc\hosts >> "%USERPROFILE%\Desktop\hosts.txt"&systeminfo > "%USERPROFILE%\Desktop\systeminfo.txt"&driverquery /v > "%USERPROFILE%\Desktop\drivers.txt" &msinfo32 /nfo "%USERPROFILE%\Desktop\msinfo32.nfo"&wevtutil qe System /f:text > "%USERPROFILE%\Desktop\eventlog.txt"® export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall "%USERPROFILE%\Desktop\uninstall.txt"® export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" "%USERPROFILE%\Desktop\installed.txt"&net start > "%USERPROFILE%\Desktop\services.txt"&REM wmic startup list full /format:htable >"%USERPROFILE%\Desktop\startup.html"&wmic STARTUP GET Caption, Command, User >"%USERPROFILE%\Desktop\startup.txt"
There is one file for you to find manually: dxdiag:
In the left lower corner search type: dxdiag > When the DirectX Diagnostic Tool opens click on the next page button so that each tab is opened > click on save all information > save to desktop > post one drive or drop box share link into the thread
1) Open administrative command prompt and type or copy and paste:
2) sfc /scannow
3) dism /online /cleanup-image /scanhealth
4) dism /online /cleanup-image /restorehealth
5) sfc /scannow
6) chkdsk /scan
7) wmic recoveros set autoreboot = false
8) wmic recoveros set DebugInfoType = 7
9) bcdedit /enum {badmemory}
10) net user test /add
11) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread
12) After posting the results into this thread reboot the computer and logon with the new user named test. Report into the thread whether there is a change in the ability to use the event viewer.
13) Place the computer in clean boot:
.
.
.
.
.
Please remember to vote and to mark the replies as answers if they help.
.
.
.
.
.
Thursday, February 6, 2020 9:42 AM
Can you please clarify what do you mean?
Did you clean up local copy of the policy on the PC and refreshed the policy or actually re-created gpo's on the domain?
Tuesday, April 7, 2020 12:47 PM
I re-created gpo's on the domain. I also re-imaged the Windows 10 workstation that was having an issue.
Tuesday, August 4, 2020 4:26 PM
I too received the following error ONLY when joined to the domain:
Event Viewer cannot open the event log or custom view. Verify that Event Log Service is running or query is too long. The security descriptor structure is valid (1338)
The specific group policy that broke event viewer for me was:
Administrative Templates >> Windows Component >> Event Log Service >> Application (and Security and Systems)
Go there and set all three "Log Access" to DISABLE.
This fixed the problem for me! Good luck!