W2k Server, Event Viewer

  recap 12:27 07 Jan 05
Locked

On one of our servers there is a problem with the event viewer. I can open the viewer but on opening any of the logs they are empty.

I tried creating a new MMC snapin viewer, but get the same results with the exception of the first log to be opened. This opens showing all errors etc, but only for a couple of seconds, then nothing.

The Event Service is running.

Any ideas any body?

  vinnyo123 13:46 07 Jan 05

Just curious can you access it through the "computer managment snapin" ?

I am assuming you are on a Domain,just some thoughts off the top of my head do you have Audits set up in Group policy or user Manager on Domains via policies,Audit. Select the events you want to audit (e.g., success and failure for logons, file and object access, use of user rights, security policy changes.

Also what settings do you have set for when file fulls up etc. overwrite every 7 days "default"

Just some thoughts if anything else comes to mind I'll reply.
Sorry hope this helps a bit.

  recap 14:05 07 Jan 05

Thanks vinnyo123,

Yes the server is a DC.

Tried both Computer Management Snapin, and Event Viewer options.

The settings are the default one's Overwrite every 7 days.

  May$ 14:41 07 Jan 05

Try leaving the event viewer open for a couple of minutes. It's maybe because the event viewer is full and trying to load all the events.

  recap 14:53 07 Jan 05

Thanks May$,

Now all Security Policies are not accessible.

I think I may have to do a restore on this server?

  vinnyo123 20:34 07 Jan 05

Is AD running on the DC?

Have you tried "Domain Controller Security Policy(AD)"or "Domain Security Policy". tool to activate auditing?

  vinnyo123 20:54 07 Jan 05

I assume you are logging in with an account with local administrator priviledges? just a thought

also can you get to application log?

  recap 13:05 08 Jan 05

All security policies even GP's are not accessible.

AD is running on the DC.

I do log in as Administrator.

All logs (Apps, Security, System, DS, File Replication, and DNS) do not appear in the Event Viewer Window. When I click on any of the logs the right hand window is blank.

  spikeychris 14:02 08 Jan 05

Hello recap. Is the server running SP4? It could be the logs are corrupted and a hotfix is needed. click here

  recap 14:07 08 Jan 05

Thanks chris, I had never given that a thought. Will run it Monday to see if it resolves the issue.

  spikeychris 14:10 08 Jan 05

Before you do you could go to Services and disable Event log then run a search for *.evt, and delete sysevent.evt, secevent.evt, and appevent.evt


They are in %SystemRoot%\Winnt\System32\config\<file>.evt
Reboot and the new files will be generated.

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

Method Studios' title sequence for BBC series Taboo is truly unsettling

Best Pages for iOS tips | How to use Pages for iPad & iPhone: 6 simple tips to get more out of…