Event Viewer Service

Posted: 04-13-2007, 11:27 AM
This problem is very frustrating. The Event Viewer service does not start.
This is the error I receive:

Windows could not start the Windows Event Log service on Local Computer.
Error 4201: The instance name passed was not recognized as valid by WMI data
provider.

What the does this mean?

Event Viewer Service


Responses to "Event Viewer Service"

Hayman Ezzeldin
Guest
Posts: n/a
 
Re: Event Viewer Service
Posted: 04-13-2007, 02:53 PM
Dear Russ,
WMI stands for Windows Management Instrumentation, it's a management
technology that allows you to monitor and control resources through the
network, these resources might include hard disks, services, shares, event
logs, and more.

WMI Provider is any technology that provides any service that uses WMI, for
example Active Directory, because you can control and monitor a lot of
resources like users, groups, policies, network resources and more. Other
providers might be DNS, Disk Quota, Event Log,...

Concerning your problem, I searched for anything about it, but unfortunately
I found a lot of users have the same problem and none of them got a
solution. They mentiond something about an update that should be released to
solve this problem from Microsoft, but nobody is sure.
The ones who got rid of this error, they did a Clean Installation for Vista.

I'm sorry that you are having this problem with Vista.

Best regards

"Russ" <russ@russ.com> wrote in message
news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
> This problem is very frustrating. The Event Viewer service does not start.
> This is the error I receive:
>
> Windows could not start the Windows Event Log service on Local Computer.
> Error 4201: The instance name passed was not recognized as valid by WMI
> data
> provider.
>
> What the does this mean?

Russ
Guest
Posts: n/a
 
Re: Event Viewer Service
Posted: 04-14-2007, 03:17 AM
OK, so I finally figured out what my problem was with the event viewer
service not starting. It is a severe permissions problem. I granted
administrator ownership to the win32\logs folder. For whatever reason, the
logs folder and everything in it did not have ANY permission.

But, I had played with a few other things. Someone that is running Vista
(Business), can you tell me a few things.

1) Go in to the Local Security Policy ---> User Right Assignment ---> Log on
as a service, and please tell me what user or group is assigned.

2) Right click on your C:\ or whatever drive that Vista is installed on and
please tell me who is the owner of the entire drive? I have my computers
Administrators group. Is this correct?

Thank you for your help...

"Hayman Ezzeldin" <haymanezzeldin@gmail.com> wrote in message
news:OPtomudfHHA.3564@TK2MSFTNGP06.phx.gbl...
> Dear Russ,
> WMI stands for Windows Management Instrumentation, it's a management
> technology that allows you to monitor and control resources through the
> network, these resources might include hard disks, services, shares, event
> logs, and more.
>
> WMI Provider is any technology that provides any service that uses WMI,
> for example Active Directory, because you can control and monitor a lot of
> resources like users, groups, policies, network resources and more. Other
> providers might be DNS, Disk Quota, Event Log,...
>
> Concerning your problem, I searched for anything about it, but
> unfortunately I found a lot of users have the same problem and none of
> them got a solution. They mentiond something about an update that should
> be released to solve this problem from Microsoft, but nobody is sure.
> The ones who got rid of this error, they did a Clean Installation for
> Vista.
>
> I'm sorry that you are having this problem with Vista.
>
> Best regards
>
> "Russ" <russ@russ.com> wrote in message
> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
>> This problem is very frustrating. The Event Viewer service does not
>> start.
>> This is the error I receive:
>>
>> Windows could not start the Windows Event Log service on Local Computer.
>> Error 4201: The instance name passed was not recognized as valid by WMI
>> data
>> provider.
>>
>> What the does this mean?
>
>
Hayman Ezzeldin
Guest
Posts: n/a
 
Re: Event Viewer Service
Posted: 04-14-2007, 03:59 AM
Dear Russ,
For question number (1), There is nobody in the "Log on as a service"

For question number (2), The owner of the partition is "TrustedInstaller"
which I guess is the Administrator, and the default permissions assigned to
the partition are as follow:
Authenticated Users (Special Permissions) (Create Folders / Append Data),
Apply to (This folder only)
Authenticated Users (Special Permissions) (Traverse folder,List folder,Read
attributes,Read ex. atributes,Create files, Create Folders,Write
attributes,Write ex. attributes,Delete,Read Permissions), Apply to
(Subfolders and files only)
System (Full Control)
Administrators (Full Control)
Users (Read & Execute)

Best regards.

"Russ" <russ@russ.com> wrote in message
news:eBgvwNkfHHA.284@TK2MSFTNGP05.phx.gbl...
> OK, so I finally figured out what my problem was with the event viewer
> service not starting. It is a severe permissions problem. I granted
> administrator ownership to the win32\logs folder. For whatever reason, the
> logs folder and everything in it did not have ANY permission.
>
> But, I had played with a few other things. Someone that is running Vista
> (Business), can you tell me a few things.
>
> 1) Go in to the Local Security Policy ---> User Right Assignment ---> Log
> on
> as a service, and please tell me what user or group is assigned.
>
> 2) Right click on your C:\ or whatever drive that Vista is installed on
> and
> please tell me who is the owner of the entire drive? I have my computers
> Administrators group. Is this correct?
>
> Thank you for your help...
>
> "Hayman Ezzeldin" <haymanezzeldin@gmail.com> wrote in message
> news:OPtomudfHHA.3564@TK2MSFTNGP06.phx.gbl...
>> Dear Russ,
>> WMI stands for Windows Management Instrumentation, it's a management
>> technology that allows you to monitor and control resources through the
>> network, these resources might include hard disks, services, shares,
>> event logs, and more.
>>
>> WMI Provider is any technology that provides any service that uses WMI,
>> for example Active Directory, because you can control and monitor a lot
>> of resources like users, groups, policies, network resources and more.
>> Other providers might be DNS, Disk Quota, Event Log,...
>>
>> Concerning your problem, I searched for anything about it, but
>> unfortunately I found a lot of users have the same problem and none of
>> them got a solution. They mentiond something about an update that should
>> be released to solve this problem from Microsoft, but nobody is sure.
>> The ones who got rid of this error, they did a Clean Installation for
>> Vista.
>>
>> I'm sorry that you are having this problem with Vista.
>>
>> Best regards
>>
>> "Russ" <russ@russ.com> wrote in message
>> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
>>> This problem is very frustrating. The Event Viewer service does not
>>> start.
>>> This is the error I receive:
>>>
>>> Windows could not start the Windows Event Log service on Local Computer.
>>> Error 4201: The instance name passed was not recognized as valid by WMI
>>> data
>>> provider.
>>>
>>> What the does this mean?
>>
>>
>

Dr_No
Guest
Posts: n/a
 
Re: Event Viewer Service
Posted: 05-09-2007, 09:10 AM

-- I've had exactly the same problem and have received the same advice. If
this is Microsoft's best, it is very depressing. Theories abound - one expert
thought I'd picked up an intruder of some kind prior to installing AVG - on
the basis that there must be a reason for denying access to the event log! So
I'm going to have to do a clean install, which is a real pain.


"Hayman Ezzeldin" wrote:
> Dear Russ,
> WMI stands for Windows Management Instrumentation, it's a management
> technology that allows you to monitor and control resources through the
> network, these resources might include hard disks, services, shares, event
> logs, and more.
>
> WMI Provider is any technology that provides any service that uses WMI, for
> example Active Directory, because you can control and monitor a lot of
> resources like users, groups, policies, network resources and more. Other
> providers might be DNS, Disk Quota, Event Log,...
>
> Concerning your problem, I searched for anything about it, but unfortunately
> I found a lot of users have the same problem and none of them got a
> solution. They mentiond something about an update that should be released to
> solve this problem from Microsoft, but nobody is sure.
> The ones who got rid of this error, they did a Clean Installation for Vista.
>
> I'm sorry that you are having this problem with Vista.
>
> Best regards
>
> "Russ" <russ@russ.com> wrote in message
> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
> > This problem is very frustrating. The Event Viewer service does not start.
> > This is the error I receive:
> >
> > Windows could not start the Windows Event Log service on Local Computer.
> > Error 4201: The instance name passed was not recognized as valid by WMI
> > data
> > provider.
> >
> > What the does this mean?
>
>
>
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
a issue about Event 11 in Event viewer, because of my filter driver. Leon Huang Windows XP Device Drivers 0 11-26-2004 09:11 AM
event viewer Marc Windows XP WMI 0 08-19-2004 07:02 PM
Event Viewer kdebrain Windows XP Performance & Maintenance 3 01-14-2004 09:16 AM
Fax service failed - Event viewer 32092 Vincent Chan Windows XP Printers / Scanners / Fax 1 10-16-2003 09:18 AM
help please with event id 51-source=cdrom in event viewer chevysales Windows XP Hardware 0 09-04-2003 04:48 AM