Cannot start windows event log service on Windows 7. Error 4201. Tried solution used by rung_windows 7 (15 Nov 2009) but got 'Access denied' on using rename command

Tried solution used by rung_windows7 (15 Nov 2009) but got 'Access denied' on using rename command despite being in elevated command window

  • Programs you are having problems with
  • Error messages
  • Recent changes you made to your computer
  • What you have already tried to fix the problem

Remember - This is a public forum so never post private information such as email or phone numbers!

Hi Cwmwlyrallt,

 

One of the reasons for this error is a corrupted Repository file.

 

Follow the steps listed below and check if that resolves the issue:

 

1. Restart the computer into Safe Mode (without networking).

 

Refer the link below for details on logging into safe mode:

 

Start your computer in safe mode

http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode

 

2. In safe mode, click ‘Start’, type ‘cmd’, right click and select ‘Run as administrator’.

 

3. Type net stop winmgmt and press Enter.

 

NOTE: This is to make certain the wmi service is not running.

 

4. Wait until the successful message appears, and then close the elevated command prompt.

 

5. Open Windows Explorer and navigate to C:\Windows\System32\wbem.

 

6. Right click on the Repository folder and click on Rename.

 

7. Type in RepositoryOld and press Enter.

 

NOTE: This is to make this a backup of the original Repository folder.

 

8. Restart the computer back into normal mode to an administrator account.

 

9. Click ‘Start’, type ‘cmd’, right click and select ‘Run as administrator’.

 

10. In the elevated command prompt, type net stop winmgmt and press Enter.

 

NOTE: This is to make certain the wmi service is not running.

 

11. Wait until successful message appears, and then type winmgmt /resetRepository in the elevated command prompt and press Enter.

 

12. Wait until the successful message appears and then close the elevated command prompt.

 

13. Take ownership of these two files:

 

    C:\windows\logs

    C:\windows\system32\logfiles

 

Refer the link below for more details on taking ownership of a file or folder:

 

Take Ownership of a File or Folder

http://technet.microsoft.com/en-us/library/cc753659.aspx

 

14. Restart the computer.

 

15. Test the Event Viewer. It should be working now.

 

16. If it is working again, then go back and delete the RepositoryOld folder. (See step 7)

 

Let us know if this fixes the issue.


Regards,
Gokul - Microsoft Support

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I've tried the above procedure and after the final reboot, I still cannot start the windows event log service.

Here is the error message I receive when I try to start it:

"Windows could not start the Windows Event Log service on Local Computer.

Error 4201: The instance name passed was not recognized as valid by a WMI data provider."


Any other ideas of what I can try? I'm trying to troubleshoot a problem with my Windows Aero Assessment and I can't see the error details from that until I fix the event log......

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

houston, we have no joy on the burn, repeat, no joy on the burn..........sigh.........tried the above, and still "the instance name passed was not recognized as valid by a WMI provider"...........honestly....."bill"......when will windows create an OS. with a "single, competent user"........option, allowing the END USER, .......to decide what is "valid".....what is "allowed".........and what , if anything , should have it's access "denied".........sigh

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

HOWEVER.......on another forum i DID find  something that worked for me ....c:\windows\system32\logfiles\wmi\RTbackup .......deleting this folder did the trick......(after which i read also that some have had success with making sure that system is allowed full control in permissions)
no clue if it will work for everyone, but it did in my case.......good luck to all

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

THANKS  SIR....SUCH NICE ANS AGAIN THANKS LOT

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi, I need a way to perform this remotely so safe mode is not an option.  Can you tell me a workaround so I can rename that folder in normal mode?  What handles are holding it open that I could kill and then respawn after the folder is renamed?

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated September 6, 2020 Views 16,429 Applies to: