Unable to start the Windows Event Log service

The Windows Event Log service wasn't started and when I tried to start it, received the error:

"Error code: 4201 - The instance name passed was not recognized as valid by a WMI data provider." when trying to do so.

It turned out that the issue was in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger.

Several subkeys were missing, including EventLog-Application, EventLog-Security and EventLog-System. Suspecting that the subkeys were somehow corrupted, I exported the key for one of the ControlSet002, ControlSet003, ControlSet004, and reimported them after editing the exported file to change the base key from HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Control\WMI\Autologger to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger. I then rebooted (after trying to start the Windows Event Log service - it still wasn't able to start), and it was able to start on its own.

 

Published Tue, 24 Jan 2017 @ 10:14 AM by chuacw
Related articles:

Leave a Comment

(required) 
(required) 
(optional)
(required) 
Enter the following code to ensure that your comment reaches the intended party:
Enter the numbers you see in the image: