Windows Event Log service maintains a set of event logs that the system, system components, and applications use to record events. The service exposes functions that allow programs to maintain and manage the event logs and perform operations on the logs, such as archiving and clearing. As such, administrators can maintain event logs and perform administrative tasks requiring administrator privileges.
Windows Event Log Service Not Starting or Running
If you are having difficulty starting the following, it is quite possible that one reason is that the Windows Event Log Service is Not Running.
- Task Scheduler
- Windows Event Calendar
- Messenger Sharing Folders
In such a scenario, you may get error messages like:
Event Log service is unavailable. Verify that the service is running
Windows could not start the Windows Event Log service on Local Computer
First, reboot your system and see if it helps. Sometimes a simple restart helps reinitialize this service. If the Windows Event Log shows as being started, re-start it from Services Manager.
To check if the Windows Event Log service is started or stopped, Run services.msc and hit Enter to open the Services Manager. Here, again right-click on Windows Event Log Service, check up its Properties.
Ensure that the Startup type is set on Automatic and that the services is Started; and that it runs in the Local Service account.
Also ensure in the Recovery tab, all three drop-down boxes, show the option as ‘Restart the Service’, in case of Failure. Reboot if required.
At times the Windows Event Log Service still will not start, and you may instead get the following error message:
System cannot find the file specified
In this case, open the following folder:
C:\Windows\System32\winevt\Logs
This logs folder contains Event Logs in .evtx format and can only be read with the Event Viewer. Give this logs folder Read-Write access rights and see if it helps.
You might also want to do the following.
Open Registry Editor and navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog
Double-click ObjectName and ensure that its value is set at NT AUTHORITY\LocalService. If it is not, then change it.
If it still does not help, run the System File Checker and review its logs.
Read: Windows Event Log high CPU, Disk, Memory, Power Usage.
Is it possible to turn the event logging of screen saver from the cmd line? I know how to do from group policy editor.
Anand… I follow your steps with trying to restart the “Stopped” service status but received a “Windows could not start the Windows Event Log Service on Local Computer. Error 5: Access is denied.” I’m logged in as the admin, so how do I get around this error? FYI… this is a standalone PC running Win7. Thx!
None of these worked for me. As I had much severe corruption in my HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceseventlog registry.
Instead, went to a wokring win7 and exported out HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceseventlog, then imported it into the win7 machne with broken eventlog.
It imported OK, with some exceptions, I tried eventvwr again, no joy, but after a reboot it was fine.
Worked time and time again, as I had the issue on several cloned win7 boxes.
Hope this helps.
Is it possible to turn the event logging of screen saver from the cmd line? I know how to do from group policy editor.
After this error occurred, the first thing I did was to scan all the drivers with Driver Talent. There indeed were some problematic drivers. I fixed them and reboot and the error has not shown again. I am not sure if the problem was caused by drivers, however, I resolved it with repairing drivers… I am not an expert, so you may test.
This issue has nothing to do with drivers. drivers relate to hardware this is beyond any doubt a windows software problem.
can some answer my question, one the service has stopped running suddendly which causes the priority issue and it didnt start automatically. We ran it manually.
I ahve checked the logs- the error is displaying like from source “SERVICE NAME” cannot be found. Either the component that raises this event not installed in this local computer or the installation is corrupted.