Event Log Service Fails to Start Due to Event Log Corruption (124120)
The information in this article applies to:
- Microsoft Windows NT Server 3.1
- Microsoft Windows NT Workstation 3.1
- Microsoft Windows NT Advanced Server 3.1
- Microsoft Windows NT Workstation 3.5
- Microsoft Windows NT Server 3.5
This article was previously published under Q124120 SYMPTOMS
A dialog box describing an error with INETMIB.DLL appears. Running NET
START returns error 1722, "RPC server is unavailable." Running NET VIEW
returns the same error. SERVICES.EXE causes an access violation error when
accessing the one of the event logs (SYSEVENT.EVT, SECEVENT.EVT, or
APPEVENT.EVT) at startup. A DRWATSON.LOG is created as a result.
CAUSE
One of the event logs is corrupted, but the Event Log service hangs before
the dirty bit is set. As a result, the Event Log service does not clean
itself up on reboot and will not start.
WORKAROUND- Boot MS-DOS.
- Change directory to %SYSTEMROOT%\SYSTEM32\CONFIG
- Delete the files SYSEVENT.EVT, SECEVENT.EVT, and APPEVENT.EVT.
- Boot Windows NT and allow the server to recreate clean event logs.
RESOLUTION
EVENTLOG.DLL was rewritten to set the dirty bit even if the service fails.
STATUS
Microsoft has confirmed this to be a problem in Windows NT and Windows NT
Advanced Server version 3.1 and Windows NT Workstation and Windows NT
Server version 3.5. This problem was corrected in the latest U.S. Service
Pack for Windows NT version 3.5. For information on obtaining the Service
Pack, query on the following word in the Microsoft Knowledge Base (without
the spaces):
S E R V P A C K
| Modification Type: | Major | Last Reviewed: | 12/15/2003 |
|---|
| Keywords: | KB124120 |
|---|
|