Q&A Monday: Event Viewer Problems in Server 2008


I have a Windows Server 2008 64Bit Standard and I am having problems getting the Event Viewer to display on the server.   When I click on the Event Viewer, I get the following Error Message – Event Log Service is unavailable. Verify that the service is running. I went into the Windows services and tried to start “Windows Event Log” service and then get the following error:  Error Message – Windows could not start the Windows Event log service on (Server Name). Error 4201: The Instance name passed was not recognized as valid by a WMI data provider. Any idea on how to fix it?

Jeffrey Gaston
Corpus Christi, TX


This problem can be caused by a permissions issue to the: C:\Windows\System32\LogFiles\WMI\RtBackup directory. The SYSTEM group needs full control permissions for the directory.  Here are some steps on how to fix the problem.

  1. Start Windows in Safe mode.
  2. Open the “C:\Windows\System32\LogFiles\WMI” folder.
  3. Right-click on the RtBackup folder and choose Properties.
  4. Click the Security tab, and click the Edit button.
  5. Click Add, type SYSTEM and click OK button.
  6. On the “Full control” Permission select “Allow”.
  7. Click OK, and then click “Yes” button when asked for confirmation
  8. Restart Windows (in Normal mode), and verify if the Windows Event Service has started.
You may need to take ownership of the RtBackup folder in order for the above steps to work, I have also heard of people renaming the RtBackup folder, and restarting, but it isn’t something that I have tested myself.
If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.