Windows Event Log Service not starting or is unavailable

Windows Event Log service maintains a set of event logs that the system, system components, and applications use to record events. The service exposes functions that allow programs to maintain and manage the event logs and perform operations on the logs, such as archiving and clearing. As such, administrators can maintain event logs and perform administrative tasks requiring administrator privileges.

Windows Event Log Service Not Starting or Running

For some unknown reason, if you find you are having difficulty starting the following, it is quite possible that one of the reasons could be that Windows Event Log Service is Not Running.

• Task Scheduler
• Windows Event Calendar
• Messenger Sharing Folders

In such a scenario, you may get error messages like:

Event Log service is unavailable. Verify that the service is running

Windows could not start the Windows Event Log service on Local Computer

First, reboot your system and see if it helps. Sometimes a simple restart helps reinitialize this service. If the Windows Event Log shows as being started, re-start it from Services Manager.

To check if the Windows Event Log service is started or stopped, Run services.msc and hit Enter to open the Services Manager. Here, again right-click on Windows Event Log Service, check up its Properties.

Ensure that the Startup type is set on Automatic and that the services is Started; and that it runs in the Local Service account.

Also ensure in the Recovery tab, all three drop-down boxes, show the option as ‘Restart the Service’, in case of Failure. Reboot if required.

At times the Windows Event Log Service still will not start, and you may instead get the following error message:

System cannot find the file specified

In this case, open the following folder:

This logs folder contains Event Logs in .evtx format and can only be read with the Event Viewer. Give this logs folder Read-Write access rights and see if it helps.

You might also want to do the following.

Open Registry Editor and navigate to the following key:

Double-click ObjectName and ensure that its value is set at NT AUTHORITY\LocalService. If it is not, then change it.

If it still does not help, run the System File Checker and go through its logs.

Windows event log service stopped

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

Following a server power failure (SBS 2008) I have a strange problem with the Windows Event Log service.

It appears not to start when the server boots — and dependent services also don’t start (Exchange, DNS etc..). If I start the service manually it successfully starts but as soon as I try to start any other service that depends on it, or try to start event viewer the Log service stops (no error message, the service just stops)

After starting the service I can get some of the other services running (e.g. start Log service and then start DNS service, then start Log service again before starting another service), but some of the services just won’t start as it seems the Log service doesn’t stay running for long enough.

I’m thinking it could be a corruption in one or more of the log files but don’t know how to reset them. can I just delete them? — and which folder should I delete from —

\program files\microsoft small business server\Logs
\windows\logs
\windows\system32\logfiles
\windows\system32\winevt\logs

I’ve spent all day trying to resolve this but I’m getting nowhere.

I’m now without important services (mainly email) — although most of the server is running.

I’m hoping that someone has come across this problem and can help me — I’m getting fairly desperate now!

The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation

How to use the Event Viewer to troubleshoot problems with a Windows Service

A windows service, designed to run “headless” and unattended in the background, cannot easily employ conventional popup windows to report its activities as a user may not even be logged on. Instead, a service is encouraged to send important communication to the Windows Event Log – an administrative utility that collects and stores messages and events. Once recorded, these messages can be very helpful in troubleshooting problems, for example when a service stops unexpectedly or when it fails to start at all.

Viewing Events from Windows Services

Use Microsoft’s Event Viewer to see messages written to the Event Log. Start the application by clicking on the Start button and typing in Event Viewer, or from the Control Panel (search for it by name). The somewhat cluttered window should come up after a few seconds:

The left hand side shows a tree grouping the various logs captured on your machine. The events from Windows Services (and other applications running on your PC) are filed under . Navigate to that section to load the events in the center of the window, with the entire list in the top and details of the highlighted event underneath:

Messages from your windows service will have the display name of the service in the Source column.

Important Components of an Event

The Event Viewer shows over 10 pieces of information associated with each event, including:

Level – How important is this event?

Each event is classified into one of three categories:

Information: An informative yet unimportant event. You will probably see a lot of these, and they can be safely ignored unless you are digging into a specific issue from an application or service.

Warning: A moderately important event. These don’t necessarily signify a failure, and your software will probably limp along, but they should be reviewed regularly to see if anything mentioned can be resolved.

Error: Indicates a critical problem or failure that may deserve your immediate attention!

Date and Time – When did this event occur?

Source – Which application reported this event?

As mentioned before, an event written by a Windows Service will contain the service’s display name as the Source.

Description – Which happened?

The full description shown prominently in the lower pane will (hopefully) provide the relevant details of the event.

For example, this information event is from the Interactive Services detection service (“UI0Detect”) reporting that Notepad is showing itself in Session 0:

Viewing Events about Windows Services

While the Application log keeps track of events from a running service, the area records when services are started, stopped, crash or fail to start. Look for events with the Source set to Service Control Manager (SCM). For example, here is the SCM telling us that the Windows Print Spooler service has crashed:

Viewing Events from AlwaysUp and Service Protector

Both AlwaysUp and Service Protector write messages to the Application section of the event logs ().

For AlwaysUp, events from your application named “My Application” will be logged with Source set to My Application (managed by AlwaysUpService). The Event Log Messages Page lists and explains the events reported.

For Service Protector, events related to your service named “MyService” will have a Source of ServiceProtector: MyService.

And for both applications, events related to the starting and stopping of the underlying services themselves appear in the section. Look there if you have a problem with AlwaysUp itself failing to start at boot.

Windows event log service stopped

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

Following a server power failure (SBS 2008) I have a strange problem with the Windows Event Log service.

It appears not to start when the server boots — and dependent services also don’t start (Exchange, DNS etc..). If I start the service manually it successfully starts but as soon as I try to start any other service that depends on it, or try to start event viewer the Log service stops (no error message, the service just stops)

After starting the service I can get some of the other services running (e.g. start Log service and then start DNS service, then start Log service again before starting another service), but some of the services just won’t start as it seems the Log service doesn’t stay running for long enough.

I’m thinking it could be a corruption in one or more of the log files but don’t know how to reset them. can I just delete them? — and which folder should I delete from —

\program files\microsoft small business server\Logs
\windows\logs
\windows\system32\logfiles
\windows\system32\winevt\logs

I’ve spent all day trying to resolve this but I’m getting nowhere.

I’m now without important services (mainly email) — although most of the server is running.

I’m hoping that someone has come across this problem and can help me — I’m getting fairly desperate now!

Are there any log file about Windows Services Status?

I want to figure out when the services was start up and terminated. Are there any kind log file about it?

4 Answers 4

Take a look at the System log in Windows EventViewer ( eventvwr from the command line).
You should see entries with source as ‘Service Control Manager’. e.g. on my WinXP machine,

Under Windows 7, open the Event Viewer. You can do this the way Gishu suggested for XP, typing eventvwr from the command line, or by opening the Control Panel, selecting System and Security, then Administrative Tools and finally Event Viewer. It may require UAC approval or an admin password.

In the left pane, expand Windows Logs and then System. You can filter the logs with Filter Current Log. from the Actions pane on the right and selecting «Service Control Manager.» Or, depending on why you want this information, you might just need to look through the Error entries.

The actual log entry pane (not shown) is pretty user-friendly and self-explanatory. You’ll be looking for messages like the following:

«The Praxco Assistant service entered the stopped state.»
«The Windows Image Acquisition (WIA) service entered the running state.»
«The MySQL service terminated unexpectedly. It has done this 3 time(s).»