Hello!
I guess it could not be so helpful but yesterday I was trying simulate some action on my PC and check Event Viewer Logs and for my surprise what happened?!? My fuckin' Event Viewer wasn't working.
When I tried open the Event Viewer the MMC did not wokr the information was about "Service is unavailable".
Tried also sstartup using the command "net start eventlog" but the info was error 4201
Using the ERR.exe to find out the error
\>err 4201
# for decimal 4201 / hex 0x1069 :
ERROR_WMI_INSTANCE_NOT_FOUND winerror.h
# The instance name passed was not recognized as valid by a
# WMI data provider.
# 1 matches found for "4201"
Now we know it's a WMI issue. But how fix?
You probably read some articles and info on internet about rename the folder "RTBACKUP" ... Unfortunately it doesn't worked in my case ( my real case :-( )
Solution
==========
This issue happens because the SYSTEM account doesn’t have full control. And you should grant the permission. You've two options (command or GUI):
1. Right-click and choose "Run as Administrator". Type the following commands, then press "Enter"
Please note the space before the command and its parameter.
"takeown /f C:\windows\system32\logfiles\wmi\rtbackup
cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F
cacls C:\windows\system32\logfiles\wmi\rtbackup /G SYSTEM:F"
2. Under the RTBackup Folder go to the security tab, then click advanced.
Click the owner tab. Set yourself as the owner or administrator.
If the SYSTEM account is missing you should add this account and give the Full Permission. After completing Click OK
- After rebooting check and see if the Windows Event Log service is started in services.msc
Have FUN! Worked for Vista and Windows7
Didn't worked for me. My SYSTEM has full access to RTBackup folder but WMI still give me this error about missing instance. Any other good solution ? Maybe a missing registry value ? Checked also WMI by commandline - everything fine.
ReplyDelete