Server 2012R2 Domain Controller Main DHCP server for the domain This is affecting only my Security event log. The Application and System logs are working fine. When I try to look at the Security log, I get an error:
"Event Viewer cannot open the event log or custom view. Verify that Event Log service is running or query is too long. The instance name passed was not recognized as valid by a WMI data provider (4201)" I have been searching the internet, and have found plenty of stuff on this error, but nothing has looked right. Permissions are correct in the registry, permissions are correct in the file structure, the event log keys are correct value in the registry. The Windows Event Log service is running, which was another symptom people were listing. There are no custom views setup, or filters. When I look at the properties of the Security log within Event Viewer, it shows the Log size as 0 bytes. The max log size was up to 12.5GB (I did NOT set it to that). The size of the actual log in the directory is 8GB. I have manually reset the max size to 4GB, closed out the Event Viewer, reopened it, and the max size had changed to 8GB. I have been digging on this for a few days now, and just can't find a solution. We do have Splunk in place, and what it is seeing as far as Security logs, are 521 entries, which say "Unable to log events to security log". Which makes sense, since the security log is hosed. Can I simply rename the actual log file, or move it out of the location, and the system would recreate it? Any help/tips/advice you guys can offer would be greatly appreciated. Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<http://saveourwater.com/> SaveOurWater.com<http://saveourwater.com/> * Drought.CA.gov<http://drought.ca.gov/>
