I'm sure you have bounced the box. WMI might be corrupted, there some commands that can be run to verify repository health.
Cesar A. On May 10, 2017 8:43 AM, "Heaton, Joseph@Wildlife" < [email protected]> wrote: > Server 2012R2 > > Domain Controller > > Main DHCP server for the domain > > > > This is affecting only my Security event log. The Application and System > logs are working fine. When I try to look at the Security log, I get an > error: > > > > “Event Viewer cannot open the event log or custom view. Verify that Event > Log service is running or query is too long. The instance name passed was > not recognized as valid by a WMI data provider (4201)” > > > > I have been searching the internet, and have found plenty of stuff on this > error, but nothing has looked right. Permissions are correct in the > registry, permissions are correct in the file structure, the event log keys > are correct value in the registry. The Windows Event Log service is > running, which was another symptom people were listing. There are no > custom views setup, or filters. > > > > When I look at the properties of the Security log within Event Viewer, it > shows the Log size as 0 bytes. The max log size was up to 12.5GB (I did > NOT set it to that). The size of the actual log in the directory is 8GB. > I have manually reset the max size to 4GB, closed out the Event Viewer, > reopened it, and the max size had changed to 8GB. > > > > I have been digging on this for a few days now, and just can’t find a > solution. We do have Splunk in place, and what it is seeing as far as > Security logs, are 521 entries, which say “Unable to log events to security > log”. Which makes sense, since the security log is hosed. Can I simply > rename the actual log file, or move it out of the location, and the system > would recreate it? Any help/tips/advice you guys can offer would be > greatly appreciated. > > > > Joe Heaton > > Information Technology Operations Branch > > Data and Technology Division > > CA Department of Fish and Wildlife > > 1700 9th Street, 3rd Floor > > Sacramento, CA 95811 > > Desk: (916) 323-1284 > > > > Every Californian should conserve water. Find out how at: > > [image: SaveOurWater_Logo] <http://saveourwater.com/> > > SaveOurWater.com <http://saveourwater.com/> · Drought.CA.gov > <http://drought.ca.gov/> > > >
