Event Viewer Service

This problem is very frustrating. The Event Viewer service does not start.
This is the error I receive:

Windows could not start the Windows Event Log service on Local Computer.
Error 4201: The instance name passed was not recognized as valid by WMI data
provider.

What the does this mean?

Dear Russ,
WMI stands for Windows Management Instrumentation, it's a management
technology that allows you to monitor and control resources through the
network, these resources might include hard disks, services, shares, event
logs, and more.

WMI Provider is any technology that provides any service that uses WMI, for
example Active Directory, because you can control and monitor a lot of
resources like users, groups, policies, network resources and more. Other
providers might be DNS, Disk Quota, Event Log,...

Concerning your problem, I searched for anything about it, but unfortunately
I found a lot of users have the same problem and none of them got a
solution. They mentiond something about an update that should be released to
solve this problem from Microsoft, but nobody is sure.
The ones who got rid of this error, they did a Clean Installation for Vista.

I'm sorry that you are having this problem with Vista.

Best regards

"Russ" <russ@russ.com> wrote in message
news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
> This problem is very frustrating. The Event Viewer service does not start.
> This is the error I receive:
>
> Windows could not start the Windows Event Log service on Local Computer.
> Error 4201: The instance name passed was not recognized as valid by WMI
> data
> provider.
>
> What the does this mean?

OK, so I finally figured out what my problem was with the event viewer
service not starting. It is a severe permissions problem. I granted
administrator ownership to the win32\logs folder. For whatever reason, the
logs folder and everything in it did not have ANY permission.

But, I had played with a few other things. Someone that is running Vista
(Business), can you tell me a few things.

1) Go in to the Local Security Policy ---> User Right Assignment ---> Log on
as a service, and please tell me what user or group is assigned.

2) Right click on your C:\ or whatever drive that Vista is installed on and
please tell me who is the owner of the entire drive? I have my computers
Administrators group. Is this correct?

Thank you for your help...

"Hayman Ezzeldin" <haymanezzeldin@gmail.com> wrote in message
news:OPtomudfHHA.3564@TK2MSFTNGP06.phx.gbl...
> Dear Russ,
> WMI stands for Windows Management Instrumentation, it's a management
> technology that allows you to monitor and control resources through the
> network, these resources might include hard disks, services, shares, event
> logs, and more.
>
> WMI Provider is any technology that provides any service that uses WMI,
> for example Active Directory, because you can control and monitor a lot of
> resources like users, groups, policies, network resources and more. Other
> providers might be DNS, Disk Quota, Event Log,...
>
> Concerning your problem, I searched for anything about it, but
> unfortunately I found a lot of users have the same problem and none of
> them got a solution. They mentiond something about an update that should
> be released to solve this problem from Microsoft, but nobody is sure.
> The ones who got rid of this error, they did a Clean Installation for
> Vista.
>
> I'm sorry that you are having this problem with Vista.
>
> Best regards
>
> "Russ" <russ@russ.com> wrote in message
> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
>> This problem is very frustrating. The Event Viewer service does not
>> start.
>> This is the error I receive:
>>
>> Windows could not start the Windows Event Log service on Local Computer.
>> Error 4201: The instance name passed was not recognized as valid by WMI
>> data
>> provider.
>>
>> What the does this mean?
>
>

Dear Russ,
For question number (1), There is nobody in the "Log on as a service"

For question number (2), The owner of the partition is "TrustedInstaller"
which I guess is the Administrator, and the default permissions assigned to
the partition are as follow:
Authenticated Users (Special Permissions) (Create Folders / Append Data),
Apply to (This folder only)
Authenticated Users (Special Permissions) (Traverse folder,List folder,Read
attributes,Read ex. atributes,Create files, Create Folders,Write
attributes,Write ex. attributes,Delete,Read Permissions), Apply to
(Subfolders and files only)
System (Full Control)
Administrators (Full Control)
Users (Read & Execute)

Best regards.

"Russ" <russ@russ.com> wrote in message
news:eBgvwNkfHHA.284@TK2MSFTNGP05.phx.gbl...
> OK, so I finally figured out what my problem was with the event viewer
> service not starting. It is a severe permissions problem. I granted
> administrator ownership to the win32\logs folder. For whatever reason, the
> logs folder and everything in it did not have ANY permission.
>
> But, I had played with a few other things. Someone that is running Vista
> (Business), can you tell me a few things.
>
> 1) Go in to the Local Security Policy ---> User Right Assignment ---> Log
> on
> as a service, and please tell me what user or group is assigned.
>
> 2) Right click on your C:\ or whatever drive that Vista is installed on
> and
> please tell me who is the owner of the entire drive? I have my computers
> Administrators group. Is this correct?
>
> Thank you for your help...
>
> "Hayman Ezzeldin" <haymanezzeldin@gmail.com> wrote in message
> news:OPtomudfHHA.3564@TK2MSFTNGP06.phx.gbl...
>> Dear Russ,
>> WMI stands for Windows Management Instrumentation, it's a management
>> technology that allows you to monitor and control resources through the
>> network, these resources might include hard disks, services, shares,
>> event logs, and more.
>>
>> WMI Provider is any technology that provides any service that uses WMI,
>> for example Active Directory, because you can control and monitor a lot
>> of resources like users, groups, policies, network resources and more.
>> Other providers might be DNS, Disk Quota, Event Log,...
>>
>> Concerning your problem, I searched for anything about it, but
>> unfortunately I found a lot of users have the same problem and none of
>> them got a solution. They mentiond something about an update that should
>> be released to solve this problem from Microsoft, but nobody is sure.
>> The ones who got rid of this error, they did a Clean Installation for
>> Vista.
>>
>> I'm sorry that you are having this problem with Vista.
>>
>> Best regards
>>
>> "Russ" <russ@russ.com> wrote in message
>> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
>>> This problem is very frustrating. The Event Viewer service does not
>>> start.
>>> This is the error I receive:
>>>
>>> Windows could not start the Windows Event Log service on Local Computer.
>>> Error 4201: The instance name passed was not recognized as valid by WMI
>>> data
>>> provider.
>>>
>>> What the does this mean?
>>
>>
>

-- I've had exactly the same problem and have received the same advice. If
this is Microsoft's best, it is very depressing. Theories abound - one expert
thought I'd picked up an intruder of some kind prior to installing AVG - on
the basis that there must be a reason for denying access to the event log! So
I'm going to have to do a clean install, which is a real pain.


"Hayman Ezzeldin" wrote:

> Dear Russ,
> WMI stands for Windows Management Instrumentation, it's a management
> technology that allows you to monitor and control resources through the
> network, these resources might include hard disks, services, shares, event
> logs, and more.
>
> WMI Provider is any technology that provides any service that uses WMI, for
> example Active Directory, because you can control and monitor a lot of
> resources like users, groups, policies, network resources and more. Other
> providers might be DNS, Disk Quota, Event Log,...
>
> Concerning your problem, I searched for anything about it, but unfortunately
> I found a lot of users have the same problem and none of them got a
> solution. They mentiond something about an update that should be released to
> solve this problem from Microsoft, but nobody is sure.
> The ones who got rid of this error, they did a Clean Installation for Vista.
>
> I'm sorry that you are having this problem with Vista.
>
> Best regards
>
> "Russ" <russ@russ.com> wrote in message
> news:u%234Qv6bfHHA.4536@TK2MSFTNGP04.phx.gbl...
> > This problem is very frustrating. The Event Viewer service does not start.
> > This is the error I receive:
> >
> > Windows could not start the Windows Event Log service on Local Computer.
> > Error 4201: The instance name passed was not recognized as valid by WMI
> > data
> > provider.
> >
> > What the does this mean?
>
>
>