Event Viewer Error 4201

ByLine
How to Fix the Event Viewer 4201 Error in Vista
Synopsis
This will show you how to fix the Event viewer if you are getting this error :

ERROR_WMI_INSTANCE_NOT_FOUND
4201 The instance name passed was not recognized as valid by a WMI data provider
How to Fix the Event Viewer 4201 Error in Vista

information   Information
This will show you how to fix the Event viewer if you are getting this error :

ERROR_WMI_INSTANCE_NOT_FOUND
4201 The instance name passed was not recognized as valid by a WMI data provider

warning   Warning
This may only work if you did a clean install of Vista and not a upgrade from XP. Instead, use this method for a upgrade verion of Vista to have it install as a clean install: How to Do a Clean Install of Vista with a Upgrade Version


Note   Note
One usual cause of this error is a corrupted Repository file.




Here's How:
1. Restart the computer into Safe Mode (without networking).​
2. In Safe Mode, open a elevated command prompt.​
3. In the elevated command prompt, type net stop winmgmt and press Enter.​
NOTE: This is to make certain the wmi service is not running.
4. Wait until the successful message appears, then close the elevated command prompt.​
5. Open Windows Explorer and navigate to C:\Windows\System32\wbem.​
6. Right click on the Repository folder and click on Rename.​
7. Type in RepositoryOld and press Enter.​
NOTE: This is to make this a backup of the original Repository folder.
8. Restart the computer back into normal mode to an administrator account.​
9. When it is done starting up, open a elevated command prompt.​
10. In the elevated command prompt, type net stop winmgmt and press Enter.​
NOTE: This is to make certain the wmi service is not running.
11. Wait until successful message appears, and then type winmgmt /resetRepository in the elevated command prompt and press Enter.​
12. Wait until the successful message appears and then close the elevated command prompt.​
13. Take ownership of these two files:​
  • C:\windows\logs
  • C:\windows\system32\logfiles
14. Restart the computer.​
15. Test the Event Viewer. It should be working now.​
16. If it is working again, then go back and delete the RepositoryOld folder. (See step 7)​
17. If it is still not working for you, then do a System Restore using a restore point dated before the problem.​
That's it,
Shawn



 
Last edited by a moderator:
Shawn Brink

Comments

I tried your suggestion but the system security will not allow me to rename the repository folder. I tried changing ownership and adding my specific user to the folder and contents with full control but no such luck.

Attached is a screen print of "Access Denied" error message.

By the way I did this with the "Administrator" user.

Now what? :cry:

Access Denied.jpg
 
Hi Rocky, and welcome to Vista Forums.

I updated the steps a little to help. Try again and see what you get this time.

Hope this helps,
Shawn
 
Hi Shawn,

I have been trying this approach to getting my event viewer running so that i can install vista sp1 and have religiously followed these steps. All the confirmations have worked and the repository folder has been reset yet I still get the same error message when i try and manually start the event viewer service. I would restore to a point before the problem but it seems the problem has always been there as I reinstalled vista only about a month ago. I am worried about doing a repair install as I have several software's on this machine worth a fortune and no install files for them. Are there any other ways to get the event viewer running or sp1 installed without having to take those steps?

Thanks a million

Evan
 
Hi Evan, and welcome to Vista Forums.

Have you already tried setting this Event Viewer service to just Automatic and restart the computer to allow it to start that way? You might also double check to make sure that all of it's Dependencies (other required services) are started to.

If you had to, a Repair install will not delete any installed software. It may remove the shortcuts for some of them in the Start menu, but you can easily recreate those from the program's exe file if needed.

Hope this helps,
Shawn
 
Hi Shawn,

Thank you for replying to my post. I had tried that to no avail but after some persistance I managed to follow some instructions on a post which solved the issue about an hour ago.

Thanks once again for your suggestions

Evan
 
I'm happy to hear that you got it sorted out Evan. Could you post the link to that post so that others with the same problem may be able solve their problem as well.

Thank you,
Shawn
 
Hi All,

After trying a few things after having started with the process at the top of this page I ended up following the steps at the following link and it has solved the problem:

Re: Serious security concern: event log error 4201 - MSDN Forums

It all started when I couldn't install vista SP1 and then traced back to the eventlog and viewer services being unable to start - it seems a few folk have been having the issue and I'm pleased to announce that this has worked (well so far - I'm only an hour and a half in :) ). The services now run and so far as I can tell there are no other deleterious effects. Vista sp1 has also now finally installed without difficulty. It all looked way too complicated at the beginning but if a simple plant breeder can pull it off - hopefully so can you. I hope this helps.

Evan
 
Fixed Event Viewer Error 4201

I researched several forums and none of the suggestions worked. So I compared the folder permissions to c:\windows\system32\logfiles\wmi\rtbackup to a working machine. Navigate to rtbackup properties and check security settings. It requires SYSTEM - full control. I added this permission and rebooted PC to fix the issue. I can now access my event viewer.
 
I got to the point of taking ownership of the LOG files / folder and it gave me an error saying the files were in use. I'm thinking about installing Unlokr and forcing an unlock on the files and then trying it. What do you think?
-dennis
 
Hello Dennis, and welcome to Vista Forums.

Do you have them open or Event Viewer open? Were you able to do all of the other steps above without getting any errors?

If not, you might see if you may be able to do it after restarting the computer or in Safe Mode first.
 
I was able to do the above steps and reboot in safe mode.
I had to mess with it a bit to get the repository folder to rename (it was in use too). But when I tried to take ownership / change permissions. That's when I got the "in use" error. I was rebooted in safe mode too.
Should I use unlokr? It seems like the taking ownership is a critical step in fixing this problem.
 
This method work great for this:

Boot Vista DVD

choose language>>repair computer>>WinRE>>command prompt
and type:

RD /S C:\Windows\System32\LogFiles\WMI\RtBackup

gone :)
 
Top