After restarting 2008 R2 based Domain Controller I am getting error while opening Event viewer as follows:
Event viewer can not open the event log or custom view. Verify that event log service is running or query is too long. Access is denied (5). this error is coming while I open all event logs which are under 'Applications & Service logs' as well as 'Setup' logs under 'Windows logs'. Also half of the log category which are under 'Microsoft>Windows'.
In some websites it is mentioned that it can be due to permission issue on below registry for 'Builtin\Event Log Reader' user.
HKLM\System\Currentcontrolset\Services\Eventlog
But my other ADCs are working with same permission present in my problematic ADC.
I have also check below Microsoft link for this issue.
Error message when attempting to start the Windows Event Log Service: "Access denied" | Microsoft Support
And correct permissions are set on registry as per above link.
Best Answer
In server 2008 they changed the way permissions are set, it's no longer ion the registry. Now you have to use the "wevtutil.exe" program to set/change permissions.
I am guessing someone has modified the permissions and that a reboot didn't cause this. There is a brief explanation on this, and how to check/change permissions at the bottom of the page on this link: https://blogs.technet.microsoft.com/janelewis/2010/04/30/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008/ Good luck, hope that helps. -larryc