Windows event log service start

The ‘Event Log Service is unavailable’ is a well-known Windows error. I have faced this issue on numerous occasions in my long Windows usage. Most of the time, the reason is either messed up file permissions or the inability of the Windows Log Event service to restart. Here’s how you can quickly fix all of that.

Event Log Service is Unavailable

What is Event Log Service?

Event Log Service, as the name suggests, is the Windows inbuilt service program. The location of the Event Log program is C:\Windows\System32\svchost.exe. Basically, it logs all the information as well as error messages in a text file. Most of the internal Windows system jobs depend on the Windows Event Log Service. A handful of Windows applications like Task Schedular, Calendar, or Mail won’t function properly without this service. Hence, it’s important to ensure that the Windows Event Log Service is up and running.

With that out of the way, before we get to the troubleshooting steps, I would recommend you first try a good old restart. If that doesn’t work, we can move ahead with the below methods.

1. Start Windows Log Service

Foremost, we can try and start the Windows Event Log service manually. To do that, head over to the Run menu by pressing Win+R, type services.msc and hit Enter.

On the Services menu, navigate to the Windows Event Log service.

Right-click on the Windows Event Log service and click on Start. In case the service is already running, click on Restart. You might also be prompted for the administrator password, enter it accordingly.

Once the Windows Event Log service starts successfully, the error should be solved. Also, make sure that the Startup Type for the service is set to Automatic. If it’s Manual or blank, you can change it from the Properties.

2. Regedit value

If you are not able to start the Windows Event Log service, there might be issues with the ownership of the Windows Event Log service. To fix that, we need to first check and ensure that the owner of the Windows Log program is correct. This has to be done through the Registry editor.

To open the Registry Editor, hit Win+R to access the Run menu, type regedit, and hit Enter.

On the Registry Editor menu, copy-paste the following URL.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog

Under the Event Log folder, you will find a key called “Object Name“. Make sure the value of the key is NL AUTHORITY\LocalService. If the value is empty or different, double-click on it to change the value.

On the pop-up, change the Value data to NL Authority\LocalService. Once done, click on the OK button.

Now, you can try restarting the Windows Event Log service from the services menu. In case you still face issues, move to the next step.

3. Check Permissions

Another reason for the failure of the Windows Event Log service to start is incorrect permissions to the Log directory. In order to fix that, head over to Windows Explorer and copy-paste the following URL.

 C:\Windows\System32\winevt\Logs

Right-click on the Logs folder and click on Properties.

On the Properties menu, navigate to the Security tab.

Under the Security tab, click on SYSTEM profile and see that it has all the permissions under the Permissions tab. After SYSTEM profile, check for Administrators and EventLog profile.

If full permissions aren’t provided to the account, click on the Edit button, and provide the necessary permissions. Are you still facing the ‘Event Log Service is Unavailable’ error on your Windows computer?

4. Check Log Retention

If the above methods didn’t fix the issue, there might be problems with the actual log files being full. We can check the status of the log files through Window’s own Event Viewer application.

Head over to the Start menu and type Event Viewer. Once the results pop up, click on Run as Administrator.

On the Event Viewer window, click on Windows Logs. Under Windows, you’ll find logs for Application, Security, Setup, System, and Forwarded events. We need to check each event individually. But first, let’s check Application Logs.

On the right-hand side, you will an option called Properties. Click on it to open Application Logs properties.

On the Log Properties popup, ensure that the “Overwrite events as needed” button is checked. This ensures that when the log files are filled, it’ll overwrite them. Next, click on the OK button.

Similar to the Application Properties, we need to check the other 4 logs for the same option. Once done, restart your Windows system. Next, try restarting the Windows Event Log service. It should start running normally.

5. Clean Up Old Logs

Even after providing permissions and authority, if the Windows Log Event service fails to start, we can do a general cleanup of the RtBackup folder. The RtBackup folder contains the real-time event logs of applications, kernels, and system issues. At times, older logs can cause the Windows Event Log service from functioning.

However, cleaning up this folder isn’t easy. You would have to boot into safe mode and change a couple of permissions as well. The easiest way to boot into safe mode is via the Windows Configuration. Press Win+R to trigger the Run menu, type msconfig, and hit Enter.

Click on Boot tab and check the “Safe Boot” option. Next, click on the OK button.

Once done, you can now restart your system.

Now, Windows should boot up in Safe Mode.

In Safe mode, head over to the following file location.

C:\Windows\System32\LogFiles\WMI\RtBackup

By default, the RtBackup folder is owned by the System and you cannot open or delete the folder. Hence, right-click on it and click on Properties.

On the Properties menu, head over to the Security tab and click on the Advanced button.

Once the Advanced security tab opens, click on the Change link beside the Owner section.

On the popup, type your username in the “Enter the object name to select” textbox and click on the Check Names button. Once it detects your username, click on the OK button.

In case you don’t know your user name, head over to the command prompt, and just type whoami.

On the Advanced Security menu, click the checkbox named “Replace owner on subcontainers and objects“. Next, click on the OK button to save the changes.

Once done, you can now right-click on the RtBackup folder and delete it or even rename it.

Next, restart your Windows machine and the issue should be resolved.

6. Backup & Reinstall Windows

If none of the above methods have worked, unfortunately, you would have to reinstall Windows. Foremost, backup your machine with a third-party free backup app before you proceed with the reinstallation.

Closing Words: Event Log Service Is Unavailable

These were the 5 nifty ways to fix Windows Event Log Service is Unavailable error. Once it’s fixed, you should be able to use your Windows machine normally.

Also Read: 6 Ways to Fix Delayed Auto Start Flag Error 87 in Windows 10

First, reboot your system and see if it helps. Sometimes a simple restart helps reinitialize this service. If the Windows Event Log shows as being started, re-start it from Services Manager. To check if the Windows Event Log service is started or stopped, Run services.

How do I fix Event Log service is unavailable?

Right-click on the Windows Event Log service and click on Start. In case the service is already running, click on Restart. You might also be prompted for the administrator password, enter it accordingly. Once the Windows Event Log service starts successfully, the error should be solved.

How do I open Event Viewer in Windows Server 2008?

To access the Event Viewer in Windows 7 and Windows Server 2008 R2:

1. Click Start > Control Panel > System and Security > Administrative Tools.
2. Double-click Event Viewer.
3. Select the type of logs that you wish to review (ex: Windows Logs)

How do I restart Event Viewer service?

In the Services window, double-click on Windows event log. c. Set the Startup type to Automatic & start the Service. You may run system file checker [SFC] scan on the computer which will replace the missing or corrupt files & check if the issue persists.

How do I fix event viewer errors?

To access the System log select Start, Control Panel, Administrative Tools, Event Viewer, from the list in the left side of the window select Windows Logs and System. Place the cursor on System, right click and select Filter Current Log. Check the box before Error and click on OK and you see only Error reports.

How do I enable event logging?

Manually

1. On a target server, navigate to Start → Windows Administrative Tools (Windows Server 2016 and higher) or Administrative Tools (Windows 2012) → Event Viewer.
2. Navigate to Event Viewer tree → Windows Logs, right-click Security and select Properties.
3. Make sure Enable logging is selected.

How do I fix the event log?

3. To access the System log select Start, Control Panel, Administrative Tools, Event Viewer, from the list in the left side of the window select Windows Logs and System. Place the cursor on System, right click and select Filter Current Log. Check the box before Error and click on OK and you see only Error reports.

How do you check if a service has been restarted?

To find the event log record showing when your service was last started:

1. Open the Event Viewer from the Control Panel (search for it by name).
2. In the left-hand column, navigate to Windows Logs > System:
3. Click Find… on the right to bring up the Find window.

What to do if Event Viewer is not running?

Click on Start. b. Click on Search and type Services.msc. c. Right click on Windows event log and Stop the service and re-start the service. Was this reply helpful?

How to start the Windows Event Log Service?

All replies 1 Go to C:WindowsSystem32winevtlogs folder and Right Click on system and application event –> Click on properties… 2 Start the windows eventlog service now and it will run fine with out any issues. 3 All the events stored back to the eventvwr console automatically. More

How to tell if event log service is unavailable?

Event Log service is unavailable. Verify that the service is running. Event Log service is unavailable. Verify that the service is running. I get error message Event Log service is unavailable. Verify that the service is running. whenevr I try to open event viewer.

Why is my event log not turning on?

The one event that seems to coincide with the Event log shutting down message is a User Profile lock error. Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

Sometimes the Event Log service encounters some issues, but what is it, and how do you fix it when it trips up?

You’re using your Windows device and suddenly bump into the “Event Log service is unavailable” error. However, it doesn’t really tell you what exactly went wrong. So, what is causing this weird issue, and how do you fix it?

Let’s start by exploring what the Event Log Service is and why it has issues. From there, we’ll check out how you can resolve the “Event Log service is unavailable” error.

What Is the Event Log Service, and Why Is It Running Into Issues?

The Event Log service is a Windows feature that manages events and event logs. Various apps (such as the Task Scheduler) depend on this service to run effectively. So, it’s always a good idea to ensure that this service is up and running at all times.

Here are some reasons why this service might be running into issues:

• The Log Service is disabled.
• You’ve configured the wrong security settings in the log directory.
• Your device has too many log files and isn’t able to handle all of them.
• There are issues with some of your PC’s registry keys.

Let’s now check out how you can get rid of the “Event Log service is unavailable” error.

1. Start or Enable the Windows Event Log Service

One of the easiest solutions to this issue is to start or enable the Windows Event Log service. First, we’ll try starting this service and see if this helps:

1. Press Win + R to open the Run command dialog box.
2. Next, type services.msc and press Enter to open the Services window.
3. Scroll down and locate the Windows Event Log service. Right-click on the service and select Start. If the service is already running, click the Restart option.

If the issue persists, try to configure a few settings as follows:

1. Open the Services window as per the previous steps.
2. Double-click on the Windows Event Log service.
3. Navigate to the General tab on the next window.
4. Next, click the Startup type drop-down menu and select Automatic.
5. Click Apply and then click OK. Finally, press the Start button to run the service.

Restart your device to save these changes. If the issue persists, try configuring the same settings for the Windows Event Collector and see if that helps.

2. Configure the Log Security Settings

This error might also pop up because of the way you’ve configured some log security settings. For example, there might be some restrictions in the Event Log Permission settings.

To resolve this issue, here are some steps to follow:

1. Press Win + R to open the Run command dialog box.
2. Type the following command and press Enter to open the Event Log folder:

 C:\Windows\System32\winevt 

From there, follow these steps:

1. Right-click on the Logs folder and click on Properties.
2. Next, navigate to the Security tab.
3. Click the SYSTEM option in the Group or user names box.
4. Now, take a look at the Permissions for SYSTEM box and ensure all options are allowed.

If any of the options are marked as «not allowed,» click the Edit button. Next, go to the Permissions for Authenticated Users box and tick the Allow boxes. Press Apply and then press OK.

From there, press Apply and press OK on the Logs Properties window. Finally, restart your device to save these changes.

3. Overwrite Redundant Log Files

You could also bump into this error if your device contains too many log files. In this case, your PC isn’t able to handle new log files.

The best solution here would be to overwrite old, redundant log files.

To overwrite log files, you’ll need to use the Windows Event Viewer. This is an incredible tool that helps you view and analyze logs with ease.

1. To get started, press Win + X to open the Quick Access Menu.
2. Select Event Viewer from the menu items.
3. Click the Windows Logs drop-down menu in the top-left corner of the screen. You should see the Application, Security, Setup, System, and Forwarded Events options.

You need to overwrite log files for all the options that appear under the Windows Logs menu. So, we’ll show you how you can do this for one option, and you can apply the same procedure for others.

In this case, let’s check out how you can clear redundant log files on the System option.

1. Click the System option under the Windows Logs drop-down menu.
2. Next, click the Properties option on the right-hand side pane.
3. Navigate to the General tab.
4. Check the Overwrite events as needed (oldest events first) box.
5. Press Apply and then press OK.

From there, apply the same settings for the Application, Security, Setup, and Forwarded Events options.

4. Manually Remove Old Log Files

Overwriting old log files might not always help. In this case, you might need to manually remove old log files to tackle the issue at hand.

To do this, you’d need to remove the RtBackup folder. This is a Windows folder containing real-time event logs of applications and other services. However, the folder is restricted a lot, so you’d need to boot into safe mode and configure a few security settings first.

To get started, here’s how you can boot into safe mode:

1. Press Win + R to open the Run command dialog box.
2. Type msconfig and press Enter to open the System Configuration window.
3. Navigate to the Boot tab and check the Safe boot option.
4. Press Apply, press OK, and then restart your device.

From there, navigate to the folder containing the RtBackup contents and configure some security settings. Here’s how you can do this:

1. Press Win + R to open the Run command dialog box.
2. Type the following command and press Enter:

 C:\Windows\System32\LogFiles\WMI 

Right-click on the RtBackup folder and select Properties. Next, navigate to the Security tab and click the Advanced button.

From there, click the Change button next to the Owner option. Next, type your username in the Enter the object name box and then click the Check Names button. Once the system detects your username, click OK to save these changes.

If you don’t know your username, open the Command Prompt, type whoami, and press Enter.

In the next window of the RtBackup folder, check the Replace owner on subcontainers and objects box. From there, press OK to save these changes.

Now, you should be able to remove the RtBackup folder and get rid of the “Event Log service is unavailable” error. To do that, right-click on the RtBackup folder and select Delete. Finally, restart your device to save these changes.

5. Edit the Windows Registry

If the issue persists, then you could try tweaking a few Registry settings. However, start by backing up your Registry Editor first before proceeding.

Otherwise, here are some settings you could tweak to tackle the issue at hand:

1. Press Win + R to open the Run command dialog box.
2. Type Regedit and press Enter to open the Registry Editor.
3. Navigate to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > EventLog.
4. Double-click the Start value on the right-hand side pane.

Next, set the Value data to 1 and press OK. This will ensure that the Event Log service is enabled.

Finally, restart your device and see if this helps.

Windows Event Log Service Error: Resolved

Tired of the “Event Log service is unavailable” error? Then any of the solutions we’ve covered should help you out. But if the issue persists, try cleaning up your PC or performing system scans to get rid of any bugs.