I have a SSD failing (Yes, I know, I need to replace it...but I'm waiting for Black Friday among other reasons).  Several times now, it failed to shutdown and then I had to hit the power button.  Subsequently, Windows (7) does a chkdsk on the drive, finds many issues and then basically starts making all kinds of changes, only to create a unbootable Windows. Running chkdsk on an SSD is supposedly not a good idea anyway, but if Windows doesn't respond to your bypass of chkdsk (or you miss it altogether), then there's not much you can do. On one occasion, I had to restore from backup. However, at least two other times, I've been able to recover only to find most everything working properly but the Event Logs (Event Viewer).

When you try to open the Computer Management > System Tools > Event Viewer, you're presented with:

 Event log service is unavailable. Verify that the service is running.

When you try and start the service, it looks like it started, but if you right click (or refresh), you'll see that it didn't and you're presented with the Start option again. The solution for this is quite simple:

  1. Go to: C:\Windows\System32\winevt
  2. There should be a Logs directory. If there is not, then create one and that should fix the problem. However, if there is a Logs directory, rename it to Logs.bak and create a new Logs directory.
  3. Then start your Windows Event Logs service (or reboot).

NOTE: You could also just delete all the evtx files in the Logs directory instead of creating Logs.bak, but not smart if you want to review the evtx files once your Event Viewer is working again.  Creating a Logs.bak directory will also tell you which file was corrupted when you try to open an evtx file and Event Viewer fails to do so.

In a nutshell, one of the Event logs is getting corrupted and Windows Event Logs can't deal with it when starting the service  Removing the problem log(s) so it can create a new one is the solution.

Comments


Comments are closed