This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 65%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Today our server had some issues where we lost a bunch of printers from "Devices & Printers".
We rebooted the server but that didn't help and instead we got a warning triangle on the network connection icon, server went into "Public network location" which means network sharing is off.
A bunch of services are also not starting (Network location awareness, Remote access connection manager and others) and after digging and looking at the dependency chain of services, it seems the root cause is the event log service not starting.
Sure enough, it isn't. In fact, the "Windows Event Log" service was totally missing from the services list. I have no idea why it disappeared.
I re-created it using this:
sc create eventlog binpath="C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" type=share start=auto error=normal group="Event Log" tag=no obj= "NT AUTHORITY\LocalService" DisplayName="Windows Event Log"
It now correctly appears in the services list but it won't start with the error 1314: a required privilege is not held by the client
I checked permissions in "C:\Windows\System32\winevt" folder and "Logs" subfolder. Everything seems ok (same as another server we have)
I checked permissions in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog and subkeys. Everything seems ok (same as another server we have).
I also run SFC /scannow and it came back with nothing.
I don't know if fixing the event log issue will fix the other issues we're facing, but I need to fix this first and then I'll see.
**** UPDATE ***
I have since rebooted the server and now "Windows Event Log" service will not start but with a different error: 2 - The system cannot find the file specified
Any help/suggestions?
Thanks a lot in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 99%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELJ%3C/text%3E%3C/svg%3E)
Unfortunately, I may meet the same trouble with you, after auto-updating system this morning.
I can't open the "Windows Event Log", with the error "2 - The system cannot find the file specified", causing the network service to be broken.
Waiting for some helpful ideas, and thanks in advance, too.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Might try deleting all the EVTX files in case of corruption, reboot.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks for the reply. I will try this today.
I have tried this but does not help.
Finally, I reset my system. It helped.