Note
Ang pag-access sa pahinang ito ay nangangailangan ng pahintulot. Maaari mong subukang mag-sign in o magpalit ng mga direktoryo.
Ang pag-access sa pahinang ito ay nangangailangan ng pahintulot. Maaari mong subukang baguhin ang mga direktoryo.
This article helps to fix the error where we are unable to access the security log.
Original KB number: 2751670
Symptoms
We are seeing the following error "Event viewer cannot open the event log or custom view. Verify that the event log service is running or query is too long. Access is denied" when we try to open the security logs on some of the domain controllers with the domain admin account.
Cause
We didn't have the right security permissions defined for the eventlog account in the registry
Resolution
You can follow below steps for fixing the error.
- Checked NTFS permissions for C:\Windows\System32\winevt\Logs - Eventlog User has full control
- Checked HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security - Eventlog has no permissions there.
- Granted "NT service\EventLog" read permissions in
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security. (You have to do it by selecting the local computer account by clicking on "locations". - Reopened Event Viewer and confirmed that we can now read the security logs.