Примітка
Доступ до цієї сторінки потребує авторизації. Можна спробувати ввійти або змінити каталоги.
Доступ до цієї сторінки потребує авторизації. Можна спробувати змінити каталоги.
This article helps to fix the error where we are unable to access the security log.
Original KB number: 2751670
Symptoms
We are seeing the following error "Event viewer cannot open the event log or custom view. Verify that the event log service is running or query is too long. Access is denied" when we try to open the security logs on some of the domain controllers with the domain admin account.
Cause
We didn't have the right security permissions defined for the eventlog account in the registry
Resolution
You can follow below steps for fixing the error.
- Checked NTFS permissions for C:\Windows\System32\winevt\Logs - Eventlog User has full control
- Checked HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security - Eventlog has no permissions there.
- Granted "NT service\EventLog" read permissions in
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security. (You have to do it by selecting the local computer account by clicking on "locations". - Reopened Event Viewer and confirmed that we can now read the security logs.