General discussion

Locked

Event Viewer System Logs

By Rabbit_Runner ·
Hi, We have a Win2K server(SP2) which is in a workgroup. There is a special application running on this box, and the developers (in another location) have given us a patch to apply. This was done last week. Now, we are not able to access the System log in the event viewer. The local administrator does not have the permissions to open the file. error is 'access denied'. We have checked the log files in %system root%\system32\config folder and the normal permissions are applied to all of the files. We have checked the Group policy and are not able to find any thing which has been changed. Also the developers do not have any idea what may have caused this. The Application log and the Security log, can be viewed with no problem. We havechecked Technet and the only article that seems to apply is Q245128. This has been done, but has not corrected the problem. Is there some setting that we still need to check? Thanks.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Event Viewer System Logs

by Joseph Moore In reply to Event Viewer System Logs

Open up Local Security Policy on this Win2K server (Start -> Programs -> Control Panel -> Administrative Tools -> Local Security Policy) and expand:
Security Settings -> Local Policies -> User Rights Assignment.
Check the right "Manage auditing and Security log".
See who, if anyone is Assigned the right. You should have Administrators listed at least!
My guess is that this right was changed to be blank, so no one can do this.
So, be logged in as an Administrator and add Administrators.

You might need to check the Group Policy settings for this same right, just to make sure it is not changed there, but I would bet this is a local problem, not a GP problem.

hope this helps

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

I a closing this question and going to re-open another one Thanks for your input. I would appreciate additional information in the new question.

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

I checked the settings which were mentioned in the first answer. Permissions are correct and the appropriate groups (administrators) has been given the right.

Is there some other setting, variable, or permission that may pertain to this problem?

Thanks is advance.

Collapse -

Event Viewer System Logs

by Ann777 In reply to Event Viewer System Logs

Have you tried re-installing the service pack after they gave you the patch for the app?

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

I am closing this question and going to re-open another. Thanks for your input. I would appreciate additional information in the new question.

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

Okay, now the problem is getting WORSE. Now we are unable to open the application log. The only log is the Security log which is accessable by the administrator. Here is a Log message and details. I cannot find anything in the Knowledge Base to point to this problem.

Date: 11/6/2002 Source: Security
Time: 8:26 Category: Object Access
Type: Failure Event I 560
User: Server\Administrator
Computer: server
Object Open:
Object Server: Security
ObjectType: Event
Object Name: \BaseNamedObjects\crypt32LogoffEvent
New Handle I -
Operation I {0,4190261}
Process I 3976
Primary User Name: administrator
Primary Domain: SERVER
Primary Logon I (0x0,0x35E0C
Client User Name: -
Client Domain: -
Client Logon I -
Accesses DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
SYNCHRONIZE
Query event state
Modify event state

Privileges -
-----------------------------------------

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

Point value changed by question poster.

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

The two answers below have been checked / tried but the issue still is troubling us. I have looked in the KB and have not come across any additional information. This really has us baffled.

Collapse -

Event Viewer System Logs

by Rabbit_Runner In reply to Event Viewer System Logs

This question was closed by the author

Collapse -

Event Viewer System Logs

by quintar51 In reply to Event Viewer System Logs

You can try reseting the local security settings for the server by performing the following steps:

1. Open a CMD prompt.

2. Type:

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

3. If you receive a warning message, it can be ignored. See the %windir%\Security\Logs\Scesrv.log file.

Remember to backup before trying this.

regards,

Back to Windows Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums