One of our readers faced a problem where the Windows Event Log failed to start, and as a result, a couple of other services failed as well. Attempting to start the Windows Event Log service manually via the Services MMC resulted in error 4201. The complete error message is provided below:
Windows could not start the Windows Event Log service on Local Computer.
Error 4201: The instance name passed was not recognized as valid by a WMI data provider.
And the following errors popped up when opening the Event Viewer and Task Scheduler.
Event Log service is unavailable. Verify that the service is running.
Task Scheduler service is not available. Task Scheduler will attempt to reconnect to it.
Upon checking the Event Log service registry key and values, they were intact. Eventually the problem turned out to be the incorrect permissions for the C:\Windows\System32\LogFiles\WMI\RtBackup directory. The SYSTEM group needs full control permissions for the directory only then the Windows Event Log service would start. Thanks toAlexzhu for sharing the solution here. Note that we didn’t have to rename or delete the RtBackup directory.
Fixing the Permissions for RtBackup Folder in Windows 7 and Windows Vista
1. Start Windows in Safe mode
2. Open the “C:\Windows\System32\LogFiles\WMI” folder
3. Right-click on the RtBackup folder and choose Properties
4. Click the Security tab, and click the Edit button.
5. Click Add
6. Type SYSTEM and hit ENTER
7. Enable “Full control” Permission to “Allow”
8. Click OK, and then click Yes when asked for confirmation.
9. Restart Windows (in Normal mode), and verify if the Windows Event Service has started.
Thus The error was fixed in easy manner.