Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Event Log


  • This topic is locked This topic is locked
26 replies to this topic

#1 jc2823

jc2823

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 18 October 2011 - 12:38 PM

I followed "etavares's" extremely helpful problem resolution thread here: http://www.bleepingcomputer.com/forums/topic403048.html

The service that I found to be causing my 30+ minute boot times is the "Windows Event Log". When disabled, my Toshiba Windows 7 laptop boots in less than a minute.

Any solutions for this issue? Need additional information?

Thanks!

BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 18 October 2011 - 04:34 PM

From the thread you linked to:

Posted 29 June 2011 - 10:24 PM Hello, I have noticed some improvement.

1:33 seconds to get to loging screen
1:50 for desktop to load
2:37 for firefox to load



What's happened between June 29 and today that caused your power on to desktop to go from 1:50 (Fair for a desktop) to "my 30+ minute boot times" and HOW did you determine this is being caused by the "Windows Event Log" service?

Please fill in the blanks, help us help you!

Edit to add: I just noticed that the thread you lnked was not yours--you "followed" it...

Anyhoo, disabling Windows Event Log is a REALLY BAD idea from what I read on Black Viper's system config guide (probably the best on the net) that was in the thread that you followed...

Edited by Union_Thug, 18 October 2011 - 04:58 PM.


#3 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 18 October 2011 - 04:54 PM

http://www.blackviper.com/2010/12/17/black-vipers-windows-7-service-pack-1-service-configurations/

Windows Event Log

This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

IOW, DANGER Will Robinson...DANGER...

Additional Information

Take note: Manual updates via Windows Update Version 6 web site still requires Windows Update, Cryptographic Services, Background Intelligent Transfer Service, and Windows Event Log to be running. Place all four in automatic if you do not wish to update manually. In addition, I recommend that you change the default time of 3 AM, for the automatic checking of updates, to a time when the system is "normally" on. Otherwise, Windows Update will check upon boot which may slow down the boot process.

What other service require Windows Event Log to function properly:

Message Queuing
Message Queuing Triggers
Net.Msmq Listener Adapter
Task Scheduler
Windows Event Collector

Task Scheduler

Default Description

Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

DANGER Will Robinson...DANGER...

Windows Event Collector

Default Description

This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.

Edited by Union_Thug, 18 October 2011 - 04:56 PM.


#4 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 18 October 2011 - 05:02 PM

Correct. I know that this is not a service that I want disabled. However, enabling it causes the significantly increased boot time. And, when it actually boots I get the notification popup in the lower right hand corner that states:

Failed to connect to a windows service. Windows could not connect to the "System Event Notification Service" service.....

I have not found any literature online that discusses what could be causing this particular problem or if there is a way to reinstall or update it. All I can dig up is articles that tell to to use the Event Viewer to figure out problems. Difficult when this is what I have disabled!!!

#5 LucheLibre

LucheLibre

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:07:05 PM

Posted 18 October 2011 - 10:14 PM

Were there error or warning events in the log before you shut it down?

Edited by LucheLibre, 18 October 2011 - 10:15 PM.

If it looks like I know what I'm doing, there's a pretty good chance the only reason for that is because
I once asked someone to run chkdsk /r and a BC Advisor smacked me in the back of the head.

~ LL ~


#6 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 18 October 2011 - 10:23 PM

Just for kicks n giggles, check & report the status in services.msc of the COM+ Event System & COM+ System Application services.

#7 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 08:19 AM

I know that there were errors...but did not view them prior to stopping the service.

Apologize for the ignorance...how do I check and report the status in services.mcs?

#8 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 19 October 2011 - 09:25 AM

I know that there were errors...but did not view them prior to stopping the service.

Apologize for the ignorance...how do I check and report the status in services.mcs?

No worries, I'm no expert myself lol. There's several ways but this is probably the easiest//most accessible:

Open the Control Panel (All Items View)>>Click on the Administrative Tools icon>>click on Services
Click on Continue (yes?) in the UAC prompt (if enabled)
Right click on the service you want to check>>>click Properties

COM+ Event System should be set to Automatic and Started as in the screenshot attd:

COM+ System Application should be set to Manual (I believe)

Edited by Union_Thug, 19 October 2011 - 09:39 AM.


#9 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 09:38 AM

Sorry...I was there. Thought I was looking for something more. Both of them are set as you indicated above.

#10 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 19 October 2011 - 10:03 AM

Without knowing what error are in your event viewer (from before it was disabled) this will be...impossible to diagnose, IMO. There are 3rd party tool to do so I would imagine...NirSoft comes to mind. Perhaps it would be better if I went no further here, I have some ideas what to do but lack the expertise needed to confidently suggest them. I'll message a Moderator/Staff member to have a look here.

In the meantime there's some info you should provide.

Version of 7 Home, prem, Ult, 32bit 64bit etc...
SP 1 installed/not installed?
Have you run CHKDSK and or SFC Scannow commands?
Anything new or different (hardware/software/etc...) since the machine ran "normally"?
Anything you've done to try and correct this?

Lots more that don't come to mind...use your imagination lol.

Good luck, I'll be following this thread.

#11 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 10:16 AM

I just reset some of the Windows Event Log "on error" properties, started the service and restart. I will post the event log if I am able to review it when it reboots in 30 minutes! :)

Family members computer.

Details from memory.

Windows Home Premium 64bit
Service Pack 1 just recently installed (yesterday I believe) once I was able to get the computer to boot
No...for both the scans asked about above.

This has been a very long battle that began with removal of several malware/viruses from the computer. Using the likes of SpyBot, Malwarebytes, AdAware, HijackThis, etc. The virus had shut down internet access and was preventing me from downloading many of the previously mentioned programs updates. Eventually was able to remove what I believe was the source. Norton Security (uugghh) was also installed and causing problems. Once I was able to uninstall this and use the Norton tools to completely remove the software, I was able to browse the internet again.

Finally after restarting about 45 times, discovered that the WEL was the service causing me issues. Enable all other services except WEL and began downloading the Windows updates. Finally believe I have this computer running really well minus this last issue. I am sure in an attempt to fix this particular issues, I will either break or create another laundry list of issues to tackle!!!!!!!!!!!

#12 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:06:05 PM

Posted 19 October 2011 - 10:26 AM

ROFL @ "laundry list"

I sent a PM to a moderator asking for staff to come by & have a look...I see a "sfc /scannow" and/or a repair install in your not too distant future :whistle:

EDIT TO ADD: Do you/does the family member have any installation Media? Actually installing SP 1 may come back & "bite" you in either of these regards...

I'll be watching from the sidelines...:lmao:

Edited by Union_Thug, 19 October 2011 - 10:30 AM.


#13 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 11:22 AM

Just finally booted up and opening Event Viewer....it is stilllllllll thinking.

I have him digging for it....no luck yet.

#14 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 11:30 AM

Not sure what to regurgitate back here from the Event Log. Let me know if there is a description you would like to see that I am missing.

#15 jc2823

jc2823
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 19 October 2011 - 11:31 AM

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{FC65DDD8-D6EF-4962-83D5-6E5CFE9CE148}" />
<EventID>23</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>100</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000020000</Keywords>
<TimeCreated SystemTime="2011-10-19T16:24:39.784441600Z" />
<EventRecordID>155722</EventRecordID>
<Correlation />
<Execution ProcessID="372" ThreadID="3924" />
<Channel>System</Channel>
<Computer>Lidge-PC</Computer>
<Security UserID="S-1-5-19" />
</System>
- <UserData>
- <InitChannelLoggingFailure xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
<Error Code="1117" />
<ChannelPath>Microsoft-Windows-HomeGroup Provider Service/Operational</ChannelPath>
</InitChannelLoggingFailure>
</UserData>
</Event>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users