question

SimoneFerrari-1808 avatar image
0 Votes"
SimoneFerrari-1808 asked LiuJY-4904 answered

Windows Server 2012 R2 - Windows Event Log fails to start with error 1314: a required privilege is not held by the client

Today our server had some issues where we lost a bunch of printers from "Devices & Printers".

We rebooted the server but that didn't help and instead we got a warning triangle on the network connection icon, server went into "Public network location" which means network sharing is off.

A bunch of services are also not starting (Network location awareness, Remote access connection manager and others) and after digging and looking at the dependency chain of services, it seems the root cause is the event log service not starting.

Sure enough, it isn't. In fact, the "Windows Event Log" service was totally missing from the services list. I have no idea why it disappeared.

I re-created it using this:

sc create eventlog binpath="C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted" type=share start=auto error=normal group="Event Log" tag=no obj= "NT AUTHORITY\LocalService" DisplayName="Windows Event Log"

It now correctly appears in the services list but it won't start with the error 1314: a required privilege is not held by the client

I checked permissions in "C:\Windows\System32\winevt" folder and "Logs" subfolder. Everything seems ok (same as another server we have)
I checked permissions in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog and subkeys. Everything seems ok (same as another server we have).

I also run SFC /scannow and it came back with nothing.

I don't know if fixing the event log issue will fix the other issues we're facing, but I need to fix this first and then I'll see.

UPDATE ***

I have since rebooted the server and now "Windows Event Log" service will not start but with a different error: 2 - The system cannot find the file specified


Any help/suggestions?

Thanks a lot in advance.

windows-server
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Unfortunately, I may meet the same trouble with you, after auto-updating system this morning.

I can't open the "Windows Event Log", with the error "2 - The system cannot find the file specified", causing the network service to be broken.

Waiting for some helpful ideas, and thanks in advance, too.

0 Votes 0 ·
LiuJY-4904 avatar image
0 Votes"
LiuJY-4904 answered

Finally, I reset my system. It helped.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered LiuJY-4904 commented

Might try deleting all the EVTX files in case of corruption, reboot.

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·

Thanks for the reply. I will try this today.

0 Votes 0 ·

I have tried this but does not help.

0 Votes 0 ·