Menu
I am working on application which logs to a custom event log. Application was recently rebranded, and the name of event log has changed (from "CompanyA Events" to "CompanyB Events"). The name(s) of event log sources ("Subsystem1", "Subsystem2", etc) did not change. Application installer removes the old log entries from registry and writes the new ones.
I noticed, that in some environments (happens a lot on 2008 R2) the logging stops, and no events are being written. Sometimes events are actually written to the OLD evtx file, which was supposed to be removed. Following fixes the problem:
Latter action cannot be achieved using SCM because of access denied, even though I'm an administrator. However, killing the process works, and I cam start the "Windows Event Log" service, after which event logging works normally.
Question: how do I re-initialize event log service without killing process or rebooting the machine? Is there some sort of documented or undocumented call, which I could use to signal event log service that it should re-read its configuration?
487
Start Windows Log Service On the Services menu, navigate to the Windows Event Log service. Right-click on the Windows Event Log service and click on Start. In case the service is already running, click on Restart. You might also be prompted for the administrator password, enter it accordingly.
Just for the record, as this is an old question: I had this problem also, and Christo's comment has put me into the path for the solution:
psexec -s net stop schedule (so, I stopped the task scheduler service with the system account),psexec -s net start schedule. Way to go.You may need to download psexec from Microsoft.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
