Reinitialize Windows Event Log service without reboot

Question

I am working on application which logs to a custom event log. Application was recently rebranded, and the name of event log has changed (from "CompanyA Events" to "CompanyB Events"). The name(s) of event log sources ("Subsystem1", "Subsystem2", etc) did not change. Application installer removes the old log entries from registry and writes the new ones.

I noticed, that in some environments (happens a lot on 2008 R2) the logging stops, and no events are being written. Sometimes events are actually written to the OLD evtx file, which was supposed to be removed. Following fixes the problem:

• reboot machine
• restart "Windows Event Log" service

Latter action cannot be achieved using SCM because of access denied, even though I'm an administrator. However, killing the process works, and I cam start the "Windows Event Log" service, after which event logging works normally.

Question: how do I re-initialize event log service without killing process or rebooting the machine? Is there some sort of documented or undocumented call, which I could use to signal event log service that it should re-read its configuration?

Answer 1

Just for the record, as this is an old question: I had this problem also, and Christo's comment has put me into the path for the solution:

• using psexec -s net stop schedule (so, I stopped the task scheduler service with the system account),
• I then was able to restart the eventlog service.
• Once restarted, I just used again psexec -s net start schedule. Way to go.

You may need to download psexec from Microsoft.