We found that after doing a system restore on a Vista x64 sp1, it blue screened on startup, however a safe mode boot worked; after enabling msconfig, and disabling all the Symantec modules, the system booted;
Next step was uninstalling Endpoint which failed on the services screen, on further investigation we found that the “event viewer service” was not starting, and was generating a “Error_WMI_Instance_Not_Found 4201 The instance passed was not recognized as valid by WMI data provider”
We found the quickest fix was to boot into repair mode, and rename Repository locate in C:\windows\systems32\wbem\
If this does not work, then
net stop winmgmt
winmgmt /resetrepository
restart computer, event viewer should now be working, Endpoint did not not to be uninstalled.
http://www.vistax64.com/tutorials/110886-event-viewer-error-4201-a.html
I researched several forums and none of the suggestions worked. So I compared the folder permissions to c:\windows\system32\logfiles\wmi\RTbackup to a working machine. Navigate to RTbackup properties and check security settings. It requires SYSTEM – full control. I added this permission and rebooted PC to fix the issue. I can now access my event viewer.
Comment by Susan Eubanks — June 30, 2009 @ 3:34 pm |