July 20, 2008

Vista blue screened on a system restore “Event viewer service” error 4201

We found that after doing a system restore on a Vista x64 sp1, it blue screened on startup, however a safe mode boot worked; after enabling msconfig, and disabling all the Symantec modules, the system booted;

Next step was uninstalling Endpoint which failed on the services screen, on further investigation we found that the “event viewer service” was not starting, and was generating a “Error_WMI_Instance_Not_Found 4201 The instance passed was not recognized as valid by WMI data provider”

We found the quickest fix was to boot into repair mode, and rename Repository locate in C:\windows\systems32\wbem\

If this does not work, then

net stop winmgmt

winmgmt /resetrepository

restart computer, event viewer should now be working, Endpoint did not not to be uninstalled.



