Error message when you try to view events in an event log on a Windows Server 2003 SP1-based computer: "The event log file is corrupt"

Article translations Article translations
Article ID: 888133 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario. On a Microsoft Windows Server 2003 Service Pack 1 (SP1)-based computer, you open and view the properties of the first event in an event log. Then, you click the UP ARROW button in the event properties to move to the last event. In this scenario, you receive the following error message:
The event log file is corrupt.
Note This error message is displayed to help you avoid access violations.

Additionally, the cache is discarded during the restoring process. If the cache is successfully discarded, you receive the following message:
This log file is updated during a log reading process.
For example, you may experience this issue when you view events in the Security log.

CAUSE

This issue occurs when event logs are frequently updated in Event Viewer. When frequent updating occurs, arbitrary events are logged in the event log. Event Viewer tries to display other event files by moving the access pointer in an event file. When arbitrary events are logged, event log files are updated or overwritten by the new entries. In this scenario, the other events in the event log try to reference the relative location of the pointer. However, the relative information is lost.

WORKAROUND

To work around this issue, close and then reopen Event Viewer. When you do this, the event log entries are refreshed and are displayed correctly. For more information about how to view and manage event logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
308427 How to view and manage event logs in Event Viewer in Windows XP

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about Event Viewer related issues, click the following article number to view the article in the Microsoft Knowledge Base:
899416 You receive a "The event log file is corrupt" error on a computer that is running Windows Server 2003 SP1 about Event Viewer related issues, an x64-based version of Windows Server 2003, or Windows XP Professional x64 Edition

Properties

Article ID: 888133 - Last Review: September 15, 2006 - Revision: 1.2
APPLIES TO
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Keywords: 
kbharmony kberrmsg kbfix kbexpertiseinter kbtshoot kbbug KB888133

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com