"Event viewer cannot open the event log or custom view. Verify that the event log service is running or query is too long. Access is denied" when we try to open up the security logs on some of the domain controllers with the domain admin account.
To fix this problem automatically, click the Fix this problem link. Then click Run in the File Download dialog box, and follow the steps in this wizard.
Microsoft Fix it 55046
Note This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
Note If you are not on the computer that has the problem, you can save the automatic fix to a flash drive or to a CD so that you can run it on the computer that has the problem.
Note We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.
1) Checked NTFS permissions for C:\Windows\System32\winevt\Logs - Eventlog User has full control
2) Checked HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security - Eventlog has no permissions there.
3) Granted "NT service\EventLog" read permissions in HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security. (You have to do this by selecting the local computer account by clicking on "locations".
4) Reopened Event Viewer and confirmed that we can now read the security logs.