Summary
When trying to expand, view or create Custom Views in Event Viewer, you may receive the error, "MMC has detected an error in a snap-in and will unload it." and the app may stop responding or close. You may also receive the same error using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.
Workaround
To work around this issue, copy and paste the following function into a PowerShell window and run it. You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views. You will need to re-enter the function each time you open a new PowerShell window. Note The get-EventViewer function will only allow you to view previously defined Custom Views. To create new Custom Views, see Creating Get-WinEvent queries with FilterHashtable.
function get-EventViewer {
Write-Output "List of custom views on the machine"
Write-Output ""
Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
Write-Output ""
$view_name = Read-Host "Enter the name of custom view to execute"
# Get the file name of the view
$ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))
}
Next Steps
This issue is now resolved for all platforms in the following updates:
-
KB4501375 LCU for Windows 10, version 1903.
-
KB4501371 LCU for Windows 10, version 1809 and Windows Server 2019.
-
KB4503288 LCU for Windows 10, version 1803.
-
KB4503281 LCU for Windows 10, version 1709.
-
KB4503289 LCU for Windows 10, version 1703.
-
KB4503294 LCU for Windows 10, version 1607 and Windows Server 2016.
-
KB4507458 LCU for Windows 10, version 1507.
-
KB4503283 Preview of Monthly Rollup for Windows 8.1 and Windows Server 2012 R2.
-
KB4508773 Update for Windows 8.1 and Windows Server 2012 R2 for customers using Security-only updates.
-
KB4503295 Preview of Monthly Rollup for Windows Server 2012 and Windows Embedded 8 Standard
-
KB4508776 Update for Windows Server 2012 and Windows Embedded 8 Standard for customers using Security-only updates.
-
KB4503277 Preview of Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1.
-
KB4508772 Update for Windows 7 SP1 and Windows Server 2008 R2 SP1 for customers using Security-only.
-
KB4503271 Preview of Monthly Rollup for Windows Server 2008 SP2.
-
KB4508774 Update for Windows Server 2008 SP2 for customers using Security-only.
Affected updates
The following latest cumulative update (LCU), Monthly Rollups and Security Only released on June 11, 2019 for the affected platforms may experience this issue:
-
KB4503293 LCU for Windows 10, version 1903.
-
KB4503327 LCU for Windows 10, version 1809 and Windows Server 2019.
-
KB4503286 LCU for Windows 10, version 1803.
-
KB4503284 LCU for Windows 10, version 1709.
-
KB4503279 LCU for Windows 10, version 1703.
-
KB4503267 LCU for Windows 10, version 1607 and Windows Server 2016.
-
KB4503291 LCU for Windows 10, version 1507.
-
KB4503276 Monthly Rollup for Windows 8.1 and Windows Server 2012 R2.
-
KB4503290 Security-only update for Windows 8.1 and Windows Server 2012 R2.
-
KB4503285 Monthly Rollup for Windows Server 2012 and Windows Embedded 8 Standard
-
KB4503263 Security-only update for Windows Server 2012 and Windows Embedded 8 Standard-
-
KB4503292 Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
-
KB4503269 Security-only update for Windows 7 SP1 and Windows Server 2008 R2 SP1
-
KB4503273 Monthly Rollup for Windows Server 2008 SP2
-
KB4503287 Security-only update for Windows Server 2008 SP2