Error message when you try to view events in an event log on a Windows Server 2003 SP1-based computer: "The event log file is corrupt"

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
Consider the following scenario. On a Microsoft Windows Server 2003 Service Pack 1 (SP1)-based computer, you open and view the properties of the first event in an event log. Then, you click the UP ARROW button in the event properties to move to the last event. In this scenario, you receive the following error message:
The event log file is corrupt.
Note This error message is displayed to help you avoid access violations.

Additionally, the cache is discarded during the restoring process. If the cache is successfully discarded, you receive the following message:
This log file is updated during a log reading process.
For example, you may experience this issue when you view events in the Security log.
This issue occurs when event logs are frequently updated in Event Viewer. When frequent updating occurs, arbitrary events are logged in the event log. Event Viewer tries to display other event files by moving the access pointer in an event file. When arbitrary events are logged, event log files are updated or overwritten by the new entries. In this scenario, the other events in the event log try to reference the relative location of the pointer. However, the relative information is lost.
To work around this issue, close and then reopen Event Viewer. When you do this, the event log entries are refreshed and are displayed correctly.For more information about how to view and manage event logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:
308427 How to view and manage event logs in Event Viewer in Windows XP
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the "Applies to" section.
More information
For more information about Event Viewer related issues, click the following article number to view the article in the Microsoft Knowledge Base:
899416 You receive a "The event log file is corrupt" error on a computer that is running Windows Server 2003 SP1 about Event Viewer related issues, an x64-based version of Windows Server 2003, or Windows XP Professional x64 Edition
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 888133 - Last Review: 01/16/2015 01:36:32 - Revision: 1.0

Microsoft Windows Server 2003 Service Pack 1

  • kbnosurvey kbarchive kbharmony kberrmsg kbfix kbexpertiseinter kbtshoot kbbug KB888133