Jump to content

Error in Event Viewer


Recommended Posts

Apparently, one of the Windows updates is causing corruption of the Access Control List (ACL's) in the registry. Possibly entire sections of the registry nodes lost the ACL'S.

While I was researching the problem, I came across a website where someone had a similar problem with getting windows OS programs/services to run and they discovered that there was some registry corruption and missing ACL's.

There are two different options that I ended up doing to get the system back in operation.

It seems that running one or the other alone will not fix the problem, but doing both should get you back in service.

Make a backup of your registry (and a complete backup of the system wouldn't hurt either!)

Go to Microsoft's website and download a program called subinacl.exe from this site; http://www.microsoft.com/downloads/details...;displaylang=en

Install the subinacl.exe (it downloads as an MSI file).

Copy the code below into a text file and then name the text file reset.cmd.

I copied the command file to my temp folder to run, but as you can see from the cmd file, it contains the path to the executable subinacl.exe.

@echo off

title Resetting ACLs...

cd /d "%ProgramFiles%\Windows Resource Kits\Tools"

echo.

echo Resetting ACLs...

echo (this may take several minutes to complete)

echo.

echo ==========================================================================

echo.

echo.

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f

echo.

echo.

subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f

echo.

echo.

subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f

echo.

echo.

echo System Drive...

subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f

echo.

echo.

echo Windows Directory...

subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f

echo.

echo.

echo ==========================================================================

echo.

echo FINISHED.

echo.

echo Press any key to exit . . .

pause >NUL

3. As this command file runs it will show you the status of the reset and create a log that you can go back into and inspect for problems.

4. When this command file completes, you then need to open a command window (using Run As Administrator) and run the following command;

secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose >c:\temp\secedit_output.txt (the redirect of output echos the programs output to a text file, but secedit also creates a log file. The program will show you the location of the log file when it is done).

These two actions combined will reset the permissions on the registry nodes back to their default settings.

Reboot and check your Event Log service... at this point it should be running.

After effects of this process which happened to me, were that the Network List Service would not run... I still had network and internet access, however the Network icon in the task notification area had a Red X, and mouse over displayed a tooltip that said "Server Execution Failed". This was a result of resetting the ACL's.

The Network List Service (netprofm) would not run because it did not have permission to run.

In order to correct this issue, you must open the Component Services snap-in and drill down under Computers/My Computer/DCOM Config/netprofm (this is for Vista!) and right click the node, and select Properties.

Click on the Security tab and make certain the correct user names are listed and that they have the appropriate permissions. I have 4 users listed with the same permissions; (your mileage may vary )

Administrators - Perms; Local Launch, Local activation

Interactive

Local Service

System

Next, go to the Identity tab and ensure that The System account (services only) is the item that is checked. Make sure the changes you make get applied

Restart your computer so the ACL's are refreshed.

Once you come back up from the reboot, things should be pretty much back to normal.

You may find a stray program here and there that may need to have it's permissions reset, but you should be operational.

I directed the Microsoft engineers to this forum (and Goggle search it) so they can see this is getting to be an issue for a lot of people. They in fact have a brand new case (same problem) that was just escalated to them and they are going to take an Image of that persons system first thing so they can determine what is causing this, and if necessary put out a hotfix or service pack to correct it.

In the meantime, if you run into anyone else going through this problem, at least there was one solution that worked for me...

I cannot guarantee that this will work for everyone and the issue may effect each machine differently, so just be aware that this is not the blue pill!

I think that because the Registry database is so critical to the operation of Windows, Microsoft engineers should have some sort of utility that can repair and/or reset the registry and file permissions easily should something happen...

I personally believe that this should be part of the base operating system and we should not have to shell out extra bucks to third party vendors for these type of utilities, particularly if the registry is prone to corruption either by Microsoft's own hands or by a third party application.

I am not knocking third party programmers as I am one myself, I am just saying that this is Microsoft's OS and they should provide these easily accessible tools to keep us running!

Good Luck!

Link to comment
Share on other sites

Hi N1K

I have done action 1 and part of action 2 (as it took ages to do the secedit, I ctrl-c it)

I have set the security option for the Network List Service.

Still there is no sound, network icon crossed and with the error "Not enough storage is available to complete this operation"

Do I really have to redo action 2? How long should it take? Last time it took more than 12 hours.

Thanks.

Link to comment
Share on other sites

I have done action 1 and part of action 2 (as it took ages to do the secedit, I ctrl-c it)

I have set the security option for the Network List Service.

Do I really have to redo action 2? How long should it take? Last time it took more than 12 hours.

I cannot understand how it could take you more then 12 hours :o

But seriously, try to follow EACH step FULLY, (don't think like "Oh, that's PROBABLY not important, but it's most likely is).

And then come with some screenshots, or some information, like what you get after that step ... :)

Good Luck ;)

Link to comment
Share on other sites

  • 1 year later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...