You are the first person that has reported that it did not work to build new sysevent.evt,
secevent, & appevent.evt
1.) Disable Event log in Services
2.) Delete appevent.evt, sysevevn.evt, & secevent.sys
(They are located %SystemRoot%\WINNT\System32\config\<file>.evt)
3.)Reboot
4.)Set Event log in Services to Automatic
5.) Reboot
6.)Check Event Viewer for all three logs
That should work unless you have others troubles such as virus, worm, backorifice,
trojanhorse, other corrupted area.
The next thing I suggest is to go to a command prompt to do this
SFC /SCANNOW & CHKDSK /R/F
The next thing I suggest is to do a repair of W2K
1.)Change BIOS 1st boot device to CD
2.)Insert CD into tray.
3.)Restart booting with CD
4.)Choose to Install
5.)When prompted choose "Repair"
If that doesn't get it, get ready to format and clean install
Backup all data, favorites, addressbook, fonts, media, internet dialup settings, internet
broad band settings, write down drivers intalled now in device manager, preferences in apps,
..ini files from IRC, look for any other data files, or setting files.
To wipe the drive some ways include; boot a win98 startup disk, run fdisk and
delete all partition information found (as long as NTFS is primary). Or boot
the Windows 2000 CD-Rom or setup disks and when you get to the point, delete
the existing NTFS and or other partitions found, then abort the install. Or use
a utility named delpart. Then boot the Win98 CD-Rom to start your install.
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt31/i386/reskit.exe
**BEFORE STARTING**
======================
Print or save instructions. Read through a couple times. If something is unclear, please ask
someone that knows. Make notes concerning internet connections, other instructions needed
(such as how to import and export favorites and address books). Make note as you go, so that
when you get ready to do a clean install again, you can refresh your memory. When asking
questions, please learn and use proper information to receive the help you need. Keep all data
and software free of dust and any foodstuffs. You may not need all of these instructionsk
tools, or materials,but it's difficult to outguess teh knowledge and skill level that fits
everyone.
**PREPARATION SECTION**
======================
TO BEGIN:
-RULE -If it ain't broke, don't fixit.
-RULE -Spiral pad, good notes, date, set time to work.
-RULE -No interruptions.
-RULE -Suspend all rules for spouse.
BE PREPARED
) (a good mood)
-Gather all of your software, including the "key" numbers
-Get current drivers for all Hardware (incl. Bios for MoBo)
-Get all tools (include static strap, flashlight, magnifying glass,compressed air, soft
eraser, etc.)
-Get all materials (Screw Drivers, pliers, electrical tape,
From Experience the Hard Way. (Not learning enough from others wisdom, and not being fully
prepared before starting)
*REMOVE - ALL data, Favorites, Bookmarks, Address book, mIRC ini files, images,
ToDoLists, Music, DVD's, fonts, Media, etc.
*Always make sure you are static equal. (wear protection[static strap], or touch PSupply
case with power OFF, but plugged in)(before working in the box)
NOTE: Don't need a course to complete a clean install, but to keep your frustration level
down, it's worth lining your ducks up in a row before beginning.
To help, you might just want to start by doing the following:
-Print Instructions, and follow them. (Or use Murphy's Law)
-Print or Write out Hardware list. (MoBo, CPU, RAM, HDD, Floppy, CD-ROM, Video, Audio,
Modem, LAN, etc.)
-Allow 30 minutes quiet time after each time you work to recover.
======================
**FDISK SECTION**
======================
TO FDISK OR NOT:
-New HDD - YES
-Basic Partition - YES
-OS Upgrade - Usually
-regular FORMAT: NOT necessary
-Required Min. HDD Space -(10gig W2KSP4+IE6+OE6)(2gig NTSP6)(500meg ME,98se,98fe)(300meg
95b,95,3.11)
*Note - Double minimum HHD space, if a separate partition is used for OS and applications.
===========
===========
FDISK Tips: Option 4 looks at present partitions, press Esc.; Option 3 "only" to delete
partitions.
Delete order - NON-DOS,Logical,Extended, and finally Primary; use Exc. to exit.
Option 1 - Create Basic partition for OS and data on one drive.
Option 1 - Create ONE Primary partition for two or more partitions.(multiple Primaries
needed only to add Linux, etc.)
===========
===========
How to FDISK:
-Boot system with 98se Bootdisk (
www.Bootdisk.com)
-At A:\ prompt type FDISK, enter.
-Choose "Y" for "large disk" for 95b,98se,ME,NT4,W2K,XP (enables FAT32)
-Use "Basic" for a single partition (Primary Active partition)
-Set Primary active to "adequate size" (Logical, and extended can be resized)
-Press "Esc."
-Power down with switch.
{Note: You run FDISK, just to look, like first time, "without changes", with no adverse
effect; use Esc. to exit}
(There four choices in FDISK; you can take a look at them w/o fear of screwing up. Just don't
delete anything)
===========
===========
FRESH INSTALL is BEST, if "DATA" NOT NEEDED.
-ERASES EVERYTHING- (within DOD standards)
*You probably don't need to FDISK, unless the current HDD has "multiple" partitions.
*If it does, Boot from 98se bootdisk, type FDISK, press ENTER, use Basic partition (one
partition only for everything).
*Shutdown the power.
To erase the HDD, you Format the HDD.
======================
**Format Section**
======================
Format the Hard Disk:
*You can use your hard disk only after FORMAT. -->(New HDD or after FDISK)
Format as follows:
1. Boot computer into WS-DOS using your Boot Disk. (
www.bootdisk.com)
2. At the "A" prompt (A:\) type the following:
format c: /u /c /s (assume "c:\" <drive letter>)
Command Legend:
/u= Unconditional Format - ignores deleted cluster fragments
/c= Re-tests currently marked bad clusters for recovery
/s= Transfers necessary system files so disk can boot
3. Type "Y" for yes, press Enter to proceed with format.
4. Once format is complete, type a volume label if you want one and press ENTER.
===========
===========
How to Install 98se
http://www.basichardware.com/how_tos.html
===========
How to Install Win-ME
http://www.windowsreinstall.com/indexwinme.htm
===========
How to install W2K
http://www.techtv.com/screensavers/answerstips/jump/0,24331,3346825,00.html
===========
If you have any problems
http://support.microsoft.com/default.aspx?scid=kb;EN-US;277552
===========
===========
Fresh Install W2K
**Note: For a Clean Install of W2K w/SP4, IE6 w/OE6, and a normal amount of applications on
one partition, allow "10 gig" min. for your OS partition, unless you intend to
make it a "basic" partition.
To remove/change partitioning use a Win98 boot disk in Command Prompt:
type "FDISK" ...and remove all partitions
Shutdown Power(turn computer OFF)
Fresh install w/o changing or after setting the partitions:
Boot with Win2000 or XP Boot disks into Command Prompt:
"type" format c: /u /c /s -->follow prompts
Command Legend:
/u= Unconditional Format - ignores deleted cluster fragments
/c= Re-tests currently marked bad clusters for recovery
/s= Transfers necessary system files so disk can boot
Restart with Win2000/XP startup disks and it will walk you through the install.
Incomplete as it's going to be.
Under this is another little outline to help with installation.
You might want to read through it.
Note: Extra material for after install
Setting Group Policy to Complex Password Requirements
http://support.microsoft.com/default.aspx?scid=kb;en-us;225230&Product=win2000
If it is not mentioned prior it is manditory to do the following:
Install a AVP and use it correctly
Install a firewall (hardware or software) and use it correctly
Install Privacy ware (i.e. Ad-aware) and use it correctly
Install anti-malware (i.e. SpyBot-S&D) and use it correctly
Also suggest the on Clean Install after OS installed, Drivers Updated, Windows Udate
performed, and I.E&O.E. installed, Make a Ghost or Disk Image ISO to make the Clean Install
process take far less time. Save a copy on HDD, and one to an external storage source.
Install all applications and update each at the appropriate sites.
I hope this has given some light to the replacement of the files into working order.
Namely appevent.sys, secevent.evt, & sysevent.sys
good computing,
don
=-=-=-=-=-=-=-=--=-
Good day all. Don was kind enough to answer my post
and I did as he said. It did not work for me. I will be
opening a case with Microsoft today and will let you all
know what the solution is if any. Stay tuned....
-----Original Message-----
I'm not so blessed, but I have rebuilt the files, helped about 100 more do it.
Ad so far, haven't had any complaints.
If you would like for me to share, I do so gladly.
Go to
Services stop and disable Event log (right click
MyComputer > d/c Management > d/c Services >
right pane d/c Services > d/c Event log > change to disabled > OK out
Do a search for *.evt, and delete sysevent.evt, secevent.evt, and appevent.evt
or add.old to the end, if you are not so sure about deleting.
They are located %SystemRoot%\Winnt\System32
\config\ said:
Reboot and the new files will be generated.
If you renamed instead of deleting, search for *.old and nukem.
Go back to Services and restart Event log and set to Automatic.
You should be good to go.
There have been too many with this problem for it to be a coincidence. It's an
infection, hack, or one of the hotpatches causing it.
good computing,
don
------------
I have seen some previous postings regarding similar issues. The responses
(ableit *none* from Microsoft) indicated that the following is a
post-Service Pack problem with Windows 2000:
Security and System logs appear normally.
Selecting the Application log results in:
1) Events are NOT visible in the Application Log. Clicking in the log
highlights what are (apparently) entries in the log, but
no detail is visible. Double-clicking does NOT bring up the detail
message box for an event.
2) The System and Security log entries are no longer visible after
attempting to view the Application log.
3) If the Event Log is saved and cleared, the saved log is not viewable and
attempting to open it renders all logs
unviewable.
4) Exiting the Event viewer and reopening allows viewing of the Security and
System logs *until* one attempts to view the
Application log. Once the application log is opened, results 1) and 2)
are repeated.
5) Clearing the event logs and rebooting refreshes all three logs for an
indefinite period. This resolves the immediate
problem, but does not prevent a recurrence.
We have seen these issues on two different post-SP4 boxes. We have not
tested deleting and rebuilding the event logs (MS has a KB article for
deleting the logs using Safe Mode startup. I feel confident that deleting
and rebuilding would only be a temporary correction and NOT a permanent fix.
Anybody from Microsoft have any hard information regarding these issues and
whether MS has it/them listed as a known issue? If so, is there any
information on an expected *resolution* date?
.
You will need to rebuild Event log files.
Go to Services and disable Event log
Do a search for *.evt, and delete sysevent.evt, secevent.evt, and appevent.evt or
add.old to the end.
They are located %SystemRoot%\Winnt\System32\config\<file>.evt
Reboot and the new files will be generated.
If you renamed instead of deleting, search for *.old and nukem.
Go back to Services and restart Event log and set to Automatic.
You should be good to go.
There have been too many with this problem for it to be a coincidence. It's an
infection, hack, or one of the hotpatches causing it.
good computing,
don
--------------
Recently the event viewer for Applications stopped
displaying entries. The top of the screen says X amount
of events however the entire box is blank. There is no
filter set. The system log will show events however after
I click on Applications the system log will go blank
also. I can click within the box where the events are
supposed to be and I get an individual highlight bar as if
an entry has been selected. However there is no text.
About the same time the PING command stopped working when
shelling out to DOS. I have to change to the
WINNT\SYSTEM32 directory for PING to work. Whereas before
it didn't matter what directory I was in when I ran PING.
Something has changed and I don't have a clue what it
could be. The only things that get installed are Critical
Updates. However the same updates are installed on other
servers and they are not having these problems.
Any suggestions would be greatly appreciated.
