Microsoft KB Archive/888133

= Error message when you try to view events in an event log on a Windows Server 2003 SP1-based computer: &quot;The event log file is corrupt&quot; =

Article ID: 888133

Article Last Modified on 9/15/2006

-

APPLIES TO

 Microsoft Windows Server 2003 Service Pack 1, when used with:  Microsoft Windows Server 2003, Standard Edition (32-bit x86)

 Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)

 Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) 

-

<div class="symptoms_section">

SYMPTOMS
Consider the following scenario. On a Microsoft Windows Server 2003 Service Pack 1 (SP1)-based computer, you open and view the properties of the first event in an event log. Then, you click the UP ARROW button in the event properties to move to the last event. In this scenario, you receive the following error message:

The event log file is corrupt.

Note This error message is displayed to help you avoid access violations.

Additionally, the cache is discarded during the restoring process. If the cache is successfully discarded, you receive the following message:

This log file is updated during a log reading process.

For example, you may experience this issue when you view events in the Security log.

<div class="cause_section">

CAUSE
This issue occurs when event logs are frequently updated in Event Viewer. When frequent updating occurs, arbitrary events are logged in the event log. Event Viewer tries to display other event files by moving the access pointer in an event file. When arbitrary events are logged, event log files are updated or overwritten by the new entries. In this scenario, the other events in the event log try to reference the relative location of the pointer. However, the relative information is lost.

<div class="workaround_section">

WORKAROUND
To work around this issue, close and then reopen Event Viewer. When you do this, the event log entries are refreshed and are displayed correctly. For more information about how to view and manage event logs in Event Viewer, click the following article number to view the article in the Microsoft Knowledge Base:

308427 How to view and manage event logs in Event Viewer in Windows XP

<div class="status_section">

STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information about Event Viewer related issues, click the following article number to view the article in the Microsoft Knowledge Base:

899416 You receive a &quot;The event log file is corrupt&quot; error on a computer that is running Windows Server 2003 SP1 about Event Viewer related issues, an x64-based version of Windows Server 2003, or Windows XP Professional x64 Edition

Keywords: kberrmsg kbfix kbexpertiseinter kbtshoot kbbug KB888133

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.