cannot start event log service access denied

Cannot start event log service access denied

Event viewer cannot open the event log access is denied (5)

Issue: 

You are Getting error while opening Event viewer as follows: Event viewer can not open the event log or custom view. Verify that event log service is running or query is too long. Access is denied (5). this error is coming while I open all event logs which are under 'Applications & Service logs' as well as 'Setup' logs under 'Windows logs'. Also half of the log category which are under 'Microsoft>Windows'.

In Windows server 2008 we are not able to start the "Windows Event Log service"

Below is the Error displaying while restarting the service.

Windows could not start the Windows event log service on local computer. Error 5: Access is Denied

Resolution:

GUI Method

Change NTFS permission of  %WINDIR%\System32\WinEvt\Logs directory add Local Service and Network Service, give them FULL access.

Start event viewer service by running following command through elevated CMD (Run as Administrator)

net start eventlog

CLI Method

Run following commands sequentially from elevated cmd (Run As Administrator)

ICACLS C:\Windows\System32\winevt\logs /grant "LOCAL SERVICE:(OI)(CI)(F)" "NETWORK SERVICE:(OI)(CI)(F)"

net start eventlog

If Above doesn't work - One last solution is to backup all log files with extension .evtx to some other location or delete them, backing up them on some other location is smart move. 

Moving all .EVTX Files/all files from c:\windows\system32\winevt\logs Folder to another location in case they are required in future for audit. 

I could start the service once i cleared my LOGS Folder.

Hope this helps.

Thanks.