Skip navigation

JSI Tip 4294. How do I recover from an 'Event Log is full'?

If during startup of Windows XP, Windows 2000, or Windows NT, you receive a pop-up message that says the Event Log is full, you system locks.

If you are unable to change the Startup parameter remotely, you are effectively locked out of your computer.

To recover from this condition:

1. Use the Regedt32, Regedit on Windows XP, on a networked computer to connect to the hung computer by using Registry / Connect, File / Connect on Windows XP, and press OK 2. Select the HKEY_LOCAL_MACHINE hive of the connected computer.

3. Using information from tip 0324, set the Startup of the EventLog service to Manual, by navigating to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog and setting the Start value name, a REG_DWORD data type, to 3.

4. Use Registry / Close, File / Disconnect on Windows XP, to disconnect from the hung computer.

5. Use PsShutdown to shutdown the hung computer.

6. Upon restart, rename the full event log (.evt file) at %SystemRoot%\System32\Config.

7. Use the Services applet to set the Startup of the EventLog service to Automatic.

8. Open a CMD prompt and type net start eventlog and press Enter.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.