Many users report that they cannot start Windows Event log service error 4201. What causes the Event log service error 4201, and how to get rid of the error? This post of Partition Magic analyzes the possible causes of the error and offers corresponding solutions.

Why You Cannot Start Windows Event Log Service Error 4201

After viewing extensive user reports in many forums, I found that the Event Viewer error 4201 often occurs when trying to start the event log service. The main reason for the issue is related to a malfunctioning WMI provider. In addition, the issue can be caused by a corrupted RtBackup folder and conflicting software.

How to Fix the Event Log Service Error 4201

Don’t worry. I summarized 6 proven solutions for the Event log service crashing error 4201. Try them one by one until you get out of trouble.

Solution 1. Rename or Delete the RtBackup Folder

Lots of users from the answers.microsoft.com forum reported that the Event Viewer error 4201 can be solved by renaming or deleting the RtBackup folder in Safe Mode. Here are the detailed steps:

Step 1. Boot your computer into Safe Mode.

Step 2. Press the Win + R keys to open the Run dialog box, type cmd in it, and press Ctrl + Shift + Enter at the same time. Then click Yes to open Command Prompt as an administrator.

Step 3. In the pop-up window, type the following commands in order and hit Enter after each one to rename or delete the RtBackup folder.

  • cd C:\Windows\System32\LogFiles\WMI
  • rename RtBackup RtBackup2
rename the RtBackup folder

Step 4. Switch to the normal state from Safe Mode and reboot your computer to see if the “Event log won’t start error 4201” gets solved. If not, you can try deleting the folder by running the “del RtBackup” command.

Solution 2. Take Full Control of the RtBackup Folder

If you can’t rename or delete the RtBackup folder, you can try changing the permissions of the folder. For that:

Step 1. Open your File Explorer and navigate to the following path:

C:\Windows\System32\LogFiles\WMI\RtBackup

Step 2. Right-click the RtBackup folder and select Properties.

Step 3. Navigate to the Security tab and click Advanced.

Step 4. Click Change, input your user name in the box, and click Check Name > OK.

click Check Names in select User or Group

Step 5. Click Apply > OK to save the change in the Advanced Security Settings for RtBackup window. Then you can rename or delete the folder to check if the Event log service crashing error 4201 is gone.

Solution 3. Restart the Windows Event Log Service

If the Windows Event Log service is not running properly, you may encounter the “Event log service error 4201”. Let’s follow the guide below to restart the service.

Step 1. Type services in the search box and select Services under best match.

Step 2. Scroll down the list of services to Windows Event Log, right-click it, and select Restart.

restart Windows Event Log service

Solution 4. Repair System Files

System file corruption is one of the main reasons for the “cannot start Windows Event log service error 4201”. To rule out the factor, you can repair system files using SFC or DISM.

Step 1. Open the elevated Command Prompt window as I showed in Solution 1.

Step 2. Input the sfc /scannow command and hit Enter. Then wait patiently until the process is complete.

run SFC scan

Step 3. Once completed, you can continue to run the DISM commands below to repair system files. Then check if the “Event log won’t start error 4201” disappears.

Solution 5. Use Registry Editor

Some users from the Microsoft forum found that the Event ID 4201 error can be solved by changing the Registry key related to the WMI provider. Let’s have a try.

Step 1. Press the Win + R keys to open the Run box, input regedit in it, and hit Enter. Then click Yes.

Step 2. Locate the following path via the left navigation bar.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger

Step 3. Find the Start DWORD under the Autologger path and set its value data to 0.

change Start value data to 0 in Registry Editor

Step 4. Restart your PC and see if you can rename or delete the RtBackup folder to fix Event ID 4201. If it is, you can revert the previous change you made to the Start DWORD.

Solution 6. Perform a System Restore

If the Event Viewer error 4201 occurred recently after you made changes to the system, you can try performing a system restore to revert your system to an earlier state. This can undo the recently made changes and help the Windows Event Log service back to its normal state.

Further reading: Is it tricky to create a system image on Windows? MiniTool ShadowMaker can easily create a system image and revert your computer to an earlier state. What’s more, it can back up files, folders, partitions, disks, and operating systems and sync data on Windows.

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

Bottom Line

Now, you should know the possible causes of the “Event log won’t start error 4201” and how to get rid of the error. Hope the information above is clear and thorough for you.

  • linkedin
  • reddit

About The Author

Ariel
Ariel

Position: Columnist

Ariel has been working as a highly professional computer-relevant technology editor at MiniTool for many years. She has a strong passion for researching all knowledge related to the computer's disk, partition, and Windows OS. Up till now, she has finished thousands of articles covering a broad range of topics and helped lots of users fix various problems. She focuses on the fields of disk management, OS backup, and PDF editing and provides her readers with insightful and informative content.

User Comments :