DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 967856 - Last Review: February 12, 2009 - Revision: 1.1

Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
When you use Windows Vista Event Viewer to examine logfiles collected on earlier clients such as Windows XP or Windows Server 2003, those events are in a wrong order and the sources are missing. This occurs because the new design of the Windows Vista event formats. Vista uses the new evtx format that introduces several new event objects that do not match earlier resource dlls.

Resolution



To view earlier event logs under Vista, you will need at least Windows XP or Windows Server 2003 clients as resource. To read the log files in the format that was used, follow these steps:

1. Register legacy Event Viewer snap-in (els.dll) from XP or Windows Server 2003:

regsvr32 els.dll

Note After registration, the MMC Add and Remove Snap-ins list shows the Classic Event Viewer option.

   a. Open mmc.exe.

   b. Locate Add and Remove Snap-ins, and then add Classic Event Viewer to the console root.

   c. Click New Window from Here, and then save as ClassicEventViewer.msc.



2. Convert the earlier .evt files to .evtx format. To do this, follow these steps:

   a. Use the Vista built-in tool wevtutil.exe. set wevtutil epl eventlog.evt eventlog.evtx /lf:true.

Note: wevtutil is located in windows\system32 directory.

   b. Rename the .evtx to .evt by using the following command:

rename eventlog.evtx eventlog-x.evt.

3. Start Classic Event Viewer with the following command:

mmc /a ClassicEventViewer.msc /auxsource=\\computername

Note: The /auxsource name is given UNC format: /auxsource=\\computername (!), not as documented /auxsource=computername.

You should be able to see XP-style formatted events after you follow these steps.

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Keywords: 
kbnomt kbrapidpub KB967856
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support