Many companies do hardening of servers to make sure they are protected from any known vulnerabilities. It is important to test all the application in test server before doing hardening. Let us learn about how to fix Eventlog Service not starting.
Recently, one of my existing clients contacted me and informed that they are not able to start SQL Server Agent Service after running a hardening script. Without wasting much time, I joined the session with them and started looking at the logs.
I asked to start SQL Server Agent from configuration manager. It failed with an unhelpful error message
The request failed or the service did not respond in a timely fashion. Consult the event log or other applicable error logs for details.
When I checked the LOG folder, there was no SQLAgent.out generated. I thought of checking the event viewer and found below the message.
But is that related to SQL Server Agent startup issue? I ran the SQLAgent executable in console mode using below command
SQLAGENT.EXE" -i SQL2016 -c -v
This failed with an error:
The EventLog service has not been started
2017-08-03 09:24:45 – ?  SQLServerAgent terminated (normally)
When I checked “Windows Event Log” Service, it was stopped, and I was unable to start it. I was getting access denied error when trying to start.
Windows could not start the Windows Event Log service on Local Computer. Error 5: Access is denied.
I used Process Monitor tool and found that we had “Access Denied” on C:\Windows\System32\winevt\Logs\System.evtx file. This is the System Event Log. When we checked the properties, we found “Read-only” was checked which was not the case with other machines.
As soon as we removed the checkbox, we were able to start SQL Server Agent service.
Have you ever encountered such issues due to hardening? Please share via comments.
Reference: Pinal Dave (https://blog.sqlauthority.com)