"Cannot eventlog service on computer '.'."

I've put at least 15-20 hours into this, and at a loss. When I right-click computer and click manage on Windows 7 VM, I get this error before compmgmt.msc comes up, and of course, you cannot view eventlogs.

This VM is cloned with sysprep (persistent, non-linked-clone) and joins our domain. Originally, when it's in the computers container, we used to get this error, and the solution was to move the computer object into the appropriate OU. Now, that doesn't solve the problem.

I can REMOTE manage with my account (I'm not a domain admin, but have some additional privileges as being part of the Help Desk / Desktop Support group).

If I log in with my account onto the VM locally, it doesn't work. Local admin... doesn't work.

It only works as a Domain Admin account. My guess is that domain admins bypass policy.

I've tried a TON of stuff. Currently, and it will be replaced, we use Microsoft Forefront Endpoint Protection and Lumension as well. Even if I uninstall these and run gpupdate /force, restart, I still have the problem.

Any advice? Yes, the template was removed from the domain before it was shutdown... I even ran a gpupdate /force to ensure it cleared out policies and double-checked with RSOP.

Anyone ever seen this? I've also tried deleting policy reg keys, as well as:
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"

I've been working off of a Vanilla Windows 7 Ent x64 build, built directly from the ISO in VMware, and then added to our domain. There is no 3rd party security software on it. Basically, just SP1 and VMware Tools.

Is that really the full text of the error?

It seems like it is missing a word which is quite odd. At first I was thinking about the name being '.' but then I remembered that would likely be the local computer so it shouldn't be anything with a naming issue. Does this happen to other machines in the same OU if you create a new VM? I am wondering if there is a GPO that is causing issues. Can you create another OU and block inheritance? If so, you might want to try that and then link each GPO one by one until you find the offending GPO.

With it being a clean machine, I would think that if it isn't any issue before it is joined to the domain that it could be a problem with a GPO that is being applied causing an issue.

mbentley said:

Is that really the full text of the error?

Code:

"Cannot eventlog service on computer '.'."

It seems like it is missing a word which is quite odd. At first I was thinking about the name being '.' but then I remembered that would likely be the local computer so it shouldn't be anything with a naming issue. Does this happen to other machines in the same OU if you create a new VM? I am wondering if there is a GPO that is causing issues. Can you create another OU and block inheritance? If so, you might want to try that and then link each GPO one by one until you find the offending GPO.

With it being a clean machine, I would think that if it isn't any issue before it is joined to the domain that it could be a problem with a GPO that is being applied causing an issue.

Click to expand...

Yes, that's the full text of the error. This always happens to Windows 7 (not XP) VMs once they are added to the domain and dropped into the Computers container. When you move it out into the appropriate OU and then restart, the problem USED to be solved. There have been a lot of changes here lately for our Windows 7 migration, so I've no idea what the cause may be, but this problem started say a week ago where all new VMs have this issue.

If I log in as a domain admin, it's fine. If you look in services.msc, the "Windows Event Log" service is not even there, but it's there only if you log in as a domain admin. Events are still being logged, since you can remote manage and see them.

I will try what you asked; unfortunately, I don't have that kind of access in AD, so I can't do it myself.