Usually after an OS upgrade or possibly a major system corruption and repair, event viewer will start throwing up a message when you go into certain “query” views such as the “Custom Views\Administrative Events”. Usually this is because a component that event viewer was configured to monitor no longer exists in the upgraded OS.
One or more logs in the query have errors The system cannot find the file specified The events displayed are partial results
This is usually because an element of the query for the logs is no longer part of the system or is corrupted to the point it can no longer be read.
(If you are seeing this on a standalone Exchange server when opening “Custom Views\Microsoft Exchange with Database Availability Group Events” then check this post instead)
If the queried event log is no longer relevant, the simplest thing is to just remove it from the Event viewer and hence any queries trying to use it.
NOTE: This is a quick and dirty fix, so use at your own risk. Recommended to back up any registry keys before deleting just in case.
- Open Regedit.exe
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels
- Find the sub-key that matches the “log” entry in the error message and delete it
- eg. Microsoft-Windows-DxpTaskRingtone/Analytic
Event viewer should now open without those pesky log errors.