I'm getting a problem with errors in the event log: Source: EvntAgnt Event ID: 3007 Desc: Error opening event log file ForwardedEvents. Log will not be processed. Return code from OpenEventLog is 1338. There is an event viewer log in the list called "ForwardedEvents" but I get an error when I click on it: "Unable to complete the operation on "ForwardedEvents" The security descriptor structure is invalid." I found a question similar to this in another thread however it was posted in the wrong forum so no answers. Running Windows Server 2003 Standard. Not aware of any forward/collector events running on this server or any other in the domain, however it looks like this is a custom event forward created. Found the article on event viewer wecutil (http://msdn.microsoft.com/en-us/library/bb870973(v=vs.85).aspx) however unsure how to debug. Found the location of the eventvwr log in reg: HKLM/System/CurrentControlSet/Services/Eventlog/Forwarded Events - but no reference to any forwards or permissions etc. Permissions on the .evt file is the same as others which are viewable.

Hi 1) I took a backup of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security branch 2) Checked the following HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\ForwardedEvents (Specifically drilling down to the event log having issues) 3) Inside this branch the "CustomSD" (REG_SZ) key was empty 4) Placed the following entry in this key: O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;0x5;;;BA) (copied from another eventlog customSD entry) 5) Found reference to this string @ http://support.microsoft.com/kb/323076 6) Cleared "Application" eventlog 7) All working without any errors. Many Thanks for your help.