Event ID 21 — Private Channel Configuration
Applies To: Windows Server 2008 R2
.jpg)
Each event channel has configuration settings, such as the maximum size of the log and the custom security descriptor specified by the administrator for the log. The events that refer to the maximum size of the log serve as indicators for how the service dealt with the log when it reached its maximum size. The operation of the service is not affected, but an event can indicate to the administrator the configuration setting that might require a change.
Events that report problems with an event log security descriptor are more significant. They can indicate that the desired security settings are not be set correctly and the channel is more or less accessible than intended by the administrator.
Event Details
| Product: | Windows Operating System |
| ID: | 21 |
| Source: | Microsoft-Windows-Eventlog |
| Version: | 6.1 |
| Symbolic Name: | INIT_CHANNEL_CONFIG_ERROR |
| Message: | The event logging service encountered a configuration-related error (res=%1) for channel %2. The error was encountered while processing the %3 configuration property. |
Resolve
Remove or correct the security descriptor
All logs use the default access control, unless a custom access property is set on the log. This property is set using Security Descriptor Definition Language (SDDL). Event 21 is published if the SDDL string is incorrect. To fix the problem, remove or correct the SDDL string.
To update the security descriptor on a log file, locate the file in the file system, right-click the file and select Properties, and then click the Security tab. Edit the list of groups and users who can access the log, and grant or deny the specific permissions for each user and group. The path to an event log file in the file system can be found by locating the log in the Event Viewer and reading the value of the Log path property for the log.
Verify
To verify that the log full condition (event 6000) is cleared, use the Event Viewer to read the System log of the local computer and look for the latest event 6000. This event must be followed by events 105 or 104 to indicate that the condition is cleared and that the log is accepting events.
In order to verify that the bad SDDL condition (event 21) is cleared, use the Event Viewer to read the System log of the local computer after the computer has been restarted and verify that event 21 did not appear in the System log after the system was restarted.