Could not initiate the EventLog Service for the key 'MSSQLSERVER', last error code is 5. Startup error: Unable to initialize error reporting system (reason: 5) in cluster
Hi everyone, I have come across following issue and wanted to share resolution with you.
When you install Sql Server 2008 on to windows 2008 cluster, sql server agent might fail with following error message and resource may not become online.
SQL Agent:
2011-10-25 11:44:48 - ! [241] Startup error: Unable to initialize error reporting system (reason: 5)
2011-10-25 11:44:48 - ? [098] SQLServerAgent terminated (normally)
You may get similar error message in Sql Server Error logs as well.
SQL Server:
2011-10-25 10:49:48.31 Server Error: 17156, Severity: 16, State: 1.
2011-10-25 10:49:48.31 Server initeventlog: Could not initiate the EventLog Service for the key 'MSSQLSERVER', last error code is 5.
2011-10-25 10:49:48.31 Server Microsoft SQL Server 2008 R2 (RTM) - 10.50.1600.1 (X64)
Apr 2 2010 15:48:46
Copyright (c) Microsoft Corporation
Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
It seems issue is more related about access problem to security event log.
when I execute Wevtutil on failing machine and compare it with working machine:
Failing Machine:
C:\Users\!hardinb1>Wevtutil gl application
name: application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(D;;0xf0007;;;AN)(D;;0xf0007;;;BG)(A;;0xf0005;;;SY)(A;;
0x5;;;BA)(A;;0x1;;;S-1-5-21-2680824871-1255999119-832436803-429284)
logging:
logFileName: %SystemRoot%\System32\Winevt\Logs\application.evtx
retention: false
autoBackup: false
maxSize: 52428800
publishing:
fileMax: 1
“Wevtutil gl application”
On working machine:
name: application
enabled: true
type: Admin
owningPublisher:
isolation: Application
channelAccess: O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
logFileName: %SystemRoot%\System32\Winevt\Logs\application.evtx
retention: false
autoBackup: false
maxSize: 52428800
publishing:
fileMax: 1
They are different, so on failing machine, I have executed following command to roll back permission to original state:
wevtutil sl application /ca:O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
Then tried to bring sql server agent online and it worked! One thing you need to remember, if these settings were overwritten by policies, you will get same error on next reboot! 
Please check with your AD team for policy comparison.
If you have any questions, please contact me.
Thanks
Kagan
Comments
- Anonymous
June 02, 2015
This works! :) Thanks.. Any suggestions on what how we can give the AD team a headsup on what to start with. The SQL agent seems to have the permissions and Windows rights and privileges as required.