KB972999

On a computer that is running Windows Vista or Windows Server 2008, you cannot use Event Viewer to open an event log. Additionally, you receive an error message that resembles the following:

Event Viewer cannot open the event log or custom view. Verify that Event Log service is running or query is too long. The data is invalid (13).

When this problem occurs, if you run a customer application that uses the Windows Event Log application programming interface (API) to read the contents of the event log (.evtx) files, the application fails and you receive the ERROR_INVALID_DATA error message.

Note: By default, .evtx files are located under the following directory:

%SystemRoot%\System32\Winevt\Logs

Leave a Reply