How to Troubleshoot Windows Errors Using Event Viewer
Event Viewer is a component of Microsoft's Windows NT line of operating systems that lets administrators and users view the event logs on a local or remote machine. The Event Viewer is a Microsoft Management Console (MMC) snap-in.
One of the first tools you should use is the Event Viewer to see what’s causing the problems on your computer.
Let’s examine Event Viewer, both in Windows XP and in Windows 7 (the Vista/8/8.1 and Windows 10 versions of Event Viewer is almost identical to the version in Windows 7), to see what we can do with this amazing utility.
Windows XP Event Viewer -- You can find Event Viewer in the Administrative Tools applet in the Control Panel. You can also open the Event Viewer by executing the Eventvwr.msc command, from Run dialog box and from Command Prompt.
By default, Event Viewer has three sections: Application, Security, and System.
Each of these sections stores certain types of events, as described next.
Application -- As the name implies, the Application section stores events specific to applications. There are three types of events recorded: Errors, Warnings, and Information. Errors, marked with a red X, are the most serious, reflecting events that prevent the application from working properly. Warnings, marked with an exclamation point over a triangle, are for events that aren’t preventing the application from running but may do so in the future. Information events are merely record keeping, letting you know that a program, driver, or service ran successfully.
Security -- Records events that Microsoft calls audits. Audits record anything to do with security, such as the number of logon events. All audits are listed as either successful or failed.
System -- The System section is similar to the Application section in that you have Errors, Warnings, and Information, but the events listed here are specific only to the operating system.
When something goes wrong with Windows, it’s common for techs to turn to Event Viewer first. Let’s say an application fails to load. A common use for Event Viewer is to view the application to see what happened.
Double click any log in Event Viewer to view that event log properties sheet.
One very cool feature of Event Viewer is that you can click the link to take you to the online Help and Support Center at Microsoft.com, and the software reports your error, checks the online database, and comes back with a more or less useful explanation.
Details about to be sent.
Help and Support Center being helpful.
Event Viewer might reveal problems with applications failing to load, a big cause of Windows loading problems. It might also reveal problems with services failing to start. Finally, Windows might run into problems loading DLL's. You can troubleshoot these issues individually or you can use System Restore tool to load a restore point that predates the bugginess.
Windows Vista, 7, 8, 8.1 and Windows 10 Event Viewer -- Windows Vista/7/8/8.1 and Windows 10 adds an easy-to-use interface to Event Viewer. Opening Event Viewer (Control Panel --> System and Security --> Administrative Tools --> Event Viewer) below screenshot of Windows 7 Event Viewer shows you a very different interface from the one you’ve seen in Windows XP. You can also open the Event Viewer by executing the Eventvwr.msc command, from Run dialog box and from Command Prompt.
Windows 7 Event Viewer default screen.
Note the four main bars in the center pane: Overview, Summary of Administrative Events, Recently Viewed Nodes, and Log Summary. Pay special attention to the Summary of Administrative Events. It breaks down the events into different levels: Critical, Error, Warning, Information, Audit Success, and Audit Failure.
You can then click any event to see a dialog box describing the event in detail. Microsoft refers to these as Views. Windows 7’s Event Viewer still includes the classic logs you saw in Windows XP (Application, Security, and System) but leans heavily on Views to show you the contents of the logs.
You can use Event ID: number and Source: name to research internet for more information and solution about any event.
Above screenshot shows event log with Event ID: 1001 and Source: Windows Error Reporting use any search engine, I recommend Google and Bing search engines, type: Event ID 1001 Windows Error Reporting into search engine to research more information for this event.
Searching through event logs for evidence of a particular event can be like looking for a needle in an event log haystack, especially if it’s not immediately obvious whatever event log you should be checking for. You might suspect that an event has occurred and has even been logged, but you might not be sure what evidence exists of that event within the event log. I found that the clearing the event logs can help me found a particular event by clearing the logs and restarting the computer will start creation of new fresh event logs. You can clear event logs by right clicking each events and select "Clear Log".
You can also use the batch script attached to this tutorial to delete all event logs automatically.
Windows 7’s and later versions of Windows Event Viewer remains largely untouched in terms of the data collected, but Microsoft did a great job of making that data much easier to understand and use.
One of the first tools you should use is the Event Viewer to see what’s causing the problems on your computer.
Let’s examine Event Viewer, both in Windows XP and in Windows 7 (the Vista/8/8.1 and Windows 10 versions of Event Viewer is almost identical to the version in Windows 7), to see what we can do with this amazing utility.
Windows XP Event Viewer -- You can find Event Viewer in the Administrative Tools applet in the Control Panel. You can also open the Event Viewer by executing the Eventvwr.msc command, from Run dialog box and from Command Prompt.
By default, Event Viewer has three sections: Application, Security, and System.
Each of these sections stores certain types of events, as described next.
Application -- As the name implies, the Application section stores events specific to applications. There are three types of events recorded: Errors, Warnings, and Information. Errors, marked with a red X, are the most serious, reflecting events that prevent the application from working properly. Warnings, marked with an exclamation point over a triangle, are for events that aren’t preventing the application from running but may do so in the future. Information events are merely record keeping, letting you know that a program, driver, or service ran successfully.
Security -- Records events that Microsoft calls audits. Audits record anything to do with security, such as the number of logon events. All audits are listed as either successful or failed.
System -- The System section is similar to the Application section in that you have Errors, Warnings, and Information, but the events listed here are specific only to the operating system.
When something goes wrong with Windows, it’s common for techs to turn to Event Viewer first. Let’s say an application fails to load. A common use for Event Viewer is to view the application to see what happened.
Double click any log in Event Viewer to view that event log properties sheet.
One very cool feature of Event Viewer is that you can click the link to take you to the online Help and Support Center at Microsoft.com, and the software reports your error, checks the online database, and comes back with a more or less useful explanation.
Details about to be sent.
Help and Support Center being helpful.
Event Viewer might reveal problems with applications failing to load, a big cause of Windows loading problems. It might also reveal problems with services failing to start. Finally, Windows might run into problems loading DLL's. You can troubleshoot these issues individually or you can use System Restore tool to load a restore point that predates the bugginess.
Windows Vista, 7, 8, 8.1 and Windows 10 Event Viewer -- Windows Vista/7/8/8.1 and Windows 10 adds an easy-to-use interface to Event Viewer. Opening Event Viewer (Control Panel --> System and Security --> Administrative Tools --> Event Viewer) below screenshot of Windows 7 Event Viewer shows you a very different interface from the one you’ve seen in Windows XP. You can also open the Event Viewer by executing the Eventvwr.msc command, from Run dialog box and from Command Prompt.
Windows 7 Event Viewer default screen.
Note the four main bars in the center pane: Overview, Summary of Administrative Events, Recently Viewed Nodes, and Log Summary. Pay special attention to the Summary of Administrative Events. It breaks down the events into different levels: Critical, Error, Warning, Information, Audit Success, and Audit Failure.
You can then click any event to see a dialog box describing the event in detail. Microsoft refers to these as Views. Windows 7’s Event Viewer still includes the classic logs you saw in Windows XP (Application, Security, and System) but leans heavily on Views to show you the contents of the logs.
Information
By default, Event Viewer stores logs as .evtx files in the C:\Windows\System32\winevt\logs folder.
You can use Event ID: number and Source: name to research internet for more information and solution about any event.
Above screenshot shows event log with Event ID: 1001 and Source: Windows Error Reporting use any search engine, I recommend Google and Bing search engines, type: Event ID 1001 Windows Error Reporting into search engine to research more information for this event.
Searching through event logs for evidence of a particular event can be like looking for a needle in an event log haystack, especially if it’s not immediately obvious whatever event log you should be checking for. You might suspect that an event has occurred and has even been logged, but you might not be sure what evidence exists of that event within the event log. I found that the clearing the event logs can help me found a particular event by clearing the logs and restarting the computer will start creation of new fresh event logs. You can clear event logs by right clicking each events and select "Clear Log".
You can also use the batch script attached to this tutorial to delete all event logs automatically.
Windows 7’s and later versions of Windows Event Viewer remains largely untouched in terms of the data collected, but Microsoft did a great job of making that data much easier to understand and use.