0X000019DC

0X000019DC: Log Policy Not Installed – Real Fix

Windows Errors Intermediate 👁 0 views 📅 May 28, 2026

This error hits when Windows can't find a log policy during event logging or backup. It's usually a missing registry key or corrupted policy file.

When This Error Shows Up

You'll see ERROR_LOG_POLICY_NOT_INSTALLED (0X000019DC) in two specific places. First, in the Windows Event Viewer under "System" logs – often after a failed backup or audit policy change. Second, in the command output when running wevtutil or auditpol commands. The exact message says: "The log policy in question was not installed at the time of the request." This happens most on Windows Server 2016 and 2019 after a group policy update or a security template import that didn't complete properly.

Root Cause in Plain English

Windows keeps log policies (like auditing rules and event log sizes) in two places: the registry under HKLM\SYSTEM\CurrentControlSet\Services\EventLog\ and in policy files under %SystemRoot%\System32\GroupPolicy\. When a policy gets corrupted or the registry key goes missing – often after a failed Windows update or a botched security template apply – Windows can't find the policy it's supposed to use. The result? This error. It's not a hardware problem. It's a configuration file that's gone sideways.

The Fix: Step by Step

You'll need administrative rights for all steps. Make sure you're logged in as an admin.

Step 1: Check the Registry Key

  1. Press Win + R, type regedit, hit Enter.
  2. Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
  3. Look for a value named File. It should be %SystemRoot%\System32\Winevt\Logs\Security.evtx.
  4. If that key is missing or the path is wrong, that's your problem.

After you check, close Registry Editor – don't change anything yet.

Step 2: Run a System File Check

  1. Open Command Prompt as Administrator: right-click Start, choose "Command Prompt (Admin)" or "Windows Terminal (Admin)".
  2. Type sfc /scannow and press Enter.
  3. Wait for it to finish – it scans all protected system files. This can take 10-15 minutes.
  4. If it finds corrupt files, it will replace them automatically. You'll see a message like "Windows Resource Protection found corrupt files and successfully repaired them."

After that, restart your computer. Open Event Viewer and check if the error's gone. If not, move to step 3.

Step 3: Re-register the Event Log Service

  1. Open Command Prompt as Administrator again.
  2. Run these commands one at a time, pressing Enter after each:
    3. wevtutil um %SystemRoot%\System32\Winevt\Setup\Application.man
wevtutil um %SystemRoot%\System32\Winevt\Setup\Security.man
wevtutil um %SystemRoot%\System32\Winevt\Setup\Setup.man
wevtutil um %SystemRoot%\System32\Winevt\Setup\System.man
  3. Then re-install the manifests:
    4. wevtutil im %SystemRoot%\System32\Winevt\Setup\Application.man
wevtutil im %SystemRoot%\System32\Winevt\Setup\Security.man
wevtutil im %SystemRoot%\System32\Winevt\Setup\Setup.man
wevtutil im %SystemRoot%\System32\Winevt\Setup\System.man
  4. You should see "Successfully installed" for each manifest.

After this, restart the Event Log service: open Services.msc, find "Windows Event Log", right-click, choose Restart. Then test with wevtutil gl security – it should show the policy config without errors.

Step 4: Restore Group Policy Log Settings (If Step 3 Fails)

  1. Open Group Policy Management Console: type gpmc.msc in Run.
  2. Find the GPO that applies to your machine (usually Default Domain Policy or a custom one).
  3. Right-click it, choose Edit.
  4. Go to: Computer Configuration > Policies > Windows Settings > Security Settings > Event Log.
  5. Double-click each setting (like "Maximum log size for Security") and set it to a valid value. For Security log, I'd set it to 32768 KB (32 MB) as a safe start.
  6. Click OK, then run gpupdate /force in Command Prompt.

After the update, check Event Viewer. This forces Windows to reapply the policy.

Step 5: If Still Broken – Manual Registry Repair

Only do this if nothing else worked. It's the nuclear option.

  1. Open Registry Editor as Admin.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security.
  3. Right-click the Security key, choose Export to back it up.
  4. Delete the Security key entirely. Yes, delete it.
  5. Now run sc config eventlog start= auto in Command Prompt (Admin).
  6. Restart the computer. Windows will recreate the Security key with default values on boot.

After reboot, open Event Viewer. The error should be gone. Your existing Security log history will be lost, but that's better than a broken system.

If It Still Fails

Three things to check. First, make sure your system isn't infected – run a full scan with Windows Defender or Malwarebytes. Some malware wipes event log policies to hide themselves. Second, check if you have any third-party audit software (like Splunk or SolarWinds) that might have changed the policy. Disable it temporarily. Third, look at the Windows Update history. If the error started after a specific KB update, uninstall it via Control Panel > Programs > Installed Updates. Reboot, and see if that resolves it. If none of this works, you're looking at a repair install of Windows – boot from installation media and choose "Repair your computer." That keeps your files but resets system components.

Was this solution helpful?

ERROR_LOG_POLICY_NOT_INSTALLED 0X000019DC fix Windows log policy error event log policy missing audit policy not installed Windows event log error 0x19dc fix event log policy registry fix for log policy Windows Server log policy event viewer error 0x19dc troubleshooting log policy