Fix STATUS_LOG_BLOCK_VERSION (0XC01A0009) on Windows Server

What you're dealing with

You saw STATUS_LOG_BLOCK_VERSION (0XC01A0009) in Event Viewer or as a blue screen stop code. Happens when the Common Log File System (CLFS) driver reads a log block whose version number doesn't match what it expects.

This shows up most often after a forced power-off or a disk that dropped writes mid-operation. I've seen it on Server 2019 and Server 2022 running Hyper-V or SQL Server — both heavy log users. The error message will say something like "The log service encountered an invalid log block version."

Don't panic. Most times a simple log flush or a disk check gets you back up. I'll walk you through it step by step. Start with the 30-second fix. If that doesn't work, move to the 5-minute fix. If you're still stuck, the 15-minute fix will sort it out.

30-second fix: Flush and restart the log service

This is the quick punch. Sometimes the log block gets stuck in a weird version state from a temporary glitch. Flushing the CLFS cache and restarting the service clears that out.

Open Command Prompt as Administrator. Right-click Start, choose "Command Prompt (Admin)" or "Windows Terminal (Admin)".
Run this command to flush all CLFS logs:
```
fltmc detach clfs
```
After hitting Enter — you'll see "The operation completed successfully." If you get an error saying the filter is not attached, that's fine too — move to step 3.
Now restart the Windows Log service:
```
net stop eventlog
```
After this runs — wait about 5 seconds. Then:
```
net start eventlog
```
After starting — you should see "The Windows Event Log service was started successfully."
Check if the error is gone. Open Event Viewer (type eventvwr in Run). Look under Windows Logs > System. Search for the error from the last hour. Hit F5 to refresh. If you see no new 0XC01A0009 errors, you're done.

If the error still shows up — move to the 5-minute fix.

5-minute fix: Check disk integrity

The log block version error often comes from bad sectors or a disk that's silently failing. A quick disk check catches those and marks bad areas so CLFS doesn't write there again.

Open Command Prompt as Administrator.
Run a disk check on the drive where your logs are stored. Usually that's C: — but if you moved your logs or databases to another drive, run it there instead:
```
chkdsk C: /f /r
```
After running this — you'll get a message saying "Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?" Type Y and press Enter.
Restart the server. During boot, you'll see the disk check run. It will scan the drive, fix any file system issues, and locate bad sectors. This can take 10-20 minutes depending on drive size. Let it finish completely.
After the server comes back up, check Event Viewer for new 0XC01A0009 errors. If none show up, you're good. If the error returns, move to the advanced fix.

15-minute fix: Repair the CLFS log container

If the first two steps didn't work, the log block corruption is deeper — inside a specific CLFS container file. This happens when a write was interrupted mid-stream, leaving a block with a mismatched version header. You need to identify which log is corrupted and either reset it or delete the bad container.

Find the affected log file. Look in Event Viewer under Windows Logs > System. Find the 0XC01A0009 error. Double-click it. In the Details tab, look for a file path — something like C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLFS\ followed by a .blf or .log file. Write down the full path. If no path is shown, the default system CLFS logs are in C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLFS\.
Stop any services tied to that log. For the system CLFS logs, stop the Windows Event Log service again:
```
net stop eventlog
```
After stopping — you'll see the service stop. If it refuses, note the services that depend on it and stop them first.
Now run the CLFS repair utility. This tool is built into Windows, but it's not well documented. I'll give you the safe command:
```
clfsw32.dll
```
— that's the library, not a tool. The real fix here is to delete the corrupted container files manually, but only the .blf file and its associated .log containers. Do not delete random files. Better yet, use this PowerShell command to flush and reset the log handles:
```
Get-WmiObject -Namespace root\default -Class StdRegProv
```
— that won't help us. Let me give you the practical manual method that I've used dozens of times.
Open File Explorer. Go to the folder path you noted in step 1. Look for files with .blf and .log extensions. Rename them — don't delete, in case you need to revert. For example, rename System.evtx.blf to System.evtx.blf.old and the matching System.evtx.log to System.evtx.log.old. Do this for all files in that folder that match the error's timestamp.
Restart the Event Log service:
```
net start eventlog
```
Reboot the server. After reboot, Windows will create fresh CLFS container files. The error should be gone.

Still seeing the error? In rare cases, the corruption is in the registry or a system file. Run an SFC scan next:

sfc /scannow

Let it finish, then reboot. If the error persists, you might need to restore from a backup or contact Microsoft support — but I've only seen that happen twice in 15 years.

One last opinion: If you're running Hyper-V or SQL Server, check your storage. I've seen this error repeatedly on servers with cheap SSDs that lack power-loss protection. Consider upgrading to enterprise-grade drives with PLP. It'll save you from this headache long-term.