For me, I had run through a series of hardening of the server and I found that the Windows Event Log service would no longer start.
After trying a series of other attempted fixes, like clearing out the existing logs from: %SystemRoot%\System32\Winevt\Logs, as well as making sure the permissions on the folder were ok.
There was a suggestion to use Process Monitor(procmon), so I tried starting the service, worked out what PID it was then filtered the view by that PID. I saw the PID was attempting to traverse a set of Registry Keys which were showing as NOT FOUND.
The full key was: HKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog
I checked the registry and this contained a set of Keys for Application, Security and System. For me these then only contained an entry for Retention.
Which got me thinking, does this even need to be here?
I deleted the Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\EventLog then tried to start the Windows Event Log service and BAM! worked straight up 🙂