On ServiceDesk 7.0 installations, the Event logs on the server will eventually become corrupted. This is due to the projects that make up ServiceDesk having a unique application name each time they are started. This means that each time one of the projects loads it also creates a unique entry in the Application Event log registry key as a source. It has been noted that due to excessive amounts of these Registry Keys, clients have noticed severe performance issues e.g. High CPU and Memory usage within their ServiceDesk environment.
You can verify that the Event Logs have been corrupted by viewing the event logs on a ServiceDesk server you see Security event log types in the Application Event logs or System Event logs then the event logs are corrupt.
Furthermore, you can run the following command to get a count of how many Registry Keys have been created:
REG QUERY "HKLM\System\CurrentControlSet\Services\EventLog\Application" /f /LM/
Excessive amounts of Registry Keys located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\Eventlog\Application
Correcting this issue involves two basic steps; deleting the entries added by ServiceDesk to the Application event log key in the registry and deleting the corrupt event log files.
The keys in the registry that need to be deleted in the registry start with /LM/ and can be found under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\Eventlog\Application in the registry. By the time the event logs are corrupt there will be many thousands of keys starting with /LM/ in this location. Deleting these keys one at a time is not generally feasible. There are third party programs that will allow deletion of multiple registry keys at once. One of the tools I have used with a customer is called Registry Finder and is made by a company called Acelogix.
(http://www.acelogix.com/regfinder.html) This is a fairly simple utility that comes with a 30 day evaluation and does not require registration to download or use. Please note that this tool seems to have issues when deleting more than 2000 keys at once.
Once the keys have been deleted, then MS KB 172156 needs to be followed to delete the EVT files. (http://support.microsoft.com/kb/172156)
After both steps have been followed, the event logs will be rebuilt automatically and will log correctly.
NOTE: This issue is scheduled to be fixed in the upcoming ServiceDesk 7.0 MR5 release. In the meantime once you have implemented the above steps you can apply the ServiceDesk 7.0 MR4 Pointfix, which will also fix the issue.
Please contact Support to gain access to the MR4 Pointfix