Solved

Circular kernal context logger failed to start

Posted on 2014-03-13
8
5,176 Views
Last Modified: 2016-11-23
I get the following error when I logoff, then logon when a session is running (I do not get it at startup or restart):

"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"

Details: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
  <EventID>2</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>2</Task>
  <Opcode>12</Opcode>
  <Keywords>0x8000000000000010</Keywords>
  <TimeCreated SystemTime="2014-03-13T15:45:13.392580000Z" />
  <EventRecordID>263</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="52" />
  <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
  <Computer>MN-PC</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData>
  <Data Name="SessionName">Circular Kernel Context Logger</Data>
  <Data Name="FileName" />
  <Data Name="ErrorCode">3221225525</Data>
  <Data Name="LoggingMode">268436608</Data>
  </EventData>
  </Event>

Again, I get this only when I logoff/logon during s session.

I've tried every suggestion mentioned in many forums, including this, which is also in the knowledge base here:

"To fix the "fail to start" error, find the following file in the %windir%\panther\ folder:
setup.etl
and rename it to
setup.old
It can stay in the \panther\ folder.
Reboot and all is done!"

This works, but do I need a "setup.etl" file in the system folder? Renaming it and rebooting does not produce a new setup.etl file.

I checked the performance monitor and the Circular Kernal Context Logger is in fact running when the error occurs...and I should add that each error appears 20 times in the log in half second intervals.

On one forum someone suggested that the error occurs because at logon/logoff during a session the CKCL is indeed running, and the act of logging off somehow tries to start what is already started. In one forum someone suggested going to the registry:

"This has nothing to do with SID. the ETW logger is already running. Open regedit.exe, go to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger and set the value "Start" to "0."

I have not attempted that fix.

Again, do I need setup.etl in %windir%\panther\? Renaming it to setup.old obviously eliminates it...and the 20 Kernal EventTracing errors in the event log. But what is the missing file doing to my system?

Finally, anyone know what the heck is causing this and is there a real fix instead of the dozen workarounds, only one of which seems to work so far. Thank you.

On a WIN7Pro/64 Dell 980
0
Comment
Question by:normanml
  • 4
  • 4
8 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 39927750
I even investigated this error, all the arrticle you read can be true or false, dependend from the source. To get rid of it, you can really disable the trace as you stated, or just to ignore it if it is not too annoying.
I decided for the moment to ignore it.
0
 

Author Comment

by:normanml
ID: 39928222
I made a copy of the original settings.etl and stored it in a temp folder. I just opened it in event viewer. All the entries in it are from June 2010. Is it the contents of settings.etl that's causing the kernal errors? What would happen if I created a new settings.etl file in a plain text editor?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39929314
setup.etl is a event log file. You can even open it from the event log to see what is inside and if it is readable. At the end the file is created during setup.

If you delete it, it schould be recreated with the next reboot...
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:normanml
ID: 39929531
Bembi: I've read before that the system is supposed to recreate setup.etl on next boot, but if you rename it setup.old, it does NOT recreate a new .etl file. And a number of people on a number of forums have said they had the same experience. No new .etl was created. Any ideas why? Thanks.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39929690
The log is written from the windows setup. So possibly it comes back if you change the system, i..e add a new feature etc.
0
 

Author Comment

by:normanml
ID: 39946499
What about using notepad or another plain text editor to create it? What is or logging that I might need.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 39951613
If you want to create it, sure. I guess there is just no need. The recreation of most of the files happens if they are accessed. And as this is a setup log file, I would imagine, it is only accessed during windows installation.
You might try to change something in the system configuration, (role / features) to see if it is recreated. As long as you do not get any error in the eventlog, I can not see a reson to create a empty one.
If you cahnge something in the roles / features setup and it throws an error, recreate it. In the meanswhile, move the file to a different directory.
0
 

Author Closing Comment

by:normanml
ID: 39951635
Sound advice. Thanks.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question