Circular kernal context logger failed to start
I get the following error when I logoff, then logon when a session is running (I do not get it at startup or restart):
"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"
Details: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Ke
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2014-03-13T15:
<EventRecordID>263</EventR
<Correlation />
<Execution ProcessID="4" ThreadID="52" />
<Channel>Microsoft-Windows
<Computer>MN-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SessionName">Circula
<Data Name="FileName" />
<Data Name="ErrorCode">322122552
<Data Name="LoggingMode">2684366
</EventData>
</Event>
Again, I get this only when I logoff/logon during s session.
I've tried every suggestion mentioned in many forums, including this, which is also in the knowledge base here:
"To fix the "fail to start" error, find the following file in the %windir%\panther\ folder:
setup.etl
and rename it to
setup.old
It can stay in the \panther\ folder.
Reboot and all is done!"
This works, but do I need a "setup.etl" file in the system folder? Renaming it and rebooting does not produce a new setup.etl file.
I checked the performance monitor and the Circular Kernal Context Logger is in fact running when the error occurs...and I should add that each error appears 20 times in the log in half second intervals.
On one forum someone suggested that the error occurs because at logon/logoff during a session the CKCL is indeed running, and the act of logging off somehow tries to start what is already started. In one forum someone suggested going to the registry:
"This has nothing to do with SID. the ETW logger is already running. Open regedit.exe, go to this key: HKEY_LOCAL_MACHINE\SYSTEM\
I have not attempted that fix.
Again, do I need setup.etl in %windir%\panther\? Renaming it to setup.old obviously eliminates it...and the 20 Kernal EventTracing errors in the event log. But what is the missing file doing to my system?
Finally, anyone know what the heck is causing this and is there a real fix instead of the dozen workarounds, only one of which seems to work so far. Thank you.
On a WIN7Pro/64 Dell 980
"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"
Details: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Ke
<EventID>2</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>12</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2014-03-13T15:
<EventRecordID>263</EventR
<Correlation />
<Execution ProcessID="4" ThreadID="52" />
<Channel>Microsoft-Windows
<Computer>MN-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
- <EventData>
<Data Name="SessionName">Circula
<Data Name="FileName" />
<Data Name="ErrorCode">322122552
<Data Name="LoggingMode">2684366
</EventData>
</Event>
Again, I get this only when I logoff/logon during s session.
I've tried every suggestion mentioned in many forums, including this, which is also in the knowledge base here:
"To fix the "fail to start" error, find the following file in the %windir%\panther\ folder:
setup.etl
and rename it to
setup.old
It can stay in the \panther\ folder.
Reboot and all is done!"
This works, but do I need a "setup.etl" file in the system folder? Renaming it and rebooting does not produce a new setup.etl file.
I checked the performance monitor and the Circular Kernal Context Logger is in fact running when the error occurs...and I should add that each error appears 20 times in the log in half second intervals.
On one forum someone suggested that the error occurs because at logon/logoff during a session the CKCL is indeed running, and the act of logging off somehow tries to start what is already started. In one forum someone suggested going to the registry:
"This has nothing to do with SID. the ETW logger is already running. Open regedit.exe, go to this key: HKEY_LOCAL_MACHINE\SYSTEM\
I have not attempted that fix.
Again, do I need setup.etl in %windir%\panther\? Renaming it to setup.old obviously eliminates it...and the 20 Kernal EventTracing errors in the event log. But what is the missing file doing to my system?
Finally, anyone know what the heck is causing this and is there a real fix instead of the dozen workarounds, only one of which seems to work so far. Thank you.
On a WIN7Pro/64 Dell 980
ASKER
I made a copy of the original settings.etl and stored it in a temp folder. I just opened it in event viewer. All the entries in it are from June 2010. Is it the contents of settings.etl that's causing the kernal errors? What would happen if I created a new settings.etl file in a plain text editor?
setup.etl is a event log file. You can even open it from the event log to see what is inside and if it is readable. At the end the file is created during setup.
If you delete it, it schould be recreated with the next reboot...
If you delete it, it schould be recreated with the next reboot...
ASKER
Bembi: I've read before that the system is supposed to recreate setup.etl on next boot, but if you rename it setup.old, it does NOT recreate a new .etl file. And a number of people on a number of forums have said they had the same experience. No new .etl was created. Any ideas why? Thanks.
The log is written from the windows setup. So possibly it comes back if you change the system, i..e add a new feature etc.
ASKER
What about using notepad or another plain text editor to create it? What is or logging that I might need.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sound advice. Thanks.
I decided for the moment to ignore it.