Circular kernal context logger failed to start

I get the following error when I logoff, then logon when a session is running (I do not get it at startup or restart):

"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"

Details: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
  <EventID>2</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>2</Task>
  <Opcode>12</Opcode>
  <Keywords>0x8000000000000010</Keywords>
  <TimeCreated SystemTime="2014-03-13T15:45:13.392580000Z" />
  <EventRecordID>263</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="52" />
  <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
  <Computer>MN-PC</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData>
  <Data Name="SessionName">Circular Kernel Context Logger</Data>
  <Data Name="FileName" />
  <Data Name="ErrorCode">3221225525</Data>
  <Data Name="LoggingMode">268436608</Data>
  </EventData>
  </Event>

Again, I get this only when I logoff/logon during s session.

I've tried every suggestion mentioned in many forums, including this, which is also in the knowledge base here:

"To fix the "fail to start" error, find the following file in the %windir%\panther\ folder:
setup.etl
and rename it to
setup.old
It can stay in the \panther\ folder.
Reboot and all is done!"

This works, but do I need a "setup.etl" file in the system folder? Renaming it and rebooting does not produce a new setup.etl file.

I checked the performance monitor and the Circular Kernal Context Logger is in fact running when the error occurs...and I should add that each error appears 20 times in the log in half second intervals.

On one forum someone suggested that the error occurs because at logon/logoff during a session the CKCL is indeed running, and the act of logging off somehow tries to start what is already started. In one forum someone suggested going to the registry:

"This has nothing to do with SID. the ETW logger is already running. Open regedit.exe, go to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger and set the value "Start" to "0."

I have not attempted that fix.

Again, do I need setup.etl in %windir%\panther\? Renaming it to setup.old obviously eliminates it...and the 20 Kernal EventTracing errors in the event log. But what is the missing file doing to my system?

Finally, anyone know what the heck is causing this and is there a real fix instead of the dozen workarounds, only one of which seems to work so far. Thank you.

On a WIN7Pro/64 Dell 980
normanmlAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
BembiConnect With a Mentor CEOCommented:
If you want to create it, sure. I guess there is just no need. The recreation of most of the files happens if they are accessed. And as this is a setup log file, I would imagine, it is only accessed during windows installation.
You might try to change something in the system configuration, (role / features) to see if it is recreated. As long as you do not get any error in the eventlog, I can not see a reson to create a empty one.
If you cahnge something in the roles / features setup and it throws an error, recreate it. In the meanswhile, move the file to a different directory.
0
 
BembiCEOCommented:
I even investigated this error, all the arrticle you read can be true or false, dependend from the source. To get rid of it, you can really disable the trace as you stated, or just to ignore it if it is not too annoying.
I decided for the moment to ignore it.
0
 
normanmlAuthor Commented:
I made a copy of the original settings.etl and stored it in a temp folder. I just opened it in event viewer. All the entries in it are from June 2010. Is it the contents of settings.etl that's causing the kernal errors? What would happen if I created a new settings.etl file in a plain text editor?
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
BembiCEOCommented:
setup.etl is a event log file. You can even open it from the event log to see what is inside and if it is readable. At the end the file is created during setup.

If you delete it, it schould be recreated with the next reboot...
0
 
normanmlAuthor Commented:
Bembi: I've read before that the system is supposed to recreate setup.etl on next boot, but if you rename it setup.old, it does NOT recreate a new .etl file. And a number of people on a number of forums have said they had the same experience. No new .etl was created. Any ideas why? Thanks.
0
 
BembiCEOCommented:
The log is written from the windows setup. So possibly it comes back if you change the system, i..e add a new feature etc.
0
 
normanmlAuthor Commented:
What about using notepad or another plain text editor to create it? What is or logging that I might need.
0
 
normanmlAuthor Commented:
Sound advice. Thanks.
0
All Courses

From novice to tech pro — start learning today.