Solved

Circular kernal context logger failed to start

Posted on 2014-03-13
8
5,306 Views
Last Modified: 2016-11-23
I get the following error when I logoff, then logon when a session is running (I do not get it at startup or restart):

"Session "Circular Kernel Context Logger" failed to start with the following error: 0xC0000035"

Details: - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
  <EventID>2</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>2</Task>
  <Opcode>12</Opcode>
  <Keywords>0x8000000000000010</Keywords>
  <TimeCreated SystemTime="2014-03-13T15:45:13.392580000Z" />
  <EventRecordID>263</EventRecordID>
  <Correlation />
  <Execution ProcessID="4" ThreadID="52" />
  <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
  <Computer>MN-PC</Computer>
  <Security UserID="S-1-5-18" />
  </System>
- <EventData>
  <Data Name="SessionName">Circular Kernel Context Logger</Data>
  <Data Name="FileName" />
  <Data Name="ErrorCode">3221225525</Data>
  <Data Name="LoggingMode">268436608</Data>
  </EventData>
  </Event>

Again, I get this only when I logoff/logon during s session.

I've tried every suggestion mentioned in many forums, including this, which is also in the knowledge base here:

"To fix the "fail to start" error, find the following file in the %windir%\panther\ folder:
setup.etl
and rename it to
setup.old
It can stay in the \panther\ folder.
Reboot and all is done!"

This works, but do I need a "setup.etl" file in the system folder? Renaming it and rebooting does not produce a new setup.etl file.

I checked the performance monitor and the Circular Kernal Context Logger is in fact running when the error occurs...and I should add that each error appears 20 times in the log in half second intervals.

On one forum someone suggested that the error occurs because at logon/logoff during a session the CKCL is indeed running, and the act of logging off somehow tries to start what is already started. In one forum someone suggested going to the registry:

"This has nothing to do with SID. the ETW logger is already running. Open regedit.exe, go to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger and set the value "Start" to "0."

I have not attempted that fix.

Again, do I need setup.etl in %windir%\panther\? Renaming it to setup.old obviously eliminates it...and the 20 Kernal EventTracing errors in the event log. But what is the missing file doing to my system?

Finally, anyone know what the heck is causing this and is there a real fix instead of the dozen workarounds, only one of which seems to work so far. Thank you.

On a WIN7Pro/64 Dell 980
0
Comment
Question by:normanml
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 39927750
I even investigated this error, all the arrticle you read can be true or false, dependend from the source. To get rid of it, you can really disable the trace as you stated, or just to ignore it if it is not too annoying.
I decided for the moment to ignore it.
0
 

Author Comment

by:normanml
ID: 39928222
I made a copy of the original settings.etl and stored it in a temp folder. I just opened it in event viewer. All the entries in it are from June 2010. Is it the contents of settings.etl that's causing the kernal errors? What would happen if I created a new settings.etl file in a plain text editor?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39929314
setup.etl is a event log file. You can even open it from the event log to see what is inside and if it is readable. At the end the file is created during setup.

If you delete it, it schould be recreated with the next reboot...
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 

Author Comment

by:normanml
ID: 39929531
Bembi: I've read before that the system is supposed to recreate setup.etl on next boot, but if you rename it setup.old, it does NOT recreate a new .etl file. And a number of people on a number of forums have said they had the same experience. No new .etl was created. Any ideas why? Thanks.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39929690
The log is written from the windows setup. So possibly it comes back if you change the system, i..e add a new feature etc.
0
 

Author Comment

by:normanml
ID: 39946499
What about using notepad or another plain text editor to create it? What is or logging that I might need.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 39951613
If you want to create it, sure. I guess there is just no need. The recreation of most of the files happens if they are accessed. And as this is a setup log file, I would imagine, it is only accessed during windows installation.
You might try to change something in the system configuration, (role / features) to see if it is recreated. As long as you do not get any error in the eventlog, I can not see a reson to create a empty one.
If you cahnge something in the roles / features setup and it throws an error, recreate it. In the meanswhile, move the file to a different directory.
0
 

Author Closing Comment

by:normanml
ID: 39951635
Sound advice. Thanks.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question