Kernel-EventTracing Session "" failed to start with the following error: 0xC0000022
I have been having an issue with my Windows 7 Professional Service Pack 1 64-bit Edition computer. In the Event Viewer I have the following error listed, which occurs every time the system is rebooted:
Source: Kernel-EventTracing
EventID: 2
Level: Error
User: LOCAL SERVICE
Session "" failed to start with the following error: 0xC0000022
Microsoft-Windows-Kernel-EventTracing/Admin
[ Name] Microsoft-Windows-Kernel-EventTracing
[ Guid] {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}
EventID 2
Version 0
Level 2
Task 2
Opcode 12
Keywords 0x8000000000000010
EventRecordID 117
Correlation
- Execution
[ ProcessID] 1904
[ ThreadID] 1968
Channel Microsoft-Windows-Kernel-EventTracing/Admin
- Security
[ UserID] S-1-5-19
- EventData
SessionName
FileName
ErrorCode 3221225506
LoggingMode 268443650
PID Services for 1904:
MpsSvc - Windows Firewall (Group:LocalServiceNoNetwork)
DPS - Diagnostic Policy Service (Group:LocalServiceNoNetwork)
BFE - Base Filtering ENgine (Group:LocalServiceNoNetwork)
===
Also when I go to use the Performance Monitor: Elevated DOS prompt -> perfmon
Performance Monitor:
-> Data Collector Sets -> System -> Startup Event Trace Sessions: Circular Kernel Context Logger (Enabled)
-> Data Collector Sets -> System -> Event Trace Sessions: Circular Kernel Context Logger (Not Running/Not Listed)
Circular Kernel Context Logger -> Right Click -> Start as Event Trace Session: Performance Monitor: When attempting to create the Data Collector Set the following system error occurred: Access is denied
When I try to generate a system health report I also get access denied error:
Control Panel -> Performance Information and Tools -> Advanced Tools -> Generate a system health report: An error occurred while attempting to generate the report. Access Denied.
I read some possible solutions including changing setup.etl, updating security of the Panther directory and deleting directories within the Panther directory:
C:\Windows\Panther directory
Properties -> Security:
Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Users - Read & Execute, List folder contents, Read
C:\Windows\Panther\Setup.etl
Renamed Setup.old and reboot, no change in computer behavior.
Rename Panther directory Panther.old and reboot, no change in computer behavior.
I read some possible solutions including changing the security of the PerfLogs directory and deleting certain directories:
C:\PerfLogs directory
Properties -> Security:
Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Users - Read & Execute, List folder contents, Read
C:\PerfLogs\System\Diagnostics
Deleted the contents of Diagnostics and rebooted, no change in computer behavior.
I read that leaving HomeGroup may help:
Control Panel -> HomeGroup
There is currently no homegroup on the network. No change in computer behavior.
I read that disabling TCP/IPv6 may help:
Local Area Connection Properties: Disabled/Unchecked Internet Protocol Version 6 (TCP/IPv6)
Rebooted computer and no change in computer behavior.
Could the owner of PerfLogs and Panther directories of the directories be the issue?
C:\PerfLogs
C:\Windows\Panther
Services:
Diagnostic Policy Service - Status: Started - Startup Type: Automatic - Log On As: Local Service
Properties -> Log On
Was set to -> This account: Local Service
I tried to change it to Log on as: Local System account
But I got the Error 1079: The account specified for this service is different from the account specified for other services running in the same process.
I have AVG Internet Security 2012 installed as my Anti-Virus software. The AVG Firewall is enabled. The Windows Firewall is set to disabled and is stopped. The Windows Defender is set to disabled and is stopped.
AVG Internet Security 2012, updated with latest versions and ran full scan of the computer: No threats found.
Malwarebytes Anti-Malware, updated with the latest versions and ran full scan of the computer: No threats found.
Windows Update ran, Windows is up to date. All updates are successful.
sfc /scannow
Windows Resource Protection did not find any integrity violations.
I uninstalled AVG Internet Security 2012. No change in computer behavior.
Computer Management -> Local Users and Groups -> Groups -> Performance Log Users
Added the user account that is being logged in who is a member of the Administrators. No change in computer behavior.
Ran check disk on hard drives, no errors reported. No change in computer behavior.
Added Performance Log Users to C:\Perflogs directory security with full control. No change in computer behavior.
Added TrustedInstaller to C:\Windows\Panther directory security with full control. No change in computer behavior.
As an experiment I added:
Added Everyone to C:\Perflogs directory security with full control. No change in computer behavior.
Added Everyone to C:\Windows\Panther directory security with full control. No change in computer behavior.
Thus it doesn't seem to have to do with a directory security setting...
As an experiment:
Computer Management -> System Tools -> Local Users and Groups -> Groups
I added to the Administrators group:
NT AUTHORITY\Local Service
NT AUTHORITY\Network Service
NT AUTHORITY\System
NT SERVICE\TrustedInstaller
No change in access denied, no change in computer behavior.
===
This will fix the Circular Kernel Context Logger error:
Run Command Prompt, type dcomcnfg, press enter.
Component Services -> Computers -> My Computer (right click properties)
COM Security Tab -> Launch and Activation Permissions -> Edit Default
Add Network Service & Local Service with Local Launch, Remote Launch, Local Activation, Remote Activation with Allow Checked off.
Still no luck with Kernel-EventTracing: 0xC0000022 error...
April 18th, 2012 9:11am
Have you tried boot log (via F8)? It looks like timing problem.
Regards
Milos
Free Windows Admin Tool Kit Click here and download it now
April 18th, 2012 12:35pm
I did a in-place windows 7 upgrade as suggested due to another computer issue and this problem is now gone.
April 19th, 2012 2:12pm