none
Kernel-EventTracing Session "" failed to start with the following error: 0xC0000022

    Question

  • I have been having an issue with my Windows 7 Professional Service Pack 1 64-bit Edition computer. In the Event Viewer I have the following error listed, which occurs every time the system is rebooted:

    Source: Kernel-EventTracing
    EventID: 2
    Level: Error
    User: LOCAL SERVICE

    Session "" failed to start with the following error: 0xC0000022

    Microsoft-Windows-Kernel-EventTracing/Admin
     [ Name]  Microsoft-Windows-Kernel-EventTracing
     [ Guid]  {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}
       EventID 2
       Version 0
       Level 2
       Task 2
       Opcode 12
       Keywords 0x8000000000000010
       EventRecordID 117
       Correlation
      - Execution
       [ ProcessID]  1904
       [ ThreadID]  1968
       Channel Microsoft-Windows-Kernel-EventTracing/Admin
      - Security
       [ UserID]  S-1-5-19
    - EventData
      SessionName
      FileName
      ErrorCode 3221225506
      LoggingMode 268443650

    PID Services for 1904:
    MpsSvc - Windows Firewall (Group:LocalServiceNoNetwork)
    DPS - Diagnostic Policy Service (Group:LocalServiceNoNetwork)
    BFE - Base Filtering ENgine (Group:LocalServiceNoNetwork)

    ===

    Also when I go to use the Performance Monitor: Elevated DOS prompt -> perfmon

    Performance Monitor:
    -> Data Collector Sets -> System -> Startup Event Trace Sessions: Circular Kernel Context Logger (Enabled)
    -> Data Collector Sets -> System -> Event Trace Sessions: Circular Kernel Context Logger (Not Running/Not Listed)

    Circular Kernel Context Logger -> Right Click -> Start as Event Trace Session: Performance Monitor: When attempting to create the Data Collector Set the following system error occurred: Access is denied

    When I try to generate a system health report I also get access denied error:

    Control Panel -> Performance Information and Tools -> Advanced Tools -> Generate a system health report: An error occurred while attempting to generate the report. Access Denied.

    I read some possible solutions including changing setup.etl, updating security of the Panther directory and deleting directories within the Panther directory:

    C:\Windows\Panther directory

    Properties -> Security:
    Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
    SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
    Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write

    Users - Read & Execute, List folder contents, Read

    C:\Windows\Panther\Setup.etl

    Renamed Setup.old and reboot, no change in computer behavior.
    Rename Panther directory Panther.old and reboot, no change in computer behavior.

    I read some possible solutions including changing the security of the PerfLogs directory and deleting certain directories:

    C:\PerfLogs directory

    Properties -> Security:
    Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
    SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
    Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write
    Users - Read & Execute, List folder contents, Read

    C:\PerfLogs\System\Diagnostics

    Deleted the contents of Diagnostics and rebooted, no change in computer behavior.

    I read that leaving HomeGroup may help:

    Control Panel -> HomeGroup

    There is currently no homegroup on the network. No change in computer behavior.

    I read that disabling TCP/IPv6 may help:

    Local Area Connection Properties: Disabled/Unchecked Internet Protocol Version 6 (TCP/IPv6)

    Rebooted computer and no change in computer behavior.

    Could the owner of PerfLogs and Panther directories of the directories be the issue?

    C:\PerfLogs
    C:\Windows\Panther

    Services:

    Diagnostic Policy Service - Status: Started - Startup Type: Automatic - Log On As: Local Service
    Properties -> Log On

    Was set to -> This account: Local Service

    I tried to change it to Log on as: Local System account

    But I got the Error 1079: The account specified for this service is different from the account specified for other services running in the same process.

    I have AVG Internet Security 2012 installed as my Anti-Virus software. The AVG Firewall is enabled. The Windows Firewall is set to disabled and is stopped. The Windows Defender is set to disabled and is stopped.

    AVG Internet Security 2012, updated with latest versions and ran full scan of the computer: No threats found.

    Malwarebytes Anti-Malware, updated with the latest versions and ran full scan of the computer: No threats found.

    Windows Update ran, Windows is up to date. All updates are successful.

    sfc /scannow

    Windows Resource Protection did not find any integrity violations.

    I uninstalled AVG Internet Security 2012. No change in computer behavior.

    Computer Management -> Local Users and Groups -> Groups -> Performance Log Users

    Added the user account that is being logged in who is a member of the Administrators. No change in computer behavior.

    Ran check disk on hard drives, no errors reported. No change in computer behavior.

    Added Performance Log Users to C:\Perflogs directory security with full control. No change in computer behavior.

    Added TrustedInstaller to C:\Windows\Panther directory security with full control. No change in computer behavior.

    As an experiment I added:

    Added Everyone to C:\Perflogs directory security with full control. No change in computer behavior.

    Added Everyone to C:\Windows\Panther directory security with full control. No change in computer behavior.

    Thus it doesn't seem to have to do with a directory security setting...

    As an experiment:

    Computer Management -> System Tools -> Local Users and Groups -> Groups

    I added to the Administrators group:

    NT AUTHORITY\Local Service

    NT AUTHORITY\Network Service

    NT AUTHORITY\System

    NT SERVICE\TrustedInstaller

    No change in access denied, no change in computer behavior.

    ===

    This will fix the Circular Kernel Context Logger error:

    Run Command Prompt, type dcomcnfg, press enter.

    Component Services -> Computers -> My Computer (right click properties)

    COM Security Tab -> Launch and Activation Permissions -> Edit Default

    Add Network Service & Local Service with Local Launch, Remote Launch, Local Activation, Remote Activation with Allow Checked off.

    Still no luck with Kernel-EventTracing: 0xC0000022 error...
    Wednesday, April 18, 2012 1:03 PM

Answers

All replies