locked
Localhost Start Trace Error "Unable to start ETW session.... Provider Microsoft-PEF-NDIS-PacketCapture does not work remotely" RRS feed

  • Question

  • I've installed the MM Analyser (1.2 build 4.0.7285.0) on 3 servers (all Windows 2008 R2 VMs) however when I try a "quick trace" to validate the install (or if I set-up a new live trace session from scratch) I get the following error on 1 of the servers:

    "Unable to start ETW session MMA-ETW-Livecapture-7d771e67-a7c8-4ead-8b79-3693220f9cba
    Host Name: Localhost

    Provider Microsoft-PEF-NDIS-PacketCapture does not work remotely. Please create a new session without it."

    Can anyone explain why I'm getting an error regarding remote execution when I'm trying to run a trace session on localhost? As stated above I only get this error on 1 of the servers, the other 2 work fine.

    Regards


    C# ASP.NET Developer


    • Edited by Ben Erwood Thursday, March 26, 2015 4:05 PM typeo
    Thursday, March 26, 2015 4:04 PM

All replies

  • Are you able to capture if you run Message Analyzer as administrator?  If so, then perhaps on the other machines you've been automatically added to the Security Group we create on 2008 systems?  Maybe the other two machines had Message Analyzer installed before?

    If that doesn't help, please let me know.

    Paul

    • Proposed as answer by Paul E Long Thursday, March 26, 2015 6:56 PM
    Thursday, March 26, 2015 6:56 PM
  • I am also getting this on one of my 2008 R2 servers:

    Unable to start ETW session: MMA-ETW-Livecapture-c22b0398-56c4-4129-8cd0-d222846ffc72
    Host Name: Localhost

    Provider Microsoft-PEF-NDIS-PacketCapture does not work remotely. Please create a new session without it.

    Tuesday, February 28, 2017 10:39 PM