locked
Kernel Registry Analytical Event - Critical RRS feed

  • Question

  • I'm using Windows 7 Ultimate on

    HP dv6 notebook, core 2 duo, 4gigs RAM, CPU T6600

    I turned my laptop on today & heard a little sound so I opened up Event Viewer and found over 5,000 errors/critical errors located in the Application and Services Logs under Microsoft/Windows/Kernel Registry/Analytic folders. All recorded simultaneously at log on. It appears to be a series of several events - event ID's 2, 7, 13 - that either repeated one after the other all in one second or they're just duplicated copies. I can't tell because some of them have same event ID # but appear to be different issues. e.g. on event 7, some are critical and some are not. In the "included with the event" some are saying Registry\Machine\Hardware\DeviceMap\Video and some say attach to desktop. I'm concerned because one of them is a critical error. here they are. I also took a snap shot of the events to give you an idea of how these were not in any specific order.

    ______________________________________________________

    Log Name:      Microsoft-Windows-Kernel-Registry/Analytic
    Source:        Microsoft-Windows-Kernel-Registry
    Date:          2/23/2014 5:34:47 PM
    Event ID:      2
    Task Category: None
    Level:         Error
    Keywords:      (8192)
    User:          SYSTEM
    Computer:      Middleearth
    Description:
    The description for Event ID 2 from source Microsoft-Windows-Kernel-Registry cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    2350951216
    2628202384
    0
    0
    \Registry\Machine\Hardware\DeviceMap\Video

    Element not found

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kernel-Registry" Guid="{70eb4f03-c1de-4f73-a051-33d13d5413bd}" />
        <EventID>2</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>33</Opcode>
        <Keywords>0x8000000000002000</Keywords>
        <TimeCreated SystemTime="2014-02-24T01:34:47.302445300Z" />
        <EventRecordID>5483</EventRecordID>
        <Correlation />
        <Execution ProcessID="636" ThreadID="640" ProcessorID="0" KernelTime="6" UserTime="0" />
        <Channel>Microsoft-Windows-Kernel-Registry/Analytic</Channel>
        <Computer>Middleearth</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="BaseObject">0x8c20ab30</Data>
        <Data Name="KeyObject">0x9ca72f90</Data>
        <Data Name="Status">0</Data>
        <Data Name="Disposition">0</Data>
        <Data Name="BaseName">
        </Data>
        <Data Name="RelativeName">\Registry\Machine\Hardware\DeviceMap\Video</Data>
      </EventData>
    </Event>

    ______________________________________________________________

    Log Name:      Microsoft-Windows-Kernel-Registry/Analytic
    Source:        Microsoft-Windows-Kernel-Registry
    Date:          2/23/2014 5:34:47 PM
    Event ID:      7
    Task Category: None
    Level:         Critical
    Keywords:      (1024)
    User:          SYSTEM
    Computer:      Middleearth
    Description:
    The description for Event ID 7 from source Microsoft-Windows-Kernel-Registry cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    2628202384
    3221225524
    1
    2453530584
    Attach.PrimaryDevice
    0

    Element not found

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kernel-Registry" Guid="{70eb4f03-c1de-4f73-a051-33d13d5413bd}" />
        <EventID>7</EventID>
        <Version>0</Version>
        <Level>1</Level>
        <Task>0</Task>
        <Opcode>38</Opcode>
        <Keywords>0x8000000000000400</Keywords>
        <TimeCreated SystemTime="2014-02-24T01:34:47.302445300Z" />
        <EventRecordID>5496</EventRecordID>
        <Correlation />
        <Execution ProcessID="636" ThreadID="640" ProcessorID="0" KernelTime="6" UserTime="0" />
        <Channel>Microsoft-Windows-Kernel-Registry/Analytic</Channel>
        <Computer>Middleearth</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="KeyObject">0x9ca72f90</Data>
        <Data Name="Status">3221225524</Data>
        <Data Name="InfoClass">1</Data>
        <Data Name="DataSize">2453530584</Data>
        <Data Name="KeyName">
        </Data>
        <Data Name="ValueName">Attach.PrimaryDevice</Data>
        <Data Name="CapturedDataSize">0</Data>
        <Data Name="CapturedData">
        </Data>
      </EventData>
    </Event>

    ___________________________________________________________________

    Log Name:      Microsoft-Windows-Kernel-Registry/Analytic
    Source:        Microsoft-Windows-Kernel-Registry
    Date:          2/23/2014 5:34:47 PM
    Event ID:      13
    Task Category: None
    Level:         Error
    Keywords:      <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Kernel-Registry' Guid='{70eb4f03-c1de-4f73-a051-33d13d5413bd}'/><EventID>13</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>44</Opcode><Keywords>0x8000000000000001</Keywords><TimeCreated SystemTime='2014-02-24T01:34:47.302445300Z'/><EventRecordID>5457</EventRecordID><Correlation/><Execution ProcessID='636' ThreadID='640' ProcessorID='0' KernelTime='6' UserTime='0'/><Ch
    User:          SYSTEM
    Computer:      Middleearth
    Description:
    The description for Event ID 13 from source Microsoft-Windows-Kernel-Registry cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    2628202384
    0

    Element not found

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Kernel-Registry" Guid="{70eb4f03-c1de-4f73-a051-33d13d5413bd}" />
        <EventID>13</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>44</Opcode>
        <Keywords>0x8000000000000001</Keywords>
        <TimeCreated SystemTime="2014-02-24T01:34:47.302445300Z" />
        <EventRecordID>5498</EventRecordID>
        <Correlation />
        <Execution ProcessID="636" ThreadID="640" ProcessorID="0" KernelTime="6" UserTime="0" />
        <Channel>Microsoft-Windows-Kernel-Registry/Analytic</Channel>
        <Computer>Middleearth</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="KeyObject">0x9ca72f90</Data>
        <Data Name="Status">0</Data>
        <Data Name="KeyName">
        </Data>
      </EventData>
    </Event>

    ________________________________________________________________


    Of course, it's just my opinion....I could be wrong!



    • Edited by pippin33 Monday, February 24, 2014 4:31 AM
    Monday, February 24, 2014 4:25 AM

All replies

  • Hi,

    Event Sources

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363661(v=vs.85).aspx

    As last paragraph says, an application can use the Application log without adding a new event source to the  registry. If the application calls RegistryEventSource and passes a source name that cannot be found in the registry, the event-logging service uses the Application log by default. However, because there are no message files, the Event Viewer cannot map any event identifiers or event categories to a description string, and will display an error.

    So it seems that your application name in RegisterEventSource was not matching with the application name in registry, it doesn't gives us a description about the error and doesn't provide any efficient information.

    Please also take a look of this similiar thread, seems sometimes regional settings can also cause this issue

    http://social.technet.microsoft.com/Forums/windows/en-US/3fd3d1fc-1194-4899-978c-3283085648bc/eventlog-forwarding-issues-either-the-component-that-raises-this-event-is-not-installed-on-your?forum=w7itprogeneral

    Regarding to the sound issue, it could be many things.  Possibly your power suppy going,  one of the fans, either cpu or powersupply fan.  Or audio device, etc.


    Yolanda Zhu
    TechNet Community Support

    Tuesday, February 25, 2014 7:29 AM
  • This is mind boggling. Your answer has nothing to do with my problem.

    The 1st link you provided goes to the development center page and describes how the event log service works. I already know how the service works and didn't think there was anything in my question that suggested I needed to learn how.

    You talked about why an application uses the Application log - a moot point since all events are entered into the Application log and my problem is regarding a specific event in that log not how the event log works.

    You then gave an explanation as to why you can't help - claiming the error message doesn't identify the problem - the reason being there are no message files. Message files are created by developers and programmers using the app MC.exe which has known bugs & is supposed  to be included in Visual Studio but its not - regardless of that it takes extensive knowledge in coding and altering the registry and it would've had to have been done prior to the event. Another useless point given that there are other ways to identify an error event.

    The 2nd link you provide to another thread with the claim that its a similar issue when in fact is not similar - not even close. That thread started by someone in the U.K was regarding the forwarding event not working which was clearly stated in the title of the thread. There was nothing about critical errors events in Kernel Registry Analytic. This request went unanswered but the OP found a work around fix which was changing the region and language to English, United States. But it doesn't matter because again it has nothing to do with my problem.

    The only similarity between that thread and mine is the explanation found on most errors in the event log, which states:

    "The description for Event ID ---  from source Microsoft-Windows-Event Log (mine says Kernel Registry Analytic) cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event"

    This is the standard message on most of the event errors when the OS cannot identify the error. This is one of the main reasons IT support exists because you can in fact identify it in other ways. I've never encountered an IT person who could not figure out what the problem was from one of these error messages. 

    But again, its moot because it doesn't have anything to do with the core issue of my problem. Yet You referred me to that thread because it contained the same verbiage in that one paragraph. You focused on that standard response first by defining it and 2nd claiming it was a similar problem.

    Why you would do that does not make any sense. I am amazed that you are a moderator in the IT department.

    Finally, there is no sound issue on my pc and I never said there was. I mentioned a sound it  my post because it alerted me that there was a problem.

    Can someone who knows how to read these event error messages please help me. The errors continue everytime I log on. It looks like it may effect my pc in a harmful way it is not fixed.

     


    Of course, it's just my opinion....I could be wrong!

    Tuesday, March 4, 2014 1:09 PM
  • Hi,

    I shard these link with you in order to show why the log in your system was recorded like this:

    The description for Event ID ---  from source Kernel Registry Analytic cannot be found.

    Sorry, it seems that I talked too much about that....

    When an error occurs in your system, it's application will call some related component in kernel registry to finish the description of the log and map it to the event viewer, something must be wrong during the process of creating a valuable event log in your system.

    And that's why we're unable to find the valuable information about what happened in your system.

    I suggest you run a sfc/scannow to check whether there're some important missing or corrupted system files, if you have a restore point, you can return your system to a previous state when the computer is functioning fine,

    and you can also perform a in place upgrade if failed with the above solutions

    http://support.microsoft.com/kb/2255099/en-us


    Yolanda Zhu
    TechNet Community Support

    Thursday, March 6, 2014 9:09 AM