I have been having an issue with my Windows 7 Professional Service Pack 1 computer. In the Event Viewer I have the following error listed, which occurs every time the system is rebooted: Source: Kernel-EventTracing EventID: 2 Level: Error User: LOCAL SERVICE Session "" failed to start with the following error: 0xC0000022 Microsoft-Windows-Kernel-EventTracing/Admin [ Name] Microsoft-Windows-Kernel-EventTracing [ Guid] {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2} EventID 2 Version 0 Level 2 Task 2 Opcode 12 Keywords 0x8000000000000010 EventRecordID 117 Correlation - Execution [ ProcessID] 1904 [ ThreadID] 1968 Channel Microsoft-Windows-Kernel-EventTracing/Admin - Security [ UserID] S-1-5-19 - EventData SessionName FileName ErrorCode 3221225506 LoggingMode 268443650 PID Services for 1904: MpsSvc - Windows Firewall (Group:LocalServiceNoNetwork) DPS - Diagnostic Policy Service (Group:LocalServiceNoNetwork) BFE - Base Filtering ENgine (Group:LocalServiceNoNetwork) === Also when I go to use the Performance Monitor: Elevated DOS prompt -> perfmon Performance Monitor: -> Data Collector Sets -> System -> Startup Event Trace Sessions: Circular Kernel Context Logger (Enabled) -> Data Collector Sets -> System -> Event Trace Sessions: Circular Kernel Context Logger (Not Running/Not Listed) Circular Kernel Context Logger -> Right Click -> Start as Event Trace Session: Performance Monitor: When attempting to create the Data Collector Set the following system error occurred: Access is denied === When I try to generate a system health report I also get access denied error: Control Panel -> Performance Information and Tools -> Advanced Tools -> Generate a system health report: An error occurred while attempting to generate the report. Access Denied. === I read some possible solutions including changing setup.etl, updating security of the Panther directory and deleting directories within the Panther directory: C:\Windows\Panther directory Properties -> Security: Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write Users - Read & Execute, List folder contents, Read C:\Windows\Panther\Setup.etl Renamed Setup.old and reboot, no change in computer behavior. Rename Panther directory Panther.old and reboot, no change in computer behavior. === I read some possible solutions including changing the security of the PerfLogs directory and deleting certain directories: C:\PerfLogs directory Properties -> Security: Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write Users - Read & Execute, List folder contents, Read C:\PerfLogs\System\Diagnostics Deleted the contents of Diagnostics and rebooted, no change in computer behavior. === I read that leaving HomeGroup may help: Control Panel -> HomeGroup There is currently no homegroup on the network. No change in computer behavior. === I read that disabling TCP/IPv6 may help: Local Area Connection Properties: Disabled/Unchecked Internet Protocol Version 6 (TCP/IPv6) Rebooted computer and no change in computer behavior. === Could the owner of PerfLogs and Panther directories of the directories be the issue? C:\PerfLogs C:\Windows\Panther What should the owner of the directories be set to? Currently they are set to the user account who is a member of the administrator group. Im running low on ideas and the Google searches have been running low on solutions.

The computer is running Windows 7 Professional Service Pack 1 64-bit Edition.

Services: Diagnostic Policy Service - Status: Started - Startup Type: Automatic - Log On As: Local Service Properties -> Log On Was set to -> This account: Local Service I tried to change it to Log on as: Local System account But I got the Error 1079: The account specified for this service is different from the account specified for other services running in the same process.

I have AVG Internet Security 2012 installed as my Anti-Virus software. The AVG Firewall is enabled. The Windows Firewall is set to disabled and is stopped. The Windows Defender is set to disabled and is stopped.

AVG Internet Security 2012, updated with latest versions and ran full scan of the computer: No threats found. Malwarebytes Anti-Malware, updated with the latest versions and ran full scan of the computer: No threats found. Windows Update ran, Windows is up to date. All updates are successful.

sfc /scannow Windows Resource Protection did not find any integrity violations.

I uninstalled AVG Internet Security 2012. No change in computer behavior.

Computer Management -> Local Users and Groups -> Groups -> Performance Log Users Added the user account that is being logged in who is a member of the Administrators. No change in computer behavior.

Ran check disk on hard drives, no errors reported. No change in computer behavior.

Added Performance Log Users to C:\Perflogs directory security with full control. No change in computer behavior. Added TrustedInstaller to C:\Windows\Panther directory security with full control. No change in computer behavior.

As an experiment I added: Added Everyone to C:\Perflogs directory security with full control. No change in computer behavior. Added Everyone to C:\Windows\Panther directory security with full control. No change in computer behavior. Thus it doesn't seem to have to do with a directory security setting...

As an experiment: Computer Management -> System Tools -> Local Users and Groups -> Groups I added to the Administrators group: NT AUTHORITY\Local Service NT AUTHORITY\Network Service NT AUTHORITY\System NT SERVICE\TrustedInstaller No change in access denied, no change in computer behavior.

This will fix the Circular Kernel Context Logger error: Run Command Prompt, type dcomcnfg, press enter. Component Services -> Computers -> My Computer (right click properties) COM Security Tab -> Launch and Activation Permissions -> Edit Default Add Network Service & Local Service with Local Launch, Remote Launch, Local Activation, Remote Activation with Allow Checked off. Still no luck with Kernel-EventTracing: 0xC0000022 error...

Hi, Could you please try to add the following DCOM permission setting? For DCOM settings, generally, we can do the following: ===================== a. Click Start -> Run, type DCOMCNFG and press Enter. b. Expand Component Services -> Computers -> My Computer. Right click on My Computer and choose Properties. c. Go to COM Security tab, under Access Permissions, click Edit Limits, and make sure "Everyone" account has Local Access and Remote Access permission. d. Under Launch and Activation Permissions, click Edit Limits, and give "Everyone" account Local Launch, Remote Launch, Local Activation and Remote Activation. e. Close the dialog boxes, and in the previous Component Services, expand to Component Services -> Computers -> My Computer -> DCOM Config, find the 3rd party component if your pc has, right click on it, and choose Properties. f. In General tab, set Authentication Level to "Default". g. In Security tab, set Launch and Activation Permissions to Customize, click Edit, and give Everyone account all the permissions listed: Local Launch, Remote Launch, Local Activation and Remote Activation. h. Set Access Permissions to Customize, and also give Everyone account all the permissions: Local Access and Remote Access, give SELF all the permissions, and give SYSTEM Local Access permission. i. Click OK to save all the settings, and see if it helps. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Just following up to check if you have any updates for the DCOM permission steps. Cheer.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.