Kernel-EventTracing: 0xC0000022, Circular Kernel Context Logger and System Health Report Access Denied, Panther & PerfLogs directories security & owner settings
I have been having an issue with my Windows 7 Professional Service Pack 1 computer. In the Event Viewer I have the following error listed, which occurs every time the system is rebooted:
Source: Kernel-EventTracing
EventID: 2
Level: Error
User: LOCAL SERVICE
Session "" failed to start with the following error: 0xC0000022
Microsoft-Windows-Kernel-EventTracing/Admin
[ Name] Microsoft-Windows-Kernel-EventTracing
[ Guid] {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}
EventID 2
Version 0
Level 2
Task 2
Opcode 12
Keywords 0x8000000000000010
EventRecordID 117
Correlation
- Execution
[ ProcessID] 1904
[ ThreadID] 1968
Channel Microsoft-Windows-Kernel-EventTracing/Admin
- Security
[ UserID] S-1-5-19
- EventData
SessionName
FileName
ErrorCode 3221225506
LoggingMode 268443650
PID Services for 1904:
MpsSvc - Windows Firewall (Group:LocalServiceNoNetwork)
DPS - Diagnostic Policy Service (Group:LocalServiceNoNetwork)
BFE - Base Filtering ENgine (Group:LocalServiceNoNetwork)
===
Also when I go to use the Performance Monitor: Elevated DOS prompt -> perfmon
Performance Monitor:
-> Data Collector Sets -> System -> Startup Event Trace Sessions: Circular Kernel Context Logger (Enabled)
-> Data Collector Sets -> System -> Event Trace Sessions: Circular Kernel Context Logger (Not Running/Not Listed)
Circular Kernel Context Logger -> Right Click -> Start as Event Trace Session: Performance Monitor: When attempting to create the Data Collector Set the following system error occurred: Access is denied
===
When I try to generate a system health report I also get access denied error:
Control Panel -> Performance Information and Tools -> Advanced Tools -> Generate a system health report: An error occurred while attempting to generate the report. Access Denied.
===
I read some possible solutions including changing setup.etl, updating security of the Panther directory and deleting directories within the Panther directory:
C:\Windows\Panther directory
Properties -> Security:
Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Users - Read & Execute, List folder contents, Read
C:\Windows\Panther\Setup.etl
Renamed Setup.old and reboot, no change in computer behavior.
Rename Panther directory Panther.old and reboot, no change in computer behavior.
===
I read some possible solutions including changing the security of the PerfLogs directory and deleting certain directories:
C:\PerfLogs directory
Properties -> Security:
Authenticated Users - Modify, Read & Execute, List folder contents, Read, Write
SYSTEM - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Administrators - Full Control, Modify, Read & Execute, List folder contents, Read, Write
Users - Read & Execute, List folder contents, Read
C:\PerfLogs\System\Diagnostics
Deleted the contents of Diagnostics and rebooted, no change in computer behavior.
===
I read that leaving HomeGroup may help:
Control Panel -> HomeGroup
There is currently no homegroup on the network. No change in computer behavior.
===
I read that disabling TCP/IPv6 may help:
Local Area Connection Properties: Disabled/Unchecked Internet Protocol Version 6 (TCP/IPv6)
Rebooted computer and no change in computer behavior.
===
Could the owner of PerfLogs and Panther directories of the directories be the issue?
C:\PerfLogs
C:\Windows\Panther
What should the owner of the directories be set to? Currently they are set to the user account who is a member of the administrator group.
Im running low on ideas and the Google searches have been running low on solutions.
April 12th, 2012 10:20am
The computer is running Windows 7 Professional Service Pack 1 64-bit Edition.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 10:32am
Services:
Diagnostic Policy Service - Status: Started - Startup Type: Automatic - Log On As: Local Service
Properties -> Log On
Was set to -> This account: Local Service
I tried to change it to Log on as: Local System account
But I got the Error 1079: The account specified for this service is different from the account specified for other services running in the same process.
April 12th, 2012 10:43am
I have AVG Internet Security 2012 installed as my Anti-Virus software. The AVG Firewall is enabled. The Windows Firewall is set to disabled and is stopped. The Windows Defender is set to disabled and is stopped.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 11:54am
AVG Internet Security 2012, updated with latest versions and ran full scan of the computer: No threats found.
Malwarebytes Anti-Malware, updated with the latest versions and ran full scan of the computer: No threats found.
Windows Update ran, Windows is up to date. All updates are successful.
April 12th, 2012 1:30pm
sfc /scannow
Windows Resource Protection did not find any integrity violations.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 1:55pm
I uninstalled AVG Internet Security 2012. No change in computer behavior.
April 12th, 2012 3:04pm
Computer Management -> Local Users and Groups -> Groups -> Performance Log Users
Added the user account that is being logged in who is a member of the Administrators. No change in computer behavior.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2012 4:36pm
Ran check disk on hard drives, no errors reported. No change in computer behavior.
April 13th, 2012 9:18am
Added Performance Log Users to C:\Perflogs directory security with full control. No change in computer behavior.
Added TrustedInstaller to C:\Windows\Panther directory security with full control. No change in computer behavior.
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2012 9:50am
As an experiment I added:
Added Everyone to C:\Perflogs directory security with full control. No change in computer behavior.
Added Everyone to C:\Windows\Panther directory security with full control. No change in computer behavior.
Thus it doesn't seem to have to do with a directory security setting...
April 13th, 2012 10:15am
As an experiment:
Computer Management -> System Tools -> Local Users and Groups -> Groups
I added to the Administrators group:
NT AUTHORITY\Local Service
NT AUTHORITY\Network Service
NT AUTHORITY\System
NT SERVICE\TrustedInstaller
No change in access denied, no change in computer behavior.
Free Windows Admin Tool Kit Click here and download it now
April 13th, 2012 10:22am
This will fix the Circular Kernel Context Logger error:
Run Command Prompt, type dcomcnfg, press enter.
Component Services -> Computers -> My Computer (right click properties)
COM Security Tab -> Launch and Activation Permissions -> Edit Default
Add Network Service & Local Service with Local Launch, Remote Launch, Local Activation, Remote Activation with Allow Checked off.
Still no luck with Kernel-EventTracing: 0xC0000022 error...
April 16th, 2012 11:36am
Hi,
Could you please try to add the following DCOM permission setting?
For DCOM settings, generally, we can do the following:
=====================
a. Click Start -> Run, type DCOMCNFG and press Enter.
b. Expand Component Services -> Computers -> My Computer. Right click on My Computer and choose Properties.
c. Go to COM Security tab, under Access Permissions, click Edit Limits, and make sure "Everyone" account has Local Access and Remote Access permission.
d. Under Launch and Activation Permissions, click Edit Limits, and give "Everyone" account Local Launch, Remote Launch, Local Activation and Remote Activation.
e. Close the dialog boxes, and in the previous Component Services, expand to Component Services -> Computers -> My Computer -> DCOM Config, find the 3rd party component if your pc has, right click on it, and choose Properties.
f. In General tab, set Authentication Level to "Default".
g. In Security tab, set Launch and Activation Permissions to Customize, click Edit, and give Everyone account all the permissions listed: Local Launch, Remote Launch, Local Activation and Remote Activation.
h. Set Access Permissions to Customize, and also give Everyone account all the permissions: Local Access and Remote Access, give SELF all the permissions, and give SYSTEM Local Access permission.
i. Click OK to save all the settings, and see if it helps.
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 19th, 2012 11:22am
Hi,
Just following up to check if you have any updates for the DCOM permission steps.
Cheer.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
April 26th, 2012 9:46pm