Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: need someone to look up some system info on your PC

14 Jan 2012   #1
JimLewandowski

 
 
need someone to look up some system info on your PC

I mucked with my Circular Kernel Context Logger to get some trace data and now it won't start when Win 7 boots. I reset what I recall changing, but I do remember changing some security as the output .etl dataset couldn't be read or takeown'ed by me. However, if I manually start it (right-click START) it does start successfully. Maybe I'm admin (owner of CKCL) and I can thus start it, but the SYSTEM (security/SID) can't??


Control Panel > Administrative Tools > Performance Monitor.

Expand - Data Collector Reports.

Left-click on - Start Event Trace Sessions.

Left-Click once - Circular Kernel Context Logger to highlight it. Then right-click to get context menu, and then click on Properties.

Applet open

Now, click on - Security tile OR Security tab at the top. Then click on Advanced tile.

On this applet, click the Owner tab. What does it list for current owner?


My System SpecsSystem Spec
.
14 Jan 2012   #2
Brink

64-bit Windows 10 Pro
 
 

Hello Jim,

Here's what I have as the owner. Hope it helps.

The SYSTEM group as all permission options checked but the first one below for me.

need someone to look up some system info on your PC-owner.jpg


My System SpecsSystem Spec
14 Jan 2012   #3
DMHolt57

 
 

Administrators is listed as Owner....
My System SpecsSystem Spec
.

14 Jan 2012   #4
JimLewandowski

 
 

Aha.

Yours has DPS (Diagnostic Policy Service) and WdiServiceHost. Maybe because your Win7 Ultimate?

All security for all my Event Traces are listed are pretty much the same (all checked BUT the first box).

Mine has (but most others look this way):

SYSTEM
LOCAL SERVICE
NETWORK SERVICE
Admin (Jim/GLH)
Network Configuration Operators (Jim/GLH)

Maybe I need to add DPS since it might be the service that starts this. I checked other running (via boot, not of my control) traces and see DPS on one.

But, I'm 100% sure I didn't do anything with security other than add a checkmark to Admin (in an attempt to get access to the CKCL.etl file in my local non-OS directory - this DID work).

I'm stumped. I knew modifying it and trying to set it back would neuter it. But, again, I can start it manually and no problems at all. It is set to enabled.....
My System SpecsSystem Spec
14 Jan 2012   #5
JimLewandowski

 
 

Would someone be kind enough to STOP the CKCL via the EVENT TRACE SESSIONS branch (it will say RUNNING next to it). Left-click to highlight, right-click to select STOP.

CLOSE the performance monitor window and come all the way back in again (idiosynchracy of perfmon GUI - clicking ACTION > REFRESH won't work for a few minutes).

Go to the original Event Trace Session branch (the ones listed as RUNNING) again and verify that CKCL is physically gone from the list.

If so, go to Startup Event Trace Session branch (the ones listed as enabled/disabled), right-click CKCL and select Properties. What do you have in the lower pane by Keywords(Any) (1st row). My value setting is 0x2005. I now recall, I think this needs to be 0x0000 and I bet whoever starts this adds those keywords in the fly by the equivalent of the logman command.

And it might explain my event ID error for a trace session named "" with 0xC000000D (D/13 is supposed to be invalid parameters).

Afterwards, right-clicking and selecting START should fire it up again. But the keyword thing is peculiar as if yours IS 0x0000, restarting it may simply have a CKCL running by not collecting anything (i.e. parms are provided via LOGMAN command internally in Win7).


Attached Images
need someone to look up some system info on your PC-ckclprop.jpg 
My System SpecsSystem Spec
14 Jan 2012   #6
Brink

64-bit Windows 10 Pro
 
 

It would think that you should also have DPS and WdiServiceHost listed in addition like mine above.
need someone to look up some system info on your PC-dps.jpg
need someone to look up some system info on your PC-wdiservicehost.jpg
Inline


Quote   Quote: Originally Posted by JimLewandowski View Post
Go to the original Event Trace Session branch (the ones listed as RUNNING) again and verify that CKCL is physically gone from the list.
Yep, gone afterwards.
Quote:
If so, go to Startup Event Trace Session branch (the ones listed as enabled/disabled), right-click CKCL and select Properties. What do you have in the lower pane by Keywords(Any) (1st row). My value setting is 0x2005. I now recall, I think this needs to be 0x0000 and I bet whoever starts this adds those keywords in the fly by the equivalent of the logman command.

And it might explain my event ID error for a trace session named "" with 0xC000000D (D/13 is supposed to be invalid parameters).
I have 0x0 (Startup Event Trace Session) with the one in Event stopped as above.

need someone to look up some system info on your PC-keywords.jpg

Quote:
Afterwards, right-clicking and selecting START should fire it up again. But the keyword thing is peculiar as if yours IS 0x0000, restarting it may simply have a CKCL running by not collecting anything (i.e. parms are provided via LOGMAN command internally in Win7).
Fired back up.


My System SpecsSystem Spec
14 Jan 2012   #7
JimLewandowski

 
 

I definitely did not delete anything and now thinking back, I would have recognized those "never before seen by me" SIDs/users.

I think the 0x2005 is what's upsetting the restart.

logman is a very, very bizarre interface. If you start CKCL from the command line, it seems to do buffered trace PLUS write to a file even though CKCL is buffered only. And the kicker is the file it writes to is in whatever directory you were in when you issued logman. As I mentioned, with standard security settings, I couldn't read the CKCL.etl file via tracerpt.

I struggled with understanding all this as so much is inconsistent. For example, if you start CKCL with no parms via logman, it will start but will not trace anything honoring the 0x0 keyword setting. But, even if you have those bits set, logman will start CKCL with 0x0 but the right-click GUI start WILL honor the keywords.

Set to 0x00 and will see on next reboot. Thanks.
My System SpecsSystem Spec
15 Jan 2012   #8
JimLewandowski

 
 

No go. Still won't start at bootup/logon. Weird.
My System SpecsSystem Spec
15 Jan 2012   #9
JimLewandowski

 
 

Anyone have any ideas on how to get this trace working?
My System SpecsSystem Spec
15 Jan 2012   #10
Brink

64-bit Windows 10 Pro
 
 

Jim,

Do you have a restore point available dated before you made changes to the CKCL that you could use?
My System SpecsSystem Spec
Reply

 need someone to look up some system info on your PC




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
System Info - See Your System Specs
How to See Your System Specs with "System Info" System Info is free Seven Forums program that CyberZeus has kindly made for us. It let's you easily see all of your system information, and has an option to make filling out your system specs here at Seven Forums easier to do. Here's...
Tutorials
Incorrect System Info
Hi everyone, My pc motherboard is ASUS brand but the computer detect the wrong information. Anyone know how to solve the problem? And is this a small problem or a big problem? Thanks.
Hardware & Devices
Processor info is showing wrongly in system info after changing MB
Yesterday I bought a new mother board for my PC my Processor model is AMD Athlon II X3 440 Triple Core Processor, but after changing Mother Board in system information it's showing my Processor as AMD Phenom II 4 B40 four core processor. I don't know why it is showing like this. Is this dangerous...
Hardware & Devices
1/2 the ram showing up in system info
Mobo asus f1a75, cpu amd a8-3850, ram g-skill 2 x 4 gig ...2 sticks each, total 8 gig. Brand new build, freshly installed W7HP. Went into system display to ck the amount of ram showing, and shows total 4. Sticks inserted in blue slots, as suggested by manual of asus mobo. Why is it not showing 8 G?
Hardware & Devices
External USB HHD's show up as containing system info.
I use Folder Lock (great program) for data encryption and locking folders. I have two external USB HHDs I use for backing up. When I was running Vista the two USB drives would lock just fine. They will not lock w/Win 7. I get a msg saying they contain system information and will not...
Hardware & Devices
System info: other os unknown
More of a curiosity than a problem. Both in 7 and Vista under system info it says other operating system unknown. I was wondering with a duel boot set up is this line for displaying the alternate os? And if so does anyone show anything other than not available?
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:29.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App