# Circular Kernel Context Logger (oxc0000188)



## Crossy (May 12, 2008)

Hi All,

Since the 8th December I've been getting one of these events at each startup (please see attached). I've Googled myself to a standstill, tried SFC, Checkdisc, changed registry entries and the Performance Monitor settings all to no avail.

It seems the log is filling up, so logically a larger log file size should fix it, right? Apparently setting the parameter to 0 means unlimited file size, but the error persists, I don't see how you can fill a log file with unlimited file size.

The system seems to be working OK, and I do have a vague recollection of having this error before.

Any suggestions would be appreciated.

Rob.


----------



## jenae (Jun 17, 2008)

Hi, merry Christmas to you. As you say this error is not causing any problems, I tend to ignore them unless they are causing problems, if you want to investigate further, thats OK.

Open a cmd prompt as admin press win + x and select command prompt(admin). Copy paste: (in red)

reg query "HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger" > 0 & notepad 0 Press enter.

Please post the notepad outcome here.

You mention performance monitor, I take it this was under administrative tools/ computer management/ performance/data collection sets/ event trace session.... highlight "circular kernel context logger"and right click select properties, under "trace session" you can uncheck enabled, this will stop your error , however it will also not log anything to a dump file regarding an error (blue screen) caused by this... very unlikely, however you should be aware of what unchecking enabled means. Enabled may also be grayed out.

Alternatively the problem may be:- under properties select "file" and under "log mode" uncheck "circular" (requires a non zero max file size) if checked.

Might be best to wait till we see your registry before doing anything just check what is there.


----------



## Crossy (May 12, 2008)

And a Merry Christmas to you as well.

I'm away from home for a few days, I'll post with the Registry info when I get back.

Rob.


----------



## Crossy (May 12, 2008)

Home now, here is the info you asked for.


----------



## jenae (Jun 17, 2008)

Hi, can you have a look at computer management (post #2) and see what you have. You mention registry changes, could you detail these (and importantly where you got the advice to change them). You have one odd entry in the reg entry I requested, a REG_BINARY hex value has been changed to a 32bit REG_DWORD.


----------



## Crossy (May 12, 2008)

The change was to the max file size.
It was 0, 20,40,128,256,300 and all with no effect. The 0 value was used because I was told 0 equalled unlimited file size.


----------



## jenae (Jun 17, 2008)

Hi, well 0 is the default, so if yours was different someone or something has been playing in your registry.The "EnableKernelFlags" is a hex value yours is DWord. Check that the settings are correct in computer management (do not touch enabled) just make sure circular is unchecked under "file" log mode.

Run the attached .zip file it returns a .reg file (trace.reg) double click on this and agree to add to registry, this returns to defaults, so is safe.Restart (not shutdown) computer.

View attachment trace.zip


----------



## Crossy (May 12, 2008)

Hi,

Hope you had a good Christmas, thanks for your help with this one.

I have made changes to the max file size figure. It was 0 (which I read somewhere means file size unlimited but that seems unlikely) and I have tried 24, 40, 128, 256 and 300 all with no improvement.

Attached are 2 screenshots of the registry key. 0xc00188a is before I ran your file and 0xc00188b is immediately after. The difference is clear, but I hadn't changed that value.

I will now try the restart you suggested.

Rob.


----------



## Crossy (May 12, 2008)

Following the restart there was another entry in the Event Viewer just as before.

Rob.


----------



## jenae (Jun 17, 2008)

Hi, what did you find in computer management, and the difference in your new registry and the old can not happen by accident, some other issue could be at play a binary value suddenly cannot become a dword value.


Many machines report errors, (including this one) we tend only to worry about those that cause problems, I can not offer you much more on this subject. Perhaps an issue caused by a previous version of an Anti Virus program?


----------



## Crossy (May 12, 2008)

Sorry, computer management items were as your advice.
Don't know how that value was altered, certainly not by me.
I've only ever had Trend Micro as anti virus.

Looks like I'll just have to live with it. Does your system have this issue?


----------

