Page 1 of 2 12 LastLast
  1.    4 Weeks Ago #1
    Join Date : Aug 2016
    Posts : 96
    Windows 10 v1703

    Event ID 1 warning & Event ID 2 error


    Hello,
    After Fall Creators update I'm seeing 1 error and 1 warning in the Event Viewer which I'm not able to resolve.

    Event ID 1
    The backing-file for the real-time session "DefenderApiLogger" has reached its maximum size. As a result, new events will not be logged to this session until space becomes available. This error is often caused by starting a trace session in real-time mode without having any real-time consumers.
    Code:
    <System>
    
         <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" /> 
    
        <EventID>1</EventID> 
    
        <Version>0</Version> 
    
        <Level>3</Level> 
    
        <Task>1</Task> 
    
        <Opcode>10</Opcode> 
    
        <Keywords>0x8000000000000010</Keywords> 
    
        <TimeCreated SystemTime="2017-10-19T23:02:23.884086800Z" /> 
    
        <EventRecordID>26</EventRecordID> 
    
        <Correlation />  
    
        <Execution ProcessID="4" ThreadID="136" />  
    
        <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>  
    
        <Computer>PC</Computer> 
    
        <Security UserID="S-1-5-18" /> 
    
       </System>
    
      - <EventData>
    
         <Data Name="SessionName">DefenderApiLogger</Data>  
    
        <Data Name="ErrorCode">3221225864</Data>  
    
        <Data Name="LoggingMode">411042176</Data>  
    
       </EventData>
    Event ID 2
    Session "" failed to start with the following error: 0xC0000022
    Code:
     <System>
    
         <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" /> 
    
        <EventID>2</EventID> 
    
        <Version>0</Version> 
    
        <Level>2</Level> 
    
        <Task>2</Task> 
    
        <Opcode>12</Opcode> 
    
        <Keywords>0x8000000000000010</Keywords> 
    
        <TimeCreated SystemTime="2017-10-19T23:02:24.643823700Z" /> 
    
        <EventRecordID>27</EventRecordID> 
    
        <Correlation />  
    
        <Execution ProcessID="1536" ThreadID="2096" />  
    
        <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>  
    
        <Computer>PC</Computer> 
    
        <Security UserID="S-1-5-20" /> 
    
       </System>
    
      - <EventData>
    
         <Data Name="SessionName"  /> 
    
        <Data Name="FileName"  /> 
    
        <Data Name="ErrorCode">3221225506</Data>  
    
        <Data Name="LoggingMode">293609474</Data>  
    
       </EventData>
    I think it is fixable, but don't know where to start. Does anyone have some idea?
    Thank you in advance.
      My ComputerSystem Spec
  2.    4 Weeks Ago #2
    Join Date : Oct 2015
    Posts : 2,047
    Windows 10 Pro X64

    Hi,

    Are you using TcpView from Sysinternals ? If so, it looks as if it's a bug.
    Further to this look in the registry if you can find this key: Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}"
    and see if the log file size is there and if can increase.
    Alternatively, if you do not need the log file for analysis, it can be found under "Users\Username\Appdata\Temp\*.etl and you can delete it.

    Cheers,
      My ComputersSystem Spec
  3.    4 Weeks Ago #3
    Join Date : Dec 2016
    Posts : 12
    Windows 10 Pro x64

    Hey,

    I'm also getting event id 2 & event id 360. So far I'm guessing you guys haven't figured anything out?
      My ComputerSystem Spec
  4.    4 Weeks Ago #4
    Join Date : Aug 2016
    Posts : 96
    Windows 10 v1703
    Thread Starter

    Quote Originally Posted by fdegrove View Post
    Are you using TcpView from Sysinternals ? If so, it looks as if it's a bug.
    No, I'm not aware of using anything like that.
    Anyway, I have solved Event ID 1 by disabling DefenderApiLogger logging in perfmon, but unfortunately Event ID 2 error is still there and I have no clue what is the root cause.
      My ComputerSystem Spec
  5.    4 Weeks Ago #5
    Join Date : Dec 2016
    Posts : 12
    Windows 10 Pro x64

    You can disable the logging of event id 2 aswell in event viewer. Though it would be really nice to know what is actually causing it.
      My ComputerSystem Spec
  6.    4 Weeks Ago #6
    Join Date : Aug 2016
    Posts : 96
    Windows 10 v1703
    Thread Starter

    Firstly I was trying only to increase the max size for DefenderApiLogger from 100MB to 150MB but it did help only for a while, so I've decided to completely disable logging this stuff, but in the source not in the Event viewer.
    You are right probably I can disable logging of the Event 2, but I would really like to avoid that, since this is not a solution. Moreover I'm not sure if is possible to disable only this particular event or it will affect all Microsoft-Windows-Kernel-EventTracing events.
    There is still a possibilty that it is just a Windows bug which can be solved in the next few cumulative updates.
      My ComputerSystem Spec
  7.    4 Weeks Ago #7
    Join Date : Dec 2016
    Posts : 12
    Windows 10 Pro x64

    Well I was lucky enough to not have event id 1 showing up but as you can see from my first post I have event id 2 and 360. I feel the same about disabling the logging of certain events completely cause something actually important might get logged but don't have your hopes high that ms is gonna fix some of these issues asap.
      My ComputerSystem Spec
  8.    4 Weeks Ago #8
    Join Date : Aug 2016
    Posts : 96
    Windows 10 v1703
    Thread Starter

    I managed to find out which proces/service is the root cause. It is svchost.exe - Delivery Optimization service.
    So, what can be wrong with this ?

    edit:
    okay, one more thing... the service is set to automatic (delayed) start and as far as I can see on my second machine it should be running all the time ?
    On first machine it stopped after a while, so maybe this is the culprit for this error ? But why did it happen and how to fix it ?

    edit:
    ok well, it depends on Windows Update advanced settings obviously, but on both machines the setting is the same, so something is not quite right here...
    anyway I disabled this option in Windows update, now it has manual Startup type and the error is still there, but this time I am not able to trace it down with the Process ID from the Event, so dead end.
    Last edited by eddward; 4 Weeks Ago at 18:03.
      My ComputerSystem Spec
  9.    4 Weeks Ago #9
    Join Date : Feb 2016
    Posts : 45
    Windows 10

    I also got the "Event ID 1" with the same description after the FCU. How did you solve it?
      My ComputerSystem Spec
  10.    4 Weeks Ago #10
    Join Date : Aug 2016
    Posts : 96
    Windows 10 v1703
    Thread Starter

    Well you can try to increase size of the file or disable logging for this.
    Click Start - write perfmon - enter - on the left tree click on Data Collector Sets - Startup Event Trace Sessions - find DefenderApiLogger. Right click and properties. On the Stop Condition tab you have Maximum size, so you can increase it.
    Or on the Trace Session tab you have checkbox Enabled to disable it.
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Event Warning 64
Have a certificate expired or soon to expire and it belongs to google portablewares; I can bring it up in the mmc but when I try to get new key it says enrollment error. Do I need this certificate or just ignore the warning. Is it possible that when...
General Support
W10 Creators update Event viewer error Event ID 360
I have updated Windows 10 Pro to the Creators update. I have had a few event viewer errors which I managed to fix. But I don't know what this one is, I guess everyone is seeing it, does anyone knoe how is it resolved? Thanks. "Windows Hello for...
General Support
Event ID Error Event 137, Kernel-Power
The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance. Just browsing through my Event Viewer trying to knock out and solve any...
Performance & Maintenance
Solved Event Error ID 10016 in Event Viewer...
Windows 10 Home 64 bit ASUS X540LA Notebook What is going on here and what is the best for dealing with this? The AppID seems to be designating RuntimeBroker, but I have done everything so far to correct this error. What am I missing? Log...
Performance & Maintenance
Event ID 5 Kernel-General error in Event Viewer
Welcome, I have a problem. Every day I have this error in event viewer, system log: {Registry Hive Recovered} Registry hive (file):\??\C:\ProgramData\Malwarebytes\Malwarebytes...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:29.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums