EventLog由事件ID 2内核事件跟踪淹没 [英] EventLog flooded by Event ID 2 Kernel-EventTracing

问题描述

由于服务器也有SQL角色，我出于某种原因从下面链接重定向到这里。如果在错误的论坛上发帖但不知道将此问题与哪个SQL服务器论坛联系起来，我表示道歉。

https://social.technet.microsoft.com /论坛/ windowsserver / en-US / c1d31f52-68e9-4a5e-b501-1cb739958d66 / eventlog-flooded-by-event-id-2-kerneleventtracing？forum = winserver8gen& prof = required

我们的一位客户正在运行安装了SQL Server 2014的Windows Server 2012 R2 Datacenter。服务器是HyperV Guest机器。

此服务器的事件日志被内核 - 事件跟踪消息淹没，每分钟弹出一次并出现错误：

Session""未能启动以下错误：0xC000000D

有关如何排除故障的任何建议？以下是错误消息。

我试图卸载我们的防病毒解决方案但没有效果。 

我检查了启动程序，流程和服务。

我检查过程ID：在下面的日志中：4852，这在每个错误中都是相同的，它指向WmiPrvSE.exe（WMI提供程序主机）。我还检查了事件日志WMI活动的模式，以便与PID 4852相关但无法找到任何相关信息，
所有错误都指向不同的PID：s。

< p style ="border：none; font-family：'Segoe UI'，'Lucida Grande'，Verdana，Arial，Helvetica，sans-serif; outline：0px; padding-right：0px; color：＃2a2a2a; font-size ：14px">

日志名称：  &NBSP; &NBSP; Microsoft-Windows-Kernel-EventTracing / Admin

来源：&NBSP; &NBSP; &NBSP; &NBSP; Microsoft-Windows-Kernel-EventTracing

日期：  ; &NBSP; &NBSP; &NBSP; &NBSP; 2019-02-21 13:42:22

事件ID：  &NBSP; &NBSP; 2

任务类别：会话 < br style ="color：＃2a2a2a; font-family：'Segoe UI'，'Lucida Grande'，Verdana，Arial，Helvetica，sans-serif; font-size：14px">
等级：  &NBSP; &NBSP; &NBSP;  错误

关键字：  &NBSP; &NBSP;会议

用户：  &NBSP; &NBSP; &NBSP; &NBSP; SYSTEM

计算机：  &NBSP;   

描述：

Session""无法启动以下错误：0xC000000D

活动Xml：

< Event xmlns =" http ：//schemas.microsoft.com/win/2004/08/events/event">

  < System>

  &NBSP; < Provider Name =" Microsoft-Windows-Kernel-EventTracing" GUID = QUOT; {B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}"
/>

  &NBSP; < EventID> 2< / EventID>

  ; &NBSP; < Version> 0< / Version>

  ; &NBSP; < Level> 2< / Level>

  ; &NBSP; < Task> 2< / Task>

  ; &NBSP; <操作码> 12< /操作码>

  ; &NBSP; < Keywords> 0x8000000000000010< / Keywords>

  ; &NBSP; < TimeCreated SystemTime =" 2019-02-21T12：42：22.036470300Z" />

  &NBSP; < EventRecordID> 530090< / EventRecordID>

  ; &NBSP; < Correlation />

  &NBSP; < Execution ProcessID =" 4852"线程ID = QUOT; 4668" />

  &NBSP; <频道> Microsoft-Windows-Kernel-EventTracing / Admin< / Channel>

&NBSP; &NBSP; < Computer>< / Computer>

  ; &NBSP; < Security UserID =" S-1-5-18" />

  < / System>

  < EventData>

  &NBSP; < Data Name =" SessionName">

&NBSP; &NBSP; < / Data>

  &NBSP; < Data Name =" FileName">

&NBSP; &NBSP; < / Data>

  &NBSP; < Data Name =" ErrorCode"> 3221225485< / Data>

&NBSP; &NBSP; < Data Name =" LoggingMode"> 276824069< / Data>

&NBSP; < / EventData>

< / Event>

< style type =" text / css"> p.p1 {保证金：5.0px 0.0px 5.0px 0.0px;字体：12.0px'Times New Roman'} span.s1 {text-decoration：underline
;颜色：＃0433ff}< / style>

解决方案

这与SQL Server无关。

参见
https://social.technet.microsoft.com/Forums/windows/en-US/9283441e-d43d-4d75-88bf-7d4e308d084d/session-failed-to-开始跟随错误-0xc000000d？forum = w7itprogeneral 并出现同样的错误。

Hi,

I was for some reason redirected here from below link because the server also has SQL role. My apologies if posting in wrong forum but don't know what SQL server forum to relate this problem to.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/c1d31f52-68e9-4a5e-b501-1cb739958d66/eventlog-flooded-by-event-id-2-kerneleventtracing?forum=winserver8gen&prof=required

One of our customers are running Windows Server 2012 R2 Datacenter with SQL Server 2014 installed on it. The server is a HyperV Guest machine.

The eventlog of this server is flooded by Kernel-Eventtracing messages that pops up once per minute with error:

Session "" failed to start with the following error: 0xC000000D

Any advice on how to troubleshoot this? Below are the error messages in detail.

I've tried to uninstall our antivirus solution but no effect. 

I've checked startup programs, processes and services.

I've checked the process ID: in the log below: 4852, which is the same in every error and it points to WmiPrvSE.exe (WMI Provider Host). I've also checked the eventlog WMI activity for a pattern to relate to PID 4852 but can't find any relevant information, all the errors there point to different PID:s.

Log Name:      Microsoft-Windows-Kernel-EventTracing/Admin
Source:        Microsoft-Windows-Kernel-EventTracing
Date:          2019-02-21 13:42:22
Event ID:      2
Task Category: Session
Level:         Error
Keywords:      Session
User:          SYSTEM
Computer:      
Description:
Session "" failed to start with the following error: 0xC000000D
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>2</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>2</Task>
    <Opcode>12</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2019-02-21T12:42:22.036470300Z" />
    <EventRecordID>530090</EventRecordID>
    <Correlation />
    <Execution ProcessID="4852" ThreadID="4668" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer></Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">
    </Data>
    <Data Name="FileName">
    </Data>
    <Data Name="ErrorCode">3221225485</Data>
    <Data Name="LoggingMode">276824069</Data>
  </EventData>
</Event>

<style type="text/css">p.p1 {margin: 5.0px 0.0px 5.0px 0.0px; font: 12.0px 'Times New Roman'} span.s1 {text-decoration: underline ; color: #0433ff} </style>

解决方案

That's nothing SQL Server related.

See https://social.technet.microsoft.com/Forums/windows/en-US/9283441e-d43d-4d75-88bf-7d4e308d084d/session-failed-to-start-with-the-following-error-0xc000000d?forum=w7itprogeneral with the same error.

这篇关于EventLog由事件ID 2内核事件跟踪淹没的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！