locked
Unable to start ETW session Windows10 MAA 1.4 (Build4.08111.0) RRS feed

  • Question

  • I've been using MMA 1.4  for some time, because i wanted to know more about TCP/IP.
    I've been watching the videos of Paul E Long on YouTube.

    But since the latest update (4/oct/16) MMA doesn't work anymore.

    I get this message when i start a Local trace (local network interfaces (Win8,1..)) or Live session.

    ------------------------------------------------------------------------------------------------------------

    Unable to start ETW session: MMA-ETW-Livecapture-dc18e743-d688-4dac-9d66-2e9eea041ad3
    Host
     Name: Localhost

    A capture session exists.
    It must be stopped and deleted before starting a new one,
    e.g., using Powershell cmdlet Get-NetEventSession, Stop-NetEventSession, Remove-NetEventSession.

    ---------------------------------------------------------------------------------------------------------------------

    But when i select a ' loopback' then it starts. I notice that the grid (next to startpage) indicates : 1:Session2:analysis grid.

    Selecting the option 'Add time filter' also stops the program .

    I've  uninstalled the MMA-program and installed it again. But itwon't help.

    I still get messages :


    ---------------------------------------------------------------------------------------------------------------------

    Unable to start ETW session: MMA-ETW-Livecapture-fae91c9a-7201-42e1-b234-2c203b55382b
    Host Name: Localhost
    A capture session exists. It must be stopped and deleted before starting a new one, e.g.,
    using Powershell cmdlet Get-NetEventSession, Stop-NetEventSession, Remove-NetEventSession.

    ---------------------------------------------------------------------------------------------------------------------
    Unable to start ETW session: MMA-ETW-Livecapture-27372c7d-a050-44a4-83d2-5d4f634c341c

    Host Name: Localhost

    A capture session exists. It must be stopped and deleted before starting a new one,
     e.g., using Powershell cmdlet Get-NetEventSession, Stop-NetEventSession, Remove-NetEventSession.

    ---------------------------------------------------------------------------------------------------------------------

    I've found some information on technet  to solve similar problems, but i'm not sure the correct use of the arguments.

    Also running Powershell  : netsh trace start capture=yes, doesn't do the trick.

    ---------------------------------------------------------------------------------------------------------------------

    PS C:\WINDOWS\system32> Get-NetEventSession

    Name               : xxx
    CaptureMode        : SaveToFile
    LocalFilePath      : C:\WINDOWS\system32\config\systemprofile\AppData\Local\NetEventTrace.etl
    MaxFileSize        : 250 MB
    TraceBufferSize    : 64 KB
    MaxNumberOfBuffers : 30
    SessionStatus      : NotRunning

    PS C:\WINDOWS\system32> Stop-NetEventSession xxx
    Stop-NetEventSession : Het aangevraagde object is niet gevonden.
    At line:1 char:1
    + Stop-NetEventSession xxx
    + ~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (MSFT_NetEventSe...5878BDC14A62}"):root/StandardCimv2/MSFT_NetEventSessi
       on) [Stop-NetEventSession], CimException
        + FullyQualifiedErrorId : MI RESULT 6,Stop-NetEventSession

    ---------------------------------------------------------------------------------------------------------------------

    I wonder if the ssuggested are correct, looking at https://technet.microsoft.com/en-us/library/dn268506.aspx

    there are arguments to be added after the commands instead of xxx.

    So stopping messing around  , i hope i get some answer to solve my problem.

    Kind regards,

    Mick610518

    Tuesday, October 11, 2016 7:27 PM

Answers

  • Tried it again with some help  from another question

    Get-NetEventSession xxx

    gives me data of ETL-data

    Use  : "Netsh trace start capture=yes" form and admin CMD or PowerShell prompt, which can be read by Message Analyzer.

    use : Stop-NetEventSession  xxx

    use : Remove-NetEventSession

    Start MMA as administrator : it works again.

    • Marked as answer by Mick610518 Thursday, October 13, 2016 9:22 PM
    Wednesday, October 12, 2016 8:37 PM