xperf: error: NT Kernel Logger: Cannot create a file when that file already exists

My % Interrupt Time on one of my servers was exceeding 10%, yielding a SCOM alert. I went to dive in deeper and discovered it is a driver or hardware issue. To determine what driver might be causing the large amounts of interrupts I had to result to a tool called xperf, which is apart of the Windows Performance Toolkit. I ran into an issue where I could not run a kernel trace and this is what I have discovered…

Sponsors, article continues below...

This issue can occur on Windows 2008 since the NT Kernel Logger trace is already running in Performance and Reliability monitor.

C:\Program Files\Microsoft Windows Performance Toolkit>xperf.exe -on DiagEasy
xperf: error: NT Kernel Logger: Cannot create a file when that file already exis
ts. (0xb7).

The problem is you cannot stop the NT Kernel Logger trace when the Trace Session->Stream mode is set to Real Time in the NT Kernel Logger Event Trace Sessions’ properties. Switch it to File and then you will be able to stop it. You can then utilize xperf to run kernel traces. Be sure to switch it back to the way it was when you are done!

A great blog post I came across that goes into more detail is located here: http://greatit.wordpress.com/2009/08/17/high-interrupt-cpu-time-troubleshooting-with-xperf/

This entry was posted in Microsoft, SCOM.

Leave a Reply