SA collector service is restarting every 5 minutes.  The logs show the following:

08:56:07 Severity 1 - SACollector starting up
08:56:07 Severity 2 - Precision timer frequency is 1,402,617,248 ticks per second
08:56:52 Severity 2 - b_test failure at saPacketCapture.cpp 3172 -  - 122 The data area passed to a system call is too small.

Wireshark was installed earlier and uninstalling wireshark does not resolve the issue.

imagepath key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF has been changed by Wireshark.  

Release : 11.1

Wireshark was installed earlier and it corrupted registry. Even uninstalling wireshark did not revert the setting. 

The imagepath key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF was changed by Wireshark.  

The value for this key on working servers is: 

\??\C:\Windows\SysWOW64\drivers\nqpktcap41.sys

Setting this value on the non-working server resolves the issue.