Category Archives: Troubleshooting

Strange Sabrent Rocket Adventures

Last Friday, I blogged about swapping out my review unit Lenovo Thinkpad X1 Nano SSD. I purchased a US$150 Sabrent Rocket Nano (Model SB-1342 1 TB). It replaced a Samsung OEM 512 GB SSD (NVMe PCIe 3.0 x4). Check the Friday post for details on performance, installation and so forth. Today, I’m writing about the strange Sabrent Rocket adventures I’ve had since taking that device out of the laptop. Frankly, it’s a continuing and wild ride.

Strange Sabrent Rocket Adventures: Drive MIA

First, I used Macrium Reflect to clone the original Samsung drive. Then, I made the swap, ran some tests and replaced the Sabrent with the original SSD. Things got intersting after I plugged the drive back into the Sabrent NVMe drive enclosure (EC-NVME). The drive was MIA: it showed up as 0 bytes in size and generated a “fatal device error” if I tried to access it. Ouch! I immediately reached out to vendor tech support.

Sabrent Tech Support quickly coughed up a link to a terrific tool, though. The name of the tool is lowvel.exe, and it performs a complete low-level format of the drive, zero-filling all locations as it goes. That turned out to be just what I needed and put the Rocket Nano back into shape where DiskMgmt.msc could manipulate it once again.

Then, I initialized the drive as GPT, and set it up as one large NTFS volume. For the next 12-14 hours, I was convinced this was a final fix. But my troubles are not yet over, it seems.

More Strange Rocket Adventures

The next morning, having left the device plugged in overnight, I sat down at my desk to see it blinking continuously. When I tried to access the device, it was inaccessible. It’s not throwing hardware errors to Reliability Monitor, but I have to unplug the device and plug it back in, to restore it to working order. Something is still weird. Temps seem normal and the Sabrent Rocket Control Panel utility (shown in this story’s lead-in graphic) gives the device a clean bill of health.

I’ve got an intermittent failure of some kind. I need more data to figure this one out. I’m leaving the Control Panel running on the test laptop where the Rocket Nano is plugged in. We’ll see if I can suss this one out further. It’s not inconceivable I’ll be going back to Sabrent Tech Support and asking for a replacement — but only if I can prove and show something definite and tangible. Sigh.

Info Added March 25: All Is Quiet

Who’d have thought a Sabrent NVMe enclosure and a Sabrent NVMe drive might be ill-fitted together? Apparently, that’s what ended up causing my intermittent failures. On a whim, I bought the cheapest NVMe enclosure I could find — a US$26 FIDECO USB 3.1 Gen 2 device — into which I inserted the Sabrent Nano SSD. It’s now run without issue, pause, hitch, or glitch for a week. I did not insert the device pad that normally sits between the case and the device (already present in the Sabrent enclosure). I’m inclined to blame some kind of heat buildup or connectivity issue resulting from an overly tight fit in the Sabrent enclosure, which I may have avoided in its FIDECO replacement. At any rate, it’s working fine right now. Case closed, I hope!


Swapping X1 Nano NVMe Drives

OK, then. I went and sprung US$150 for a Sabrent 1TB M.2 2242 NVMe drive at Amazon. It is depicted in the lead-in graphic above. The high-level sequence of events is as follows. Ordered on Wednesday, received and experimented on Thursday, reported on Friday (today). Alas, I seem to have hosed the drive and have started RMA negotiations with Sabrent. Along the way, I learned most of what’s involved in swapping X1 Nano NVMe drives.

Be Careful When Swapping X1 Nano NVMe Drives

As is almost always the case, there’s a YouTube video for that. It showed me everything I needed to do. Disassembly/reassembly were easy and straightforward. I had no mechanical difficulties. But once again, my US$7 investment in a laptop screws collection saved my butt. I mislaid one of the two NVMe holder screws (found it later during  cleanup). I lost one of the 6 battery restraint screws (fell on the floor into neutral brown carpet). Both were easily replaced from the collection.

Cloning Works, But Proves Mistaken

For whatever odd reason, the Sabrent drive shows up pre-formatted. The disk layout is MBR and the primary partition is ExFAT. Both of those got in my way as I cloned the original drive to the replacement. First, I had to clean the drive, convert to GPT, then format it as a single NTFS volume. Then, I used Macrium Reflect to clone the contents of the Samsung OEM drive to the Sabrent. Along the way Reflect told me it had turned off BitLocker and that I would need to re-enable it after boot.

Replacing the Samsung with the Sabrent, I went into BIOS and turned secure boot off instead. This let the X1 Nano boot from the cloned drive just fine. I was able to run CrystalDiskMark to compare their performance. Here’s what that looks like:

Swapping X1 Nano NVMe Drives.side-by-side

Samsung OEM results left; Sabrent results right. Best improvement where it counts most!
[Click image for full-sized view.]

What do these results show? Indeed, the Sabrent is faster on all measurements, and more so on the most important random 4K reads and writes (lower two rows). It’s not a night-and-day difference, but IMO the added capacity and increased speed justify the expense involved. It’s a good upgrade for the X1 Nano at a far lower price than Lenovo charges. Also, performance is somewhat better than what their OEM stock delivers.

Here’s a summary of performance row-by-row (count 1-4 from top to bottom):
1. Read speeds increase by <1%; write speeds by >28%
2. Read speeds increase by >7%; write speeds by >36%
3. Read speeds increase by  >52%; write speeds by >21%
4. Read speeds increase by >14%; write speeds by >51%

Where Did I Go Wrong?

Cloning was a mistake. I saw it in the disk layout, which showed over 400 GB of unallocated space. Better to have done a bare-metal backup using Reflect with their Rescue Media. Next time I’m in this situation, that’s what I’ll do.

Something untoward also happened when uninstalling the Sabrent drive. When I stuck it back in my M.2 Sabrent caddy (which fortunately handles 2242 as well as other common M.2 form factors), it came up with a fatal hardware error. None of my tools, including diskpart, diskmgmt.msc, MiniTool Partition Wizard, or the Sabrent utilities could restore it to working order. I suspect that removing the battery, even though the power was off on the laptop, spiked the drive with a power surge. It’s currently non-functional, so I hope my warranty covers this and I’ll get a replacement. If not, it will prove a more expensive lesson than I’d planned, but still a valuable one.


Might Wonky WU Presage Hardware Obsolescence

OK, then. Here’s an interesting story. After updating my 2012 vintage Lenovo X220 Tablet to Build 21327.1010 the Windows Update (WU) UI starting misbehaving. I’ve reported it to the Feedback Hub, with a screen recording to show what happens. This experience has me asking myself: might wonky WU presage hardware obsolescence?

Why Might Wonky WU Presage Hardware Obsolescence?

Built in 2012 and purchased in 2013 for a book on Windows 8, this system runs a Sandy Bridge CPU. It’s so old, it doesn’t support USB 3.0 natively (though I do have a plug-in Express Card that adds such capability). Simply put, the whole situation has me wondering if this old laptop is finally aging out of usefulness. I retired the companion system — a same vintage, same CPU T420 laptop — late last year because it was flaking out too often for everyday testing. Until this happened, the X220 Tablet remained a paragon of Windows support.

Here’s a short video (24 seconds) that shows very little, but enough for me to describe what’s wonky.

Normally, when you click the “Check for updates” button, the display changes to “Checking for updates” while the activity balls flow from left to right (and repeat until the check is complete). Next, if updates are available, the display reads “Updates available” while it installs them. When it’s done the display changes to “You’re up to date” with a timestamp to match. That final status info serves as the lead-in graphic for this story, in fact.

What Did Wonky WU Do Instead?

As you can see by playing the video, none of those display changes occur. I know the update is working because it grabbed and installed a Defender update when I tried it for the first time and that update shows under “Definition Updates” in Update History. That said, the usual animations (or status changes) that show WU is working are invisible on this PC. All that stuff works fine on my 2018 vintage Lenovo ThinkPad X380 Yoga (which has a Kaby Lake/7th Gen CPU).

Having reported the issue to MS via Feedback Hub, all I can do now is wait to see if it gets fixed. If it becomes a “new normal,” I may need to start retirement planning for my hitherto unflappable and unshakeable X220 Tablet. Sigh. That’s the way things go sometimes, here in Windows-World.

Note Added March 11, 2021

With the upgrade to Dev Channel Build 21332.1000, WU returned to “normal behavior.” But I did have to return to Advanced Sharing Settings/All Networks in the Network and Sharing Center. There, I had to turn off password protected sharing and turn on Public folder sharing. After a reboot,  RDP into the X220 Tablet worked again. This has been an on-again/off-again issue on this laptop for years. (A) it’s easily fixed locally, and (B) it seems to be a low-priority item for MS.

Finalley here’s a shout-out to Eddie Leonard (@DJ+EddieL). He told me the WU item was a known problem and would be fixed with the next build. He was spot-on, and I’m grateful.


Multiple Methods Clear Defender Threat History

First, an admission. I do occasionally use the CCleaner and the MiniTool Partition Wizard (MTPW) installers. Yes, I know they include “bundleware” elements that Defender flags as “potentially unwanted programs” (PUPs). In fact, until you clear the threat history and exclude that history from future scans, Defender keeps reporting them ad infinitum. Sigh. As I worked my way through a article yesterday on my Lenovo X390 Yoga I learned multiple methods clear Defender threat history. In fact, when none of the article’s methods worked for me, a spin on one of them did the trick.

[Note] The lead-in graphic for this story shows a Defender warning for a “potentially unwanted application” (PUA) from another bundleware instance. That one comes from the Unlocker program (it’s always been a little dicey, which is why I provide a MajorGeeks download link). Use at your own risk.

Enumerating Multiple Methods Clear Defender Threat History

The article is entitled “Windows Defender identifies the same threat repeatedly — how to fix?” It works readers through three separate methods:

  1. Delete the Service folder within the following Windows folder:
    C:\ProgramData\Microsoft\Windows Defender\Scans\History. This is where Defender keeps its logs and threat history info. There’s an alternate method based on Event Viewer described in the article as well to clear the history log.
  2. Prevent Defender from scanning the history file. This occurs in Manage Settings inside Virus & Threat Protection in Defender, under the Exclusions heading. By excluding the preceding folder specification, you stop Defender from repeating warnings based on its own history files.
  3. Clear Browser Caches: YMMV on this one, depending on the browsers you use. I’ll let you puzzle these efforts out for yourselves, from the help systems built into each browser.

As I said, none of the methods worked for me. What did work, was a variation on Item number 1 above. I was unable to delete the Service folder. It came back as “locked by Windows Defender.” What I was able to do, however, was to navigate within the Service folder and edit the history.log file using NotePad++ to delete its contents. I also found a series of two-digit-numbered folders with various history files inside (named 01, 02 and so forth) that I was able to delete (and did so).

After that maneuver, the annoying multiple repetitions of PUP warnings for the CCleaner (version 5.77) and MTPW (version 12.03) installers disappeared. I used Everything to check my systems and make sure the offending files were no longer present, too. It’s only the installers that include bundleware. Once deleted and flushed, they no longer pose any threat.

Concluding Unscientific Rantlet

It’s weird that Defender triggers PUA/PUP warnings from the contents of its own history file. Even when the files that legitimately trigger an alert on a Windows 10 PC are no longer present, the same alerts still trigger — repeatedly! My plea to the Defender development team is that they automatically exclude the history file from scans by default so as to further insulate users from this small but vexing gotcha.


Fixing Non-responsive Taskbar Icons

Last December, I wrote an article here that described an easy fix for an unresponsive Start Menu. The trick on my affected PCs was to go into Task Manager, right-click Windows Explorer, and select “Restart.” Over the past week the same thing is affecting Task Bar icons for open and pinned applications. It came in the wake of the occasionally wonky preview version of the upcoming March CU. That is, I’m inclined to name KB4601382 as an “update of interest” in this case. Fortunately, the same fix works.

Fixing Non-responsive Taskbar Icons

How can you tell when this problem manifests? Easy! You click on an icon in the taskbar and nothing happens. I show a portion of my taskbar icons in the lead-in graphic, by way of illustration.

I actually show the taskbar at the foot of both of my monitors. Sometimes, when one quits working, the other keeps going. Then I click that one instead. If neither works, the fix goes in. I’ve never had it fail.

As with my earlier report of Start Menu issues, I’m inclined to see some interaction between Stardock Software’s Start10 and the Explorer-based start menu and associated UI elements. Those include the taskbar icons and the notification area as well. Something wonky is happening, but is also easily fixed. I’ve reported this to Stardock and MS and am hopeful that, as before, a fix trickles into one or the other of those environments.

Seems Like a Limited Issue

I don’t see other reports of this phenomenon in the Start10 forums at Stardock. There’s plenty of discussion on the general phenomenon (Google search: “taskbar icons nonresponsive”). But all are unanimous in what to do: Restart Windows Explorer. Not much other cussin’ and discussin’ involved. Nice to know I’ve got the right fix, even if I don’t know the cause unequivocally and unambiguously. Sigh.


KB4577586 Flash Killer Download Available

For those Windows 10 users with Adobe Flash still installed, the Microsoft Update Catalog has the KB457786 Flash Killer download available. If this means you, click the preceding link. Next, pick the version that matches your current Windows install. Then, click its Download button for the corresponding Microsoft Standalone Updater (MSU) file. The individual download window for the x64 version appears in this story’s lead graphic.

Note: For whatever odd reason, I had to right-click the download link in the window shown above. Upon selecting the file link near the bottom of that window, I had to right-click and select “Open link in new window” to actually get the file to download. YMMV.

If KB4577586 Flash Killer Download Available, Then What?

Once downloaded to your PC, run the MSU file that you just grabbed. The Windows Update Standalone Installer will ask you if you want to install the KB4577586 update. Click the “Yes” button to proceed.

Next you’ll see an “… updates are being installed” window appear, with progress bar. It took about 15 seconds to install on my i7 Skylake (i7-6700, 32GB RAM, 512 GB Samsung 950 SSD) PC.

If Install Fails, No Worries

I already knew that the Flash Player was gone, gone, gone from this PC. And sure enough, a peek into Update History under the Other Updates heading shows the following info:

A quick search on the 0x8024001e error string shows the most likely cause — in this case, for sure — is a missing DLL file associated with the Adobe Flash Player. Why is it missing? Because it’s already been uninstalled on this PC. Thus, there’s no cause for concern about this error. In fact, even if you don’t need this update it’s safe to run it anyway.

Those who already know Adobe Flash Player is absent on their PCs need not download or run this update. But if you’re not sure, it’s OK to do so just to make sure it’s gone. Your call!

Le roi est mort, vive le roi!

The foregoing phrase translates as “The king is dead, long live the king!” Seems like an appropriate epithet for Adobe Flash Player which has been around since FutureWave SmartSketch made its debut in 1993. Acquired by Macromedia in 1996, in turn by Adobe in 2005, Flash has been around since the earliest days of the WWW.

Now, of course, more modern technologies built into HTML 5 have made Flash obsolete. It’s now passed its End-of-Life date as of 12/31/2020. As of February 2021, all major browsers now block Flash and have no player capability. It really is over. Amazing! Many thought it would never die, and few are sorry to see it go…




Mild Microsoft Update Health Tools Mystery

An interesting item is bubbling up in user forums  lately. Lots of Windows 10 PCs — including some of mine — have seen a new-ish, intriguingly named application show up. This story’s lead-in graphic shows it in second place. In fact, I’d say we’re facing a mild Microsoft Update Health Tools mystery. Typical questions include “What is it for?” and “When is it used?”

Cracking a Mild Microsoft Update Health Tools Mystery

A Microsoft Docs “Questions” item links the utility with update KB4023057 .  A corresponding support page mentions all Windows 10 versions, including 20H2. (It’s dated October 2020.) I’ve seen posts at as far back as August 2020. It, too, references that same KB article.

That article says the update delivers “reliability improvements to Windows Update Service components.” It also says it:

includes files and resources that address issues that affect update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

Some Interesting Notes about KB4023057

There are 5 bulleted items (and a sub-note) the Support Note. All make fascinating reading. I reproduce them verbatim. (For brevity, I prune “This update may” or “This update will” ):

  • …  request your device to stay awake longer to enable installation of updates.

    Note The installation will respect any user-configured sleep configurations and also your “active hours” when you use your device the most.

  • … try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
  • … repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows 10.
  • … compress files in your user profile directory to help free up enough disk space to install important updates.
  • … reset the Windows Update database to repair the problems that could prevent updates from installing successfully. Therefore, you may see that your Windows Update history was cleared.

Invitation to Conspiracy Thinking?

Go back, and read the forum traffic. Or, search Google for “Microsoft Update Health Utility.” Sadly, it reveals suspicion among community members. Indeed, some fear it helps MS forcibly update older Windows installs. In fact, MS does this already. Others don’t trust MS update orchestration. They’d rather control updates themselves. Still others worry about unwanted side effects or unusable PCs after forced updates.

Gosh! While these things are possible, I see nothing untoward at work here . Instead, I see MS staging repair tools in advance for update issues on Windows 10 PCs should they manifest. Aside from lacking user controls, I see them no differently than built-in update troubleshooters. In fact, I’m a devoted user of Shawn Brink’s Reset Windows Update tutorial and its accompanying batch file. It’s gotten me past 95% of all WU problems I’ve seen. That’s why I’ll gladly keep using it.

No Cause for Alarm

As far as I can tell, there’s not much to see here. Admittedly, Update Health Tools is a small surprise. But its Support Note offers good explanations. Thus, I’m OK with this tool. Nor should you worry, either. Rather, it looks like good software engineering.

Better yet, the Update Health Tools can handle update issues on their own, sans user input or guidance. That sounds like a blessing, even if in disguise. And FWIW, it’s missing  from Insider Preview releases. That tells me it aims squarely at production PCs outside IT umbrellas. That means mostly home and small business users. Thus, it should benefit those who need it most.

I’m coming out in favor of the Update Health Tools. I hope we’ll learn more about them from Microsoft soon. In the meantime, if you don’t like the tool, you can choose to uninstall it. I’m leaving it alone myself. If I’m right about it, it may come in handy someday.


Post Dev Channel Upgrade Drill

As somebody who’s been in the Insider Program for Windows 10 since October, 2014, I’ve been through hundreds of Insider Preview installations and upgrades. That means I have a pretty well-defined drill through which I take my test PCs once an upgrade is in place. In today’s item, I’ll take you through my Post Dev Channel Upgrade drill as an illustration. That’s because I just finished upgrading to Build 21318.1000, released Friday February 19.

High-level View: Post Dev Channel Upgrade Drill

Viewed at a high level, those post Dev Channel upgrade steps might be described as follows:

    1. Check the environment, restore tweaks, make repairs
    2. Clean up post-upgrade leftovers, esp. Windows.old
    3. Perform other routine cleanups
    4. Check for and install software updates (non-Windows)
    5. Use Macrium Reflect to make a pristine image backup

In general, the idea is to make sure things are working, clean up anything left behind, catch apps and applications up with Windows, and make a snapshot to restore as this release baseline, if needed.

Step 1: Check & Restore or Repair Anything Out of Whack

YMMV tremendously during this activity. After many upgrades, I’ve jumped into File Explorer Options (Control Panel) to make file extensions visible again, show hidden files, and so forth. MS is doing a better job with this lately, and I don’t usually have to do this with Insider Preview upgrades (though it does still happen for standard feature upgrades).

For a long, long time I had to go into Advanced File Sharing to loosen “Guest or Public” and “All Network” network profiles on the Lenovo X220 Tablet to get RDP to work. Because I use RDP from my production desktop to access and work on my arsenal of test PCs, this is pretty important — to me, anyway. The last few Dev Channel releases have NOT had this problem, I’m happy to say.

I run Helmut Buhler’s excellent 8 Gadget Pack on my Windows 10 PCs. That’s because its CPU Usage and Network Meter gadgets provide helpful dashboards. The former is good for CPU and memory usage and system temps; the latter is great at showing network activity and base addressing info. Very handy. But each time an upgrade is installed, Windows 10 boots it off the desktop. Buhler has written a handy “Repair” utility that I run after each upgrade to put everything back the way it was.

Step 2: Clean up post-upgrade leftovers

You can use the built-in Disk Cleanup utility, run as admin, to take care of most of this. I personally prefer Albacore/TheBookIsClosed’s Managed Disk Cleanup (available free from GitHub). Why? Because he tweaked the UI so you can see all active controls in a single display window, and select all the stuff you want gone in a single pass. Here’s what that looks like to make it visually obvious why I prefer this tool:

Post Dev Channel Upgrade Drill.mdiskclean.exe

Notice you can see ALL options eligible for selective clean-up in a single display area in Managed Disk Cleanup. I like it!

Step 3: Perform other routine cleanups

I still use Josh Cell’s Uncleaner utility to clean up temp files and other leftovers after an upgrade. If I’m feeling ambitious I’ll run the DriverStore Explorer (RAPR.exe) to identify and remove duplicate device drivers, too. Once upon a time I would run Piriform’s CCleaner as well, but I’m less than happy with that software now that the maker has started including bundleware in the installer. I haven’t found another tool I like as much as the old version.

Step 4: Update Third-Party Software

You can use a tool like KC Softwares SuMO or Patch My PC Updater to suss out most of the items in need of update on Windows PCs. SuMO is a little better at its job but costs about US$35 for the PRO version (does automatic updates for most programs, but sometimes vexing to use). PMP Updater is free, fast, and entirely automatic but doesn’t update everything. Sigh. I use PMP Update on my test machines, and SuMO PRO on my production PC myself. I’m doing this on the theory that it’s best to have everything updated before making a pristine image backup, as I do in the next step.

Step 5: Make a Pristine Backup

With everything upgraded and updated, and all the dross cleaned up, it’s the perfect time to make a fresh image backup. I like Macrium Reflect, mostly because it’s faster and more reliable than the built-in Windows 7 Backup and Restore utility (which MS itself has recommended against since 2016). And indeed, it’s faster at backing up and restoring than most other utilities I’ve used, and also includes a bootable rescue flash drive utility you can use for bare metal and “dead boot/system” drive repair/restore scenarios.

Please note: Macrium Reflect is MUCH faster than using the rollback utility to return to a lower-level OS image from a higher-level one. That’s why I feel safe getting rid of the Windows.old folder as part of my cleanup efforts. I know I’m not going to use those files anyway…

OK then, that’s my drill. I’m sticking to it. Hopefully, you’ll find something in there to like for yourself. Cheers!


Samsung Network Printer Goes Missing

OK, I admit it. I hadn’t set up DHCP reservations on my LAN. I could try to blame the Spectrum-supplied router that provides DHCP, but it’s really my fault. Thus, when I saw my Samsung ML-2581ND laser printer was offline yesterday morning, I immediately knew what was up. Generally, when the Samsung Network Printer goes missing on my LAN it’s because DHCP has assigned it a different IP address.

Look at the lead-in graphic for this story. There you’ll see that the device (Samsung ML-2850) is associated to Private IP It had previously been …127. And as soon as I changed that address selection on the Ports tab of Printer Properties, it started working again. So how did I figure out which port it had actually been assigned?

When Samsung Network Printer Goes Missing, Then What?

That’s when I call on one of Nir Sofer’s handy network utilities — namely NetBScanner. It quickly scans the local cable segment on its address range. In fact, the program is smart enough to figure that out on its own, after which it supplies a short list of all occupied addresses in that range. Here’s what I saw when I scanned my local wired Ethernet:

Samsung Network Printer Goes Missing.NetBscan-results

Notice the entry for …126 which also shows the device name SAMSUNGNWP. That’s what I want!

It turns out I already had defined this address in the Ports tab, so all I had to do was switch the device from the now-incorrect …127 entry to the current …126 entry and it was done. That meant unchecking the box next to the former, and checking the box next to the latter. Dead simple, quick and easy to fix. As long as you know how, that is…

The Right Fix is a DHCP Reservation

DHCP lets admins make static address assignments from the IP address pool it manages. That way, devices like servers and printers can keep the same address forever, and DHCP won’t move those assignments around, as it otherwise might. That shows up under the Advanced and DHCP tabs on my Askey RAC2V1K boundary device. I reserved the …126 address for the Samsung ML-2850 and also the …15 address for my Dell Color Laser CB745E. The latter is shown here:

Samsung Network Printer Goes Missing.DellCPres

By supplying the MAC address and the desired (reserved) IP address, you tell DHCP “hands off” for future assignments.
[Click image for full-sized view.]

So now, I’ve done what I should have done long ago, thanks to sharing my (prior) shame with you, dear readers. Live and learn!


SetupDiag.exe Unveils Upgrade Gotchas

If you read this blog, you already know I finally got my Lenovo X380 Yoga upgraded to 21313 earlier this week. I’d been fighting a bugcheck error for the two prior Dev Channel upgrades before that. Along the way, I found myself  looking for diagnositic info about the failed upgrade.  A Microsoft tool SetupDiag.exe unveils upgrade gotchas, so I started using it. With this post, I want to shed more light on this nice little tool, based on recent experience.

How SetupDiag.exe Unveils Upgrade Gotchas

The program is a log analysis tool that focuses on Windows Setup log files. As the MS Docs page for SetupDiag says:

It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode.

That latter offline capability is nice, because it means you can boot an otherwise unbootable machine using rescue media. Once booted, you can then suck the files you need from the problem PC and analyze them on a working machine instead.

Note 1: consider bookmarking the already-quoted MS Docs page. It includes an always-current download link to the latest SetupDiag.exe version. (V160 is current as of Feb 17, 2021 only.)

Note 2: SetupDiag.exe requires .NET Framework 4.6 (or newer). See this WindowsCentral story for multiple .NETversion check methods  in PowerShell (3) or Cmd.exe (1).

Working with SetupDiag.exe

Starting with Windows 10 2004, SetupDiag.exe is included with Windows Setup on Windows 10 ISOs and other install images. Paraphrasing the MS Docs item, it says:

During the upgrade process, Windows Setup extracts its sources files to a directory named %SystemDrive%$Windows.~bt\Sources . With Windows 10, version 2004 and later, setupdiag.exe is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.

Thus, so long as you don’t clean up after an attempted upgrade, you’ll find SetupDiag.exe in the afore-cited directory. Grab a copy and put it somewhere else, if you’d like.

Simply search your PC for SetupDiag.exe. Once found, you can run the program from Explorer, in PowerShell, at the Command Prompt, or via the run command.

Reading the Results

SetupDiag.exe writes its results in a file named SetupDiagResults.log. By default, it appeared in my download folder
I found it easily, because I use Voidtools Everything to locate files on my behalf. It’s how I got the details on my bugcheck error code. It reads 0X0000000A therein, but may appear as 0XA in discussions online. When I got the GSOD the error identified itself in the report window as IRQ_NOT_LESS_OR_EQUAL…

The lead-in graphic for this story shows the log file. The area of interest starts mid-way down in a line that reads: “Found crash information in rollback log.” That’s where the bugcheck code appears. Also, “nt” appears as the responsible driver. This, alas, is a built-in OS driver. Mere users cannot uninstall or update it. (That’s a Microsoft internal thing dontcha know?) It’s what convinced me that waiting for an upgrade from MS was the ultimate (and only) fix avaialble.