On November 10, Microsoft rolled out KB4589212. That support note is entitled “Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2.” It is currently available only from the Microsoft Update Catalog, where a search on KB4589212 provides links to related downloads. As you can see from the following screencap, KB4589212 offers Intel microcode updates as downloads that apply to Windows Server and Windows 10 for X64 and X86 systems, versions 20H2 and 2004.
If you read the note, you’ll see this update applies to all Intel processors back to Ivy Bridge (circa 2011-2012).
[Click image for full-sized view.]
If KB4589212 Offers Intel Microcode Updates, What’s Covered?
In addition to covering most Intel processors still in use back to Ivy Bridge (which is as old as anything I’ve got, from the 2012 mini-ITX box), this microcode update covers 7 different CVE items (3 from 2018, 2 from 2019, 3 from 2020). Here’s that table of items, plucked verbatim from the Microsoft Support note:
I’ve run this on half-a-dozen different 20H2 PCs of all vintages from 2012 to 2019 with no ill effects. This one’s definitely worth downloading and installing sooner, rather than later. That said, note that microcode vulernabilities do require physical access to PCs to foist. Once foisted, though. they’re mostly indetectible and difficult to remove, too. Take no chances: schedule this update for your next maintenance window. You can access the CVE links in the preceding table to learn more about the vulnerabilities involved. In fact, the most recent CVE is fascinating: it decrypts data based on detailed voltage consumption over time simply by carefully monitoring and plotting CPU power usage. Zounds!
Suddenly, the usual login prompt from my Credit Union, where my wife and I both bank, has become inaccessible on my local network. No PC, no browser, no nothing will open the login URL. Errors proliferate like mushrooms after the rain instead. What gives?
I’ve been working in and around IP networks professionally since 1988, and with IP networks since 1979. I’ve seen many weird things, and now have another to add to that list. From my LAN right now, no PCs can login to our credit union on the web. Nobody, that is, unless I go through a VPN link. Otherwise, when we (my wife and I bank together) try to access the login page, a raft of error messages presents. Only the VPN works around weird credit union access issue, which throws up beacoup HTTP error codes. (Explanatory text verbatim from Wikipedia.):
400 Bad Request: The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).
401 Unauthorized: Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.
403 Forbidden: The request contained valid data and was understood by the server, but the server is refusing action.
404 Not Found: The requested resource could not be found [(aka “File not found/Page not found”)].
501 Not Implemented: Server either does not recognize the request method, or it lacks the ability to fulfill the request.
502 Bad Gateway: The server was acting as a gateway or proxy and received an invalid response from the upstream server
How VPN Works Around Weird Credit Union Access Issue
I can only assume that the address resolution for the specific login URL is somehow malformed or invalid. Changing DNS server assignments at the Windows 10 clients (in the TCP v4 Interface properties) does not help. When I switch to VPN, though, that bypasses the local DNS infrastructure. That connection uses the VPN provider’s DNS infrastructure instead. Then, we have no problems accessing the bank URL.
Now, here’s where things get interesting. I can’t remember the login credentials for the Spectrum device that acts as a Wi-Fi AP and router at the network boundary. Thus, I can’t check the DNS situation on that device, which is where DHCP tells all my Windows 10 machines to get their DNS information from. I’ve got a call into Spectrum to see if they can help me break into my router without having to do a factory reset. In the meantime, we’re using the VPN to access the credit union stuff, and plain-vanilla networking for everything else. It’s strange and unfathomable, but at least there’s a workaround.
For Want of a Nail…
Last night, I drove to the nearby Spectrum outlet and swapped my Technicolor cable modem/VoIP device for an identical replacement unit. The theory was that something about this device was behind the issue. It was sheer hell trying to get back online because Spectrum’s activation drill requires providing account, password, and other identity characteristics. I keep all that stuff in Norton Password Vault, and I couldn’t get access to that info through my iPhone nor did I have another path onto the Internet to grab the necessary data. I eventually had to spend another 45 minutes on the phone with tech support as they FINALLY activated our Internet service, TV, and VoIP phone. Reminded me too much of Catch-22 “How can you see you’ve got flies in your eyes when you’ve got flies in your eyes?” Last night, I couldn’t see much of anything for far too long!
Because our son attends school online, doing without Internet is impossible. Thus, I ordered a 5G hotspot from Verizon last night, so we have a medium performing fallback. They tell me the hotspot I ordered delivers about 200 Mbps downstream and 25 Mbps upstream in our neighborhood. I’ll be finding out — and making sure the fallback works — when it shows up via USPS early next week. Sigh.
Router Reset Solves Resolution Hiccup [Added 1 Day Later]
With a little more time to think about what could cause my problem, I formulated a hypothesis about the cause — and a likely fix — for my troubles. All nodes on my LAN had an issue with that one specific URL. But neither the site operator nor my ISP could replicate that problem. Thus it had to be on the boundary between my LAN and the ISP’s aggregation network. That means only one possible culprit: the Spectrum router. It sits at my network boundary. It also provides DHCP to the nodes on the LAN and acts as the DNS server for all internal nodes.
“Aha” I thought, “I bet resetting the router will fix this issue because it reloads — or repopulates, rather — the DNS cache.” I was right. After powering off the router, letting it sit for a minute or two, then powering it back on, our name resolution issue was gone. Glad to have it fixed because it was deucedly inconvenient without credit union account access. Ultimately, it was the “VPN trick” that led me to the solution. Sigh again.
This morning, I noticed something different just after 9 AM. That’s when the usual scheduled backup job on my production desktop fires off, and about 2 minutes later the drive starts clunking away. Check the timestamps for the Macrium Image (mrimg) files in the lead-in graphic in File Explorer. Except for today — November 10 — all the other jobs show a stamp in a range from 9:02 – 9:21 AM. What was different this morning? No drive clunking provided audible clues when 8TB backup drive goes south. And sure enough, when I checked Explorer at first, the drive was MIA. In fact, Disk Management showed a drive with neither GPT nor MBR disk layout.
After Audible Clues When 8TB Backup Drive Goes South, Time for Repairs
Luckily, I’ve got a commercial license for MiniTool Partition Wizard (MTPW). It includes both Data Recovery and Partition Recovery capabilities. So first, I let MTPW define the drive layout as GPT (as it must for a drive bigger than 2TB). Next, I ran the program’s Partition Recovery capability. About 30 seconds later, the drive’s contents were visible in the MTPW Partition Explorer. But I still had to assign a drive letter before repairs were complete. Immediately thereafter, I ran a manual image backup using Macrium Reflect to make up for the backup I’d missed along with the 8TB drive. As you can see from the most recent timestamp for the top file in the lead-in graphic, today’s belated backup is stored with all its predecessors.
A Bit of Insurance Against Recurrence
I also finally switched in my brand-new Wavlink USB 3.0 docking station (Model: ML-ST3334U) for the old Intatek unit I’d been using. Turns out the Inatek couldn’t handle even a 4 TB and and 8TB drive. Given that I’ve had problems with this dock before, I’d been waiting for the “next fault” to force the swap. I think that’s what happened this morning. I also think the Inatek can’t really handle ONE 8TB drive without power issues. The Wavlink, OTOH, is rated to handle 2 8TB drives. That’s why I bought it, and why I hope this means I won’t see my big backup drive go bye-bye again soon.
But weirder things have happened on my production PC, and may happen again. As we all know, that’s just the way things sometimes go (or go south) in Windows World. Count on me to keep you posted as and when such weirdness happens.
OK then, I admit it: I just flat-out got tired of waiting. It’s been 20 days since 20H2 went GA, and my production PC still hadn’t gotten “the offer” from Windows Update. Having long ago downloaded the ISO for 20H2 using the Media Creation Tool, I used it. The process took almost 40 minutes from start to finish. That’s much longer than it took my PCs that did get “the offer” to finish the task. At least 4 times as long. Right now, I’m pausing for this blog post. Next, I’ll do my usual post-upgrade cleanup, now that impatience prompts production PC forced 20H2 upgrade is done.
After Because Impatience Prompts Production PC Forced 20H2 Upgrade, Then What?
My usual post-upgrade cleanup routine of course. This consists of:
Running TheBookIsClosed/Albacore’s Managed Disk Clean (mdiskclean.exe) utility to get rid of Windows.old and other stuff
Using Josh Cell’s nifty (but increasingly dated) UnCleaner tool to get rid of about 310 MB of junk files.
Running Macrium Reflect to capture an image of this pristine OS update
Getting on with business as usual
Just for grins, I ran DriverStore Explorer to see if it would find any outmoded drivers. As you’d expect, everything was ship-shape. Ditto for DISM ... /analyzecomponentstore, which tells me no updates since the GA date of October 22 have left old, orphaned packages behind. And because this kind of upgrade really is like starting over, Reliability Monitor gets a clean slate (in fact, it’s “dead empty” right now):
Right after a feature upgrade (which is what happens when you install from setup.exe), Reliability Monitor is devoid of data, and runs only forward from there.
[Click image for full-sized view.]
Status: 2004 to 20H2 Upgrades at Chez Tittel
This is the last and final machine to transition from 2004 to 20H2. My upgrades are done. One profound impetus for this change came from the three new Dell PCs — two review units, and one new purchase — that showed up over the past two weeks. All of those new 11th-gen PCs got “the offer” as soon as they booted up for the first time. I know that my production PC is solid and reliable and I’ve long since worked out any driver kinks on this machine. Seeing the Dell units transition painlessly (and incredibly quickly), I bet that the production PC would also get over the hump. But while it worked, I can’t say it was fast. But all too often that’s how things go here in Windows World. Stay tuned!
It’s not quite the apocalypse, but the end of support for Window 10 version 1903 is approaching on December 8, 2020. Thus, MS is now force upgrading PCs still running that OS through Windows Update (WU). Of course, 1903 has been out for some time, having gone GA in May 2019. It’s also been succeeded by three subsequent versions — namely 1909, 2004 and just recently 20H2. When end of support hits, MS stops issuing security updates, which makes machines running such an OS vulnerable to new security threats that won’t be patched. Not good! Time to upgrade then, which explains why WU gives 1903 users forced upgrades these days.
When WU Gives 1903 Users Forced Upgrades, Then What?
The funny thing is, Microsoft is upgrading these 1903 PCs to version 1909. What makes that funny is that this version (for Home and Pro users, anyway) will itself go out of support in May of next year (2021). Thus, those who go through an automatic upgrade through WU will have to repeat the process next May when 1909 itself runs into the same wall. Other, newer ISO versions of Windows 10 are readily available through various sources. The Media Creation Tool for 20H2 is available through the Download Windows 10 page. Or, you can use AveYo’s excellent MediaCreationTool.bat script to access ISOs for most known Windows 10 versions. (I wrote about this for Win10.Guru on November 2, 2020.)
Given that 20H2 is still in the trickle-out process and hasn’t gone into wide distribution, it may make sense to upgrade from 1903 to 2004. In that case, you can use the afore-linked script to grab just what you need. Other good sources for 2004 include UUPdump.ml and the HeiDoc Microsoft Windows and Office ISO Download tool. Either one will also let you pick a version for the ISO you download, including 2004.
Moving Up from 1903
If you must upgrade from 1903 to some newer version — and I agree with Microsoft that it’s time to get cracking — I think 2004 makes most sense. Hopefully, these various sources for an ISO will help. And remember, to use an ISO for installation mount it as a virtual drive, then run the file named setup.exe from the root of that mounted drive to get the process underway. The Windows 10 Installer will do the rest. Cheers!
Here’s an interesting topic for Windows 10 power users and admins. As stated in this post’s title, there are plusses and minuses regarding Intel’s new — and frequently updated — DCH drivers. Intel graphics drivers show up on laptops with Intel CPUs. That’s simply because a graphics component is built into most such processors, particularly mobile ones. Indeed, some laptops have additional external (usually PCIe-attached) GPUs. But any of those with Intel CPUs can switch back and forth between the on-chip GPU and that external GPU . Thus it’s important to ponder Intel laptop graphics driver upgrade pros cons — particularly when choosing and upgrading drivers.
DCH stands for Declarative Componentized Hardware supported apps. This is the new, forward-looking architecture for Windows Drivers. It’s explained in a Microsoft Docs article entitled DCH Design Principles and Best Practices. There we find an explanation for each of the acronym’s letters (I quote this material verbatim):
Declarative (D): Install the driver by using only declarative INF directives. Don’t include co-installers or RegisterDll functions.
Componentized (C): Edition-specific, OEM-specific, and optional customizations to the driver are separate from the base driver package. As a result, the base driver, which provides only core device functionality, can be targeted, flighted, and serviced independently from the customizations.
To me, the componentized piece makes the DCH driver both interesting and relevant to laptop owners. Basically, it means base driver packages from the device maker are OK — Intel, in this case. That’s because customizations from an OEM or laptop maker can slipstream onto the base level driver. And it won’t affect the behavior or reliability of the graphics circuitry. Especially for those who use their laptops for gaming (where drivers matter quite a lot, and change pretty frequently) this is good news.
Case in Point: Intel’s November 6 igfx_win10_100.8935.exe Driver Release
Late last week, Intel dropped the afore-mentioned new DCH drivers release. The release package is available at Intel Graphics – Windows 10 DCH Drivers web page. This new release covers Windows 10 versions 1709 through 20H2. It also comes in both ZIP (direct access to driver files and components) and .exe (self-installing formats). Those who use the Intel Driver & Support Assistant are already familiar with the .exe versions of the company’s drivers, because those are this tool’s default versions. If you look at the Release Notes for this …8935 version you’ll see that all of the key issues fixed call out computer games (Crysis Remastered, PGA Tour 2K21, Doom Eternal, World of Warcraft, Shadowlands, Red Redemption 2, and so forth). Hence, my earlier point about gamers as primary beneficiaries for such updates.
Other admins or owners with Intel GPU circuitry on their laptops can relax about updating laptop drivers on major-branch laptops (Dell, Lenovo, HP, and so forth). Why? Because the DCH architecture means that Intel’s base level driver is more or less guaranteed to “play nice” with any such customizations as the OEM/mfgr may add for its own laptops. In the past, I’d relied on the various vendor update services (e.g. Dell SupportAssist, Lenovo Vantage, HP Support Assistant, and so forth) as the sole source for laptop graphics drivers.
I’ve been experimenting with using Intel DHC drivers plus the occasional OEM/mfgr graphic driver on four Lenovo PCs for the past six months now. My experience has been almost completely positive, with only one install issue on a Lenovo X380 Yoga last month, easily remedied by a manual install after downloading the driver file from the Lenovo Support pages.
DCH Graphics Drivers: Worth Trying Out
Looks like DCH Intel graphics drivers are pretty safe, and ready for day-to-day laptop use. Don’t take my word for it, though. Conduct your own experiments on test machines (as I did) and see how things go. I’m reasonably certain of positive results. If not, I hope you’ll tell me all about it (comment on this post). Cheers!
The other day, I had Windows Defender scan all of my disk drives. This action artificially provoked a performance alert on one of my Lenovo laptops. While it was running it reported 8 malware items on my D: (Data) drive. Please note: all of these are categorized as “HackTool” items. MS correlates them with specific malware items and known exploits. After overcoming my initial alarm, I looked where those items were found. All resided under parent directory D:\NirLauncher. Immediately, certain things became clear. Every one of the suspect elements is a password sniffing and capture tool in Nir Sofer’s collection of Windows Utilities. In fact, he’s got a category within that collection of 200-plus tools called “Password Recovery Utilities,” which comprises 20 items (see below). All of them popped up here. Aha!
Once it found these items, Defender forced me to have it ignore these threats to retain access to them.
[Click image for Full-Sized View.]
If Certain Legit Tools Generate Windows Defender False Positives, Then What?
Once Defender finds something suspect, you must remove that item from its clutches before you can use it again. That meant I had to open Windows Security → Virus & threat protection, then click on each item it found. Next, I clicked “See details,” and then explicitly told it to ignore each threat one at a time.
As you might expect, there’s a better way to deal with this kind of thing if you prepare in advance. If you click “Manage settings” inside the Virus & Threat protection pane, you’ll find an Exclusions setting right below Controlled folder access. Click “Add or remove exclusions” and you can instruct Defender to bypass specific files or folders. I simply added an exclusion for the D:\NirLauncher folder and it will now be ignored in future complete system scans (the Quick Scan option only accesses the Windows C: drive anyway).
Pre-emption Beats Reaction Whenever Possible
Currently, I use several utilities that Defender flags as threats. In addition to NirSoft’s password utilities (which NirLauncher includes amidst its collection of tools), I’ve had to exclude Gabe Topala’s System Information for Windows (siw.exe). In days of yore, before I started using Superfly’s ShowKeyPlus, I used a tool called Magic Jelly Bean Finder that likewise got flagged. I excluded it, too.
The moral of the story is this: if you’re planning to install (or copy standalone) tools that find passwords or keys, chances are pretty good that Defender will flag them as Hacktools. If you take steps to exclude them in advance, you can avoid having to “Ignore” them later on. But please: make sure you run any such software through VirusTotal to be doubly darn sure it’s safe before allowing it to take up residence on your PC. Such tools can indeed be used for malefic purposes, as well as legitimate ones. Be safe out there!
You know, there are more benefits to keeping software up-to-date than just avoiding security vulnerabilities. They even go beyond the pleasures of good housekeeping. When I couldn’t run Albacore’s excellent Disk Cleanup reaplacement (mdiskclean.exe) on my Lenovo X220 Tablet this morning, I started troubleshooting. Along the way, I found it ran just fine on my X380 Yoga (my other Fast Ring test machine). “Hmmm,” I said to myself, “let me compare the file dates.” And sure enough, I was running an April 2019 version of the project. However, the X380 was running a newer, May 2019 version. A quick online check confirmed that May 2019 is the latest and greatest version. Thus, I concluded that old MDiskClean.exe throws System.InvalidOperationException error. Those details appear in the lead-in graphic above.
If Old MDiskClean.exe Throws System.InvalidOperationException Error Then Update!
Indeed, my next move was to grab a copy of the current version. I replaced the old, outdated April 2019 version with the current May 2019 version. Then I ran the program again. This time, it worked like a charm. There was nary a trace in the Reliability Monitor of its passing, either. Sometimes, the easy fix is also the right fix. I’m glad to report that this is one of those times. The problem is solved.
With the current (05.2019) version running and working, mdiskclean.exe looks exactly like Disk Cleanup, except it lets you show all available selections at the same time.
Disk Cleanup limits the display area to 5 items, so you have to scroll like mad to get through a big list.
If you should run into application level errors in Reliability Monitor, it’s smart to check the application itself first before taking troubleshooting further. In this case, that was as far as I needed to go. Had that not helped, my next move would have been to run the system file checker (sfc /scannow) and to perform a DISM componentstore health check (dism /online /cleanup-image /checkhealth). Normally, that would be as far as one would need to go at the application level. Beyond that, though, comes an in-place upgrade repair install (TenForums Tutorial) and finally a clean (re)install (TenForums tutorial). Glad I didn’t have to break out any of that heavy artillery. Cheers!
I’ve still got a Surface Pro 3 kicking around. It includes an i7-4650U CPU, which the Intel Ark tells me was introduced in Q3’2013. When I bought that machine, I also bought the Surface Pro Dock, which granted me a hardwired Ethernet port, 2 each USB 2.0 and 3.0 ports, and a charging cradle. But it hasn’t been problem free. In fact, it’s kinda flaky. I keep a USB 3 drive plugged into the dock for backups and extra storage. But sometimes, the drive “goes away.” It simply drops off the PC. If I unplug the device, then plug it back in, or cycle the power, sometimes the device will reappear, and sometimes it won’t. This works on my external 2TB HDD, but not on my mSATA drives in their Sabrent enclosure. Researching things just now, I see SP3 Dock USB weirdness well-documented at Microsoft Answers and elsewhere. Sigh.
The SP3 Dock has GbE, 2x USB3.0 & USB2.0 ports, plus Mini DisplayPort & audio in/out minijacks.
If SP3 Dock USB Weirdness Well-Documented, Then What?
Alas, when you’ve got known problems with hardware that’s this old there’s not much you can do about it. Checked to make sure I’ve got all the latest/current drivers and firmware (I do). Looked to third-party sources to see if any might address such issues (can’t find anything). Worked through the Dock Troubleshooting advice from MS Support, and there’s no relief there, either. Sigh again.
Now, I have to decide if I want to live with this or get rid of the device. I’m torn. I’d like to fix it, but I’m unable to work my way to a solution. I’ve been thinking about buying a Surface Book 3 when they come out, later this year (or perhaps next year). So there’s no need to be hasty. But it really bugs me when things don’t work like they should.
I’m open to suggestions. Anybody got any? If so, please comment here, or send me an email at ed at edtittel dot com (be sure to put Surface Pro 3 Dock in your subject line too, please).
I’m a big fan of Reliability Monitor. This is actually a strange and useful offshoot from Performance Monitor (aka perfmon or perfmon.exe). As I will explain, little gotchas from tales of two Relmons actually shed more light on system health than a straight-line perfect 10 rating across the board.
That’s what makes the tale of the second relmon (the first appears at the head of this story) more informative, in fact. Interestingly, type perfmon /rel into the search or run boxes for a quick launch method. Reliability Monitor (RelMon) does a good job of tracking and reporting on errors that occur in day-to-day Windows operation.
Over the years, I’ve learned to rely on RelMon (a) to check on the general health of my systems, and (b) as a place to look when noticeable errors or crashes occur. Those red Xs provide a strong visual clue when something isn’t right. Also the details RelMon delivers to back things up are helpful. They often provide important clues in deciding if a problem needs addressing, and if so, how one might start down that path. Here’s the second of the two RelMon outputs I’d like to present today:
This report from my production X380 Yoga, shows minor niggling errors. Most come straight from Windows 10 components or apps, in fact.
[Click image for full-sized view.]
Little Gotchas from Tales of Two RelMons Show Perfection Is Over-Rated
My first instinct when looking at “red X” detail in RelMon is to see what kind of software or other system component threw the error. Most of them, as with the preceding screencap, appear in the “Application failures” line. That means they report some kind of application or app error.
In general, I’m a lot less worried about those than I am about Windows failures (line 2) or Miscellaneous failures (line 3). That said, let’s look at what caused a nearly 3 point dip on March 27. Two errors are reported. One is a Lenovo software component (probably associated with Lenovo Vantage, which I use for driver and BIOS updates). The other is the Settings application itself. The Lenovo item shows up as an Explorer shell extension: the problem event name BEX64 is quite familiar. In the other error, the Settings app stopped communicating with Windows and was closed. In other word, Settings hung for one reason or another. No big deal: happens sometimes, but not often. An explorer restart fixed this: read all about it at Win10.Guru.
When RelMon Spurs Me to Act
In contrast, let me recite a recent list of items from RelMon that have spurred action and repair maneuvers:
A repeated driver crash on iahStorA.sys (part of Intel’s Rapid Storage Technology) helped me decide to uninstall RST on that PC. It’s required for RAID, which I don’t use.
When CCleaner started throwing errors on a couple of PCs, it too got uninstalled. The makers have changed to a “more friendly” UI, and I don’t like it much anymore.
When the Skype UWP app started crashing every two-three days, I used PowerShell to remove it. Never used it, either (plenty of laptops with microphones and webcams for online action).
Most of the time, when a RelMon error calls for action, you’ll be able to figure that out quickly. Sometimes, if it’s an essential Microsoft component, all you can do is report the error via Feedback Hub, and hope for a speedy patch or fix. But with time and experience, these things will sort themselves out. If something you don’t need, use, or perhaps even want causes a problem, it may just be best to uninstall or remove it.