Category Archives: Windows 10

Recent Activity, Tips, Tricks and Tweaks, Troubleshooting, WED Blog, Windows 10

NirSoft BlueScreenView Worth Learning

May 10, 2021 Ed Tittel Leave a comment

Israeli developer Nir Sofer is the person behind the outstanding Windows utility site nirsoft.net. I’ll be describing his blue screen viewing tool in today’s item. And when I explain what makes NirSoft BlueScreenView worth learning, I mean it is something handy to have around for both Windows professionals and enthusiasts.

Why say this? Because, sooner or later, nearly every Windows PC experiences a crash. In older Windows versions, such a screen was invariably blue. That earned it the initialism BSOD, for “Blue Screen of Death.” In Windows 10, such screens sometimes come up in green instead and may be called GSODs for that reason. For a fascinating historical look at BSODs from the past, check out Mark Russinovich’s evil little BlueScreen Screen Saver. It not only simulates BSODs, it also simulates the data acquisition and reboot phases that follow immediately thereafter. Says Russinovich “…its accuracy will fool even advanced NT developers” (it does not, however, look like a real Windows 10 BSOD or GSOD). Like I said: it’s evil.

Why Is NirSoft BlueScreenView Worth Learning?

Simply put, this nice little tool reads the dump files that Windows collects as it recovers from a serious error. It provides immediate insight into what blew up, and what other OS and application modules were involved.

You can provoke BSOD with an input string to an administrative command prompt, if you like. WARNING! This will immediately crash the PC into which it is entered. Close all apps, and save your work beforehand, to avoid unpleasant surprises.

That command string is:

taskkill /im svchost.exe /f

Svchost.exe is a critical Windows 10 process. It acts as a shell for loading services based around dynamic load library (DLL) files. Because DLLs are often shared, multiple processes will call on a single svchost.exe instance to access its DLL. By running this command you’re killing all svchost instances immediately. This renders Windows unable to run, so it crashes instead.

The flag in the resulting BSOD reads “CRITICAL_PROCESS_DIED.” That brief phrase tells you that, except as a sure-fire way of provoking a BSOD, this is an extremely bad idea. But it’s a useful technique to cause a bluescreen, to show what NirSoft BlueScreenView can do.

Dump files in top pane, Dump trace in lower pane. This one shows the CRITICAL_PROCESS_DIED error from the lead-in graphic.
[Click image for full-sized view.]

Working Through BlueScreenView Output

As you examine the image above, you’ll see a dump file that starts with a date string (051021) and ends with the tell-tale file extension “.dmp”. It shows a time stamp, the bug check string, and a bug check code, followed by up to 4 parameters. It also shows which driver caused the crash: in this case, we killed the driver for the operating sytem kernel itself! (That’s noskrnl.exe plus a hex offset, as shown in column 9.)

Generally when I’m using this tool, I look first at Column 9 (caused by driver). That’s because the transitory blue screen window provides most of the preceding data. I usually care most about the bug check string and code because they make dandy lookup strings for guidance online. Column 9 points to the actual cause, and can be extremely informative.

Spend a little time with this tool, and use it to practice reading dump files. Trust me: it’ll come in handy someday. ‘Nuff said

Networking, Recent Activity, Troubleshooting, WED Blog, Windows 10

More Networking Trouble Manifests

May 7, 2021 Ed Tittel Leave a comment

Wouldn’t you know it? Today’s a busy day here at Chez Tittel. I’ve got multiple deliverables due, and it’s my son’s “A day” at school (8 classes, several of them challenging). “The Boss” needs her Internet access, too, for purposes both commercial and personal. That’s no doubt why today, of all days, more networking trouble manifests here and now. For as long as two hours we had no access at all.

When More Networking Trouble Manifests, Then What?

Yesterday, I was inclined to blame my aging desktop when only its NIC stopped working. Today, we lost not just all of the wired connections, but wireless was popping in and out, too. Suddenly things were much clearer: the combination WAP/router from Spectrum was failing — or flailing — intermittently.

A quick call to tech support confirmed that (a) I have a first-gen WAP/router device for the company’s 1 Gbe service and (b) such behavior happens often enough for team members to know about it. My friendly support guy “Jeff” suggested I drive over to the nearest Spectrum offices and trade in the current unit for a new one.

In the Land of the Blind…

Fortunately, the nearest such office is less than 15 minutes from the house. So I packed up the WAP/router, jumped in the car, drove over and swapped it for a replacement device. Surprise! It’s got a 2.5 GbE interface between cable modem and WAP/router, which I supposed is all to the good.

Even more fortunately, it proved to be (mostly) a matter of plug-and-play upon installing the new device. I did have to reboot the cable modem to get it to recognize and talk to the WAP/router (by getting its MAC address table updated, I assume). I will have to do some clean-up work (static IP assignments for my networked printers) later.

But for now, things are working more or less as they should be. I’m keeping my fingers crossed that they’ll stay that way. I’ve learned now that a failing switch can make NIC drivers go wonky, and have added to my store of troubleshooting lore and experience.

And that’s the way things go sometimes, here in Windows-World! Sigh.

Networking, Recent Activity, Troubleshooting, Windows 10

GbE Adapter Driver Goes MIA

May 6, 2021 Ed Tittel Leave a comment

I had an interesting if unwanted surprise waiting for me when I returned to my production PC after taking a break this morning. Instead of my usual Internet connection, I had zilch. Domain names weren’t resolving. Running IPCONFIG I saw an APIPA address (starts with 169.x.x.x). I knew this meant my NIC had lost its connection with the primary network router, from whence DNS, DHCP and Internet access come. Upon checking the driver in Device Manager, I saw these dreaded words “No drivers are installed for this device” (see above). Indeed when a GbE adapter driver goes MIA, there isn’t much you can do with that device until the driver gets fixed.

If GbE Adapter Driver Goes MIA, Then What?

Fortunately my Asrock Extreme 7+ has two GbE adapters: an Intel I211 and an Intel I219-V. It was the I219-V that dropped off the network. But when I plugged in the I211, it immediately resumed operation. My suspicion: driver corruption in the I219-V driver. So I visited the Intel download site and grabbed a copy of the 26_2.zip Intel Ethernet Adapter Complete Driver Pack.

But then, things got interesting. The same thing that happened with the I219-V started up with the I211. It wasn’t until I reinstalled a new driver from the Intel pack linked above that the I219-V returned to normal operation. I ran DISM /checkhealth with nothing found, but SFC /scannow did report making some repairs. Something odd has definitely hit my production networking facilities.

Bracing for the Inevitable…

I’ve been pondering a new desktop PC build for some time now. This rig is built around an Asrock Extreme7+ and an i7-6700 Skylake processor . Both made their debut in Autumn 2015 (the chip in September, the board in November). As I recall I built this system in the Spring of 2016. That’s now more than 5 years ago. I’m inclined to think this may be fate’s way of telling me it’s time to replace my desktop. Time to revisit and revise my build plans, and get on the stick.

Note Added May 7 (One Day Later)

Today, the whole network here at Chez Tittel blew up. Weird wireless and wired LAN behavior convinced me the Spectrum-supplied WAP/Router/switch device was losing … something. A quick trip to the Spectrum store and a device swap set things right. Read all about it here: More Network Trouble Manifests.

Recent Activity, Security, Troubleshooting, WED Blog, Windows 10

Beware Potential Defender Engine 1.1.18100.5 Gotcha

May 5, 2021 Ed Tittel Leave a comment

Here’s an interesting item. Check your system/boot (usually C:) drive in Windows 10. If it’s filling up (or full), that may come from a (hopefully temporary) Windows Defender gotcha. The program starts creating loads of 2K binary files in the Scans/History/Store subfolder. Ghacks reports tens of thousands to nearly a million such files showing up on affected PCs. Normally, a healthy Defender installation has one or two files in this folder (shown in the lead-in graphic). That makes it easy to check if a system is subject to this potential Defender Engine 1.1.18100.5 gotcha.

How to Check For Potential Defender Engine 1.1.18100.5 Gotcha

The complete directory path to check is:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\StoreIf you see more than a handful of files there, you may be subject to the gotcha. It it’s chock-full of files and your C: drive is filling up, the gotcha is active! It’s OK to delete those files (Defender will make more), according to Brinkmann.

Brinkmann theorizes that the current Defender Engine version — namely 1.1.18100.5 — is responsible. He says MS is aware of the gotcha, and is planning a fix with the next engine update. That new version should carry an ID of 1.1.18100.6, and be ready as soon as Thursday, May 6.

FWIW, I checked all of my Windows 10 PCs. While all of them are indeed running Engine version 1.1.18500.5, none of them is showing symptoms indicative of the gotcha. Clearly, it’s out there. But it’s not clear how widespread or active this gotcha may be. And it sounds like MS is already working on a fix that should do away with it completely.

At least, we don’t have to wait too long to find out if a fix is forthcoming. As I write this item, it could be just over 24 hours from release. For the record, Microsoft updates usually hit the Internet at 9:00 AM Pacific Time on release days. That’s about 26.5 hours from now.

Note Added May 5 Afternoon

A new engine build is already out, and should download automatically to all Windows 10 PCs running Defender. I just found it already installed on my test PCs, to wit:

Note the new engine is out: 1.1.18100.6. Problem solved!

That was quick! Glad MS is on the ball today. Thanks to @WindowsInsider and the whole Windows Team.

Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 10

DevMgr Gets View Devices by Driver Option

May 4, 2021 Ed Tittel Leave a comment

Here’s something new and interesting. Dev Channel Insiders can see a new View menu option in Device manager. That’s right: with Build 21370, DevMgr gets View Devices by Driver option.

The menu element is shown in the lead-in graphic for this story, above. To the left, find a long version of that same screencap. It’s menu-free and shows just under half of the total listing that appears.

Please note: you can see all drivers listed using oemnnn.inf names. In fact, these are assigned as drivers get installed. To the right, you see the true driver name — e.g. netwbw02.inf for oem1.inf –which tells you it’s a Bluetooth networking driver of some kind.

This Lenovo ThinkPad X380 Yoga has 119 drivers installed. That’s a pretty normal count for a Windows 10 PC.

As I look at my other Windows 10 PCs, I see driver counts as low as the low 80s to as high as the low 200s. Actually, that number depends on how many devices (both Microsoft and third-party) are installed in some specific Windows 10 image. Indeed, what’s present and accounted for is what shows up in such tools and their listings.

Is DevMgr Gets View Devices by Driver Option Good?

The purpose of the change, according to Sergey Tkachenko at WinAero.com, is to “make it easier to see what hardware is using which drivers.” I’ve grown fond of the GitHub project DriverStore Explorer (RAPR.exe) for that same purpose, but it is nice to get easy access to the OEM numbers associated with drivers as in this view. Any device name with a carat to its left (e.g. oem11.inf) is actually the root of a device tree. Expand same by clicking the carat and you see various PCIe, LPC and PMC controllers for which it is a parent.

This view is pretty handy for understanding how some hardware elements in a PC are related to others. In fact, this makes for an interesting, informative and useful addition to Device Manager. It’s rumored to be targeted for inclusion in the 21H2 “Sun Valley” release of Windows 10. That’s far enough out that it could easily change. Stay tuned, and i”ll keep you informed. DevMgr has always been a fave tool for me, so I’m more than just a little interested.

Insider stuff, Recent Activity, WED Blog, Windows 10, Windows OS Musings

N&I Rollout Hits Production PCs

May 3, 2021 Ed Tittel Leave a comment

It’s heeeeeeeere! The Dell Optiplex 7080, with its 10th-generation i7 CPU, popped up with News & Interests (N&I) in the notification area. This followed after updating to KB5001030. I’d read this was underway. But I now have personal, tangible evidence that the N&I rollout hits production PCs. Now the question becomes: how long will the rollout take to get to other, older PCs?

I See That N&I Rollout Hits Production PCs

You can see it, too, in the lead-in graphic for this story. It shows the Winver.exe window just above the notification area, including the “weather bug” for N&I. So far, this is the only 19042 or 19043 PC (I have 5 of them altogether) on which N&I has made an appearance.

As you can read in this Windows Latest story, the rollout is underway. But I can tell you from personal observation that it’s hit fewer rather than more of its potential targets at the moment. Here’s how the afore-linked story explains things:

Unfortunately, the feature isn’t available yet for all users, according to several user reports. It looks like a wider rollout is not expected until the end of the month.

That story also concludes with the following statements:

News and Interests feed will be enabled automatically with a server-side update. More users are expected to receive the feature on May 11, while others will get it by the end of the month or in June.

I’m inclined to go along with this, though I do find myself wondering where and how they come up with this information. There hasn’t been much discussion about how rollouts work from MS itself, except to say that it starts out with a smaller population of PCs, and gradually extends its coverage to includes a larger population over time. Seems like the veracity of the timing will be demonstrated in the next 7 to 8 weeks. We’ll see!

Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 10, Windows Update

In-Place Repair Upgrade Gotcha

April 30, 2021 Ed Tittel Leave a comment

If you’ve been following my recent adventures with Dev Channel feature upgrades and WU updates lately, you already know I’ve been struggling a bit. Yesterday, when the 21370 build emerged, it installed just fine on my 2018-vintage Lenovo X380 Yoga. Alas, it got stuck at 0% download on my 2012-vintage Lenovo X220 Tablet. I simply couldn’t get WU to download the file. So I built an ISO for 21371 from UUPdump.net. Then I installed it by mounting the ISO, and running setup.exe from its root directory. Only this morning did I notice an in-place repair upgrade gotcha bit me. You can see it in the lead-in graphic for this story.

What Is the In-Place Repair Upgrade Gotcha?

A common Windows 10 repair technique is to run setup.exe from the same version of Windows against itself. Hence the term: “in-place repair upgrade.” This is really running an upgrade from setup.exe inside the next version ISO, but works the same way.

The gotcha, as shown in the story’s lead-in graphic, is that the Feature Upgrade info is absent from Update History. You can plainly see at left that the X220 is running 21370.1. But there’s no record of that install in the Update History at the right. It shows the preceding build — 21364, dated 4/21/2021 — as the most recent Feature Upgrade.

A Return to Normal Behavior Beats the Gotcha

I’m guessing that because Windows Update did not handle that upgrade, it also didn’t record it in Update History, either. Stands to reason, I presume. This is a go-to strategy for me when I cannot use WU to perform a Feature Upgrade. So I’ll just have to learn to live with that missing history entry when I take that alternate route.

Now that I know it works this way, I can understand what’s going on. Hopefully, it will shed some light on an apparent anomaly to other Windows Insiders. I’ll also take this opportunity to make a request of the Insider Team: Please change Update History behavior to record ALL Feature Updates applied to a PC, whether manually or through WU. Sounds easy, but may be a huge PITA. We’ll see how they respond!

Recent Activity, Troubleshooting, WED Blog, Windows 10, Windows Update

Update Download Stuck Forces Interesting Maneuvers

April 29, 2021 Ed Tittel Leave a comment

Here’s something I’ve not run into before. In trying to update my production PC to KB5001391 I found the download phase of the update stuck at 0% indefinitely. “No problem,” thought I, “I’ll download the .MSU file from the Microsoft Catalog.” Yeah, right!

Update Download Stuck Forces Interesting Maneuvers.stuck-at-zero

I guess the Catalog is smart enough to avoid duplicate, parallel downloads. It wouldn’t let me download the MSU file to that PC. So I jumped on one of my test machines, and downloaded the file there. Then I copied it over the network, and installed it by double-clicking its MSU file. This took a while longer than I was expecting (around 5 minutes or so) but it did work.

Why Update Download Stuck Forces Interesting Maneuvers

I can only speculate that WU informs the OS that it’s already downloading the requested KB item on that PC. Thus, clicking the download link from the catalog does nothing. That said, it worked as expected on a different PC, so I found a two-step workaround where a single step wouldn’t cut it. Please keep that in mind if you ever find yourself in this boat.

More Update Weirdness Follows

After the reboot to install KB5001391, I see it is installed in Update History. Nevertheless, Windows Update still shows me it’s available as an “Optional quality update…” (see screencap following).

Even though it’s already installed (and showing in Update History), I get another offer anyway. Sigh.

Of course, I am compelled to click the “Download and install” button to see what happens. When I do that, the Windows Update page comes back in about 30 seconds with nothing to download nor any status or error message to explain itself, either. I guess it figured out the update was already installed, and withdrew the offer. That’s a reasonably intelligent thing to do. Checking Reliability Monitor, I see no error reports about this there, either. So it looks like a clean save, so to speak. I’m glad!

Insider stuff, Recent Activity, WED Blog, Windows 10, Windows OS Musings

1.3 Billion Active Devices Run Windows 10

April 27, 2021 Ed Tittel Leave a comment

Today, April 27, MS held its quarterly earnings call for Q3’FY2021. Mary Jo Foley at ZDNet reports that among the many items the company shared was a disclosure that 1.3 billion active devices run Windows 10. Yes, that’s “Billion,” with a B. To the best of my knowledge that makes Windows 10 the most widely used PC software of any kind. Last year, MS trumpeted it out that Windows 10 had cracked the 1B mark in March. 13 months later, that number has grown 30%.

If 1.3 Billion Active Devices Run Windows 10, Then What?

MS is careful to identify active devices, because it can count how many copies of Windows 10 are checking in for updates and such. As somebody in a household with 3 people and 10 PCs (all running some version of Windows 10) I can understand why they use that terminology.

I have two things to say about 1.3 B active devices:

That’s a lot of devices, and a pretty big installed based for MS to support and maintain.
Statista puts the global number of Android users at 1.6 B as of 2019, and claims 3.5 B smartphone users as of 2020. I’m guessing there could be over 2 B Android users worldwide now with the number of android devices higher than that. There are about 3 Android users for every iOS user, so that total population is probably around 2.67 B.

The Windows 10 user/device population looks like a monster (and probably is). But it’s not as big a monster as smartphone OS population, which currently outnumbers it at least 2-to-1. That ratio is bound to keep expanding in the smartphone’s favor, because so many people in the third world are getting those devices (and may never, ever own a PC of any kind).

From Small Things, Big Things Can Come

From the perspective of the Microsoft Cloud, and Cloud PC’s ability to use smartphones as “thin clients” for virtual PCs in the cloud, this all looks absolutely fascinating. It’s no wonder that MS is working to bring Azure everywhere, and ready to let smartphone users remote into more capable, data-enriched and powerful apps and services from “the small screen.”

This should make the next few years extremely interesting, especially as it regards the future evolution and expanded use of (remote) Windows. Stay tuned: I’ll keep you apprised of what’s going on…

Insider stuff, Security, Troubleshooting, WED Blog, Windows 10

Defender Update Download Circumvents Stuck 21364

April 26, 2021 Ed Tittel Leave a comment

It’s been a struggle to get the latest Dev Channel Insider Build updated lately. I’ve already described how KB 5001030 and KB5003397 aren’t working on my test machines. Lately, Defender has been stuck as well. That’s how I learned that a Defender update download circumvents stuck 21364.

Normally, you can simply open the Windows Security item in Settings → Windows Update. Next, you can forcibly get Defender to update by clicking “Protection updates” under “Virus & threat protection updates.” Not this time! This mostly-infallible workaround throws an “update failed” error. It explains further it “can’t check for definition updates” (see lead-in graphic).

Shoot! I even tried the command line program MpCmdRun.exe. First, I cleared the Defender signatures (that worked). Then I tried to download a new set (that failed). This time, apparently update downloads are well and truly stuck. For the record neither the Update Troubleshooter, nor the TenForums WU Reset batch file worked, either.

Thus: Defender Update Download Circumvents Stuck 21364

Relief is available from the “Latest Security Intelligence…” MS Security Intelligence web page for Defender. I provide its URL because it’s more informative than that title: https://www.microsoft.com/en-us/wdsi/defenderupdates. If you scroll down this page, you’ll find a section entitled “Manually Download the Update.” Follow the link that matches your Windows 10 version and you’ll download a program named mpam-fe.exe.

If you run this program it will (a) update your Defender signatures, but (b) provide no interaction or feedback. That holds, even if you run the program as administrator. The only way to tell it worked is to check the timestamp for Last Update in Windows Security → Virus & threat protection under the “Virus & threat protection settings.” After you run this program, you’ll see a timestamp that reflects a the recent past. It’s too stealthy for my sensibilities, but it does work.

I’m OK without CUs and Such, But…

When update trouble rears its head on Insider Previews, I’ve learned to cope. I’ve also learned it’s essential to be patient when MS goes into “break-fix” mode. That is, when they acknowledge something is broken and promise to fix it “soon.” And to the Insider Team’s credit most such fixes come sooner rather than later.

But I can’t accept an inability to update Defender on my test machines, where’s its my only anti-malware defense. That’s why I’m glad I’ve now learned how to manually download and install signatures to keep safe, even when updates gets stuck, as they sometime do. So while they’re still stuck for 21364, I’ll use this web page to update daily just to be safe…

Note Added 6 Hours Later

Just for grins, I tried out the old Windows Update MiniTool (WUMT) on my stuck test machines. It was happy to download and install the Defender updates for me. But it did not “see” the two problem KBs until I resumed updates in WU. Acting on advice from the Insider Team that I should be able to install the .NET update, I tried that inside WUMT on my Lenovo X220 Tablet and X380 Yoga It reported it was downloading, then installing, for each of the two problem updates. But alas while KB5003397 succeeded on the X220 Tablet, it failed on the X380 Yoga. And KB5001030 worked on neither machine, even using WUMT. Go figure!