Tag Archives: Troubleshooting

ESET NOD32 making many systems hang

I’ve spent most of the day trying identify a systematic way to work around the campus antivirus solution, which is causing widespread system hangs. Our vendor has tentatively identified a problematic recent update, and is recommending that affected users temporarily disable the Eset Service service until a patch is available.

Disabling ESET NOD32 / ekrn Service.

If your system become unresponsive, in most cases soon after logging into the system, you may be affected. Please follow these instructions to disable the ESET service:

1. Restart your system in safe mode

2. In either the Run command ( Start->Run or [Windows Key]+R)



OR in the Vista Start menu search box



3. Enter the command below

cmd /k "sc config ekrn start= disabled"

(Please note that the space after start= is required; goodness knows why…)


4. Watch for the success message:



Reboot and stay tuned to your friendly neighborhood technical support resources for updates.

PS. for what it’s worth, here’s my current ESET version info, which hangs my system.


List folder contents – XP vs. Vista

Yesterday, a client called me complaining that, after installing Vista SP2, she couldn’t access a folder on a file share. She could access that same folder from her XP workstation, logged in with the same account.

I paid a service call (across the parking lot; any excuse to get up and walk outside ๐Ÿ™‚ ), and after some poking around confirmed her claim. We did determine that she might not have attempted to access that folder from her new Vista system before.

So I started digging deeper. The folder granted her (via a group)  the “List Folder/Read data” permission. So I created a test folder and granted an analogous group this specific permission to the folder. This is displayed in the output of icacls thas “(S,RD)”.

C:\>icacls s:\cit\ZTest
s:\cit\ZTest CAMPUS\ETS-FileServices-Browse:(S,RD)

This permission alone allows Windows XP workstations to browse the folder, but Windows Vista or later give an “Access in denied” error.

When creating a “browse” permission for a single folder, I start by granting the “List Folder Contents” standard permission, which assigns the following permissions to the folder and subfolders (not to files):

  • Traverse folder/execute file
  • List folder/read data
  • Read attributes
  • Read extended attributes
  • Read permissions

With icacls, this permission looks like this:

C:\>icacls s:\cit\ZTest
s:\cit\ZTest BUILTIN\Administrators:(OI)(CI)(F)

The (CI) indicates “Container inherit,” which means that permission (ACE) will be inherited by subfolders. Now I open the advenced security dialog, and edit the ACE to change the “Apply to” control to “This folder only.” Now the browse permission applies only to the particular folder. In icacls, it looks like this:

C:\>icacls s:\cit\ZTest
s:\cit\ZTest BUILTIN\Administrators:(OI)(CI)(F)

I changed the permissions on the client’s folder, and her access was restored.

See also:

Changing Boot drive with BCDBoot

Scott Hanselman is a consistently good source of useful info and commentary. Recently, he needed to change which drive his computer used as its System drive, which is to say the drive containing the boot loader and configuration.

( N.B. For some reason, the “System Drive” contains the boot info, and the “Boot Drive” contains the operating system. Why could this not have been corrected?!)

Scott points out his options:

Approach 1: Nuclear Option. Wipe and Start Over.

Approach 2: Copy the Hidden/System Boot Manager and Boot Folder over to the C: drive and run a tool called BCDEdit to move things around in 12 short steps. ๐Ÿ˜‰

This was a scary prospect for me, because from my point of view, while this was a fairly advanced operation, I just wanted to switch where the boot info comes from.

Turns out there is a new (profoundly advanced, you have been warned) command line tool called BCDBoot.

See Scott’s blog post for more info. /me wonders if one could copy the bcdboot executable to a Vista system and perform the same operation.

Tuesday – May 5

Spurred by some recent traffic on the Windows-HiEd list, I have looked into the Windows Update process on some of our Server 2008 Core systems. The thread was specifically with regard to KB article 953631, and that some folks have found that it installs repeatedly on Server Core instances and blocks other updates.

In examining the event logs on a couple of our Server Core system, I found that the update is indeed re-installing repeatedly, but it doesn’t appear to be blocking other updates.

First, I ran the systeminfo command to display the installed updates. KB953631 was not listed. I grabbed the WUA_SearchDownloadInstall.vbs script from Microsoft (I renamed it to Get-WindowsUpdates.vbs, in keeping with the sound PowerShell naming conventions). When I ran the script, it found and downloaded two updates, the KB953631 update in question, and KB955430. I confirmed that I wanted the updates installed, and the first update installed successfully, but the second failed (my initial searches didn’t explain the 0x800f082f error code). I reproduced the same behavior on another server core instance.

I tried rebooting the host, and running the Get-WindowsUpdates.vbs script again, and this time both updates installed successfully. (yes, the KB953631 update installed again). I reproduced this success on the other host as well.

So it appears that in our environment, the KB953631 update isn’t blocking other updates. I’ll confirm this after Patch Tuesday.

At the very end of the KB article is the following:

Note for WSUS administrators
If you approve this update for deployment in a WSUS environment, be aware that after you run the update, it will not be reported as "Installed." The update itself is not installed on client computers. The update scans for missing files and replaces them as appropriate. If a computer requires a missing file, the 953631 update will be reported as "Needed.”

Also, Server Core is not mentioned specifically in the list of affected operating systems. It might be worth asking what the expected correct behavior should be in this situation.

In my investigating, I also found an article in the Scripting Center the describes a PowerShell approach to manipulating Windows Updates. This might be nice when Server 2008 R2 is availabel and .NET and PowerShell are included, or other update-wrangling tasks.

Wednesday – April 22

I’ve been working on revising and refactoring a Perl application that I wrote about four years ago to handle our domain account provisioning. Originally, it was a monolithic application, running on ActiveState Perl. Now it needs to run on a Windows Server 2008 x64 host. I use a couple of additional modules that are available from the excellent repository at UWinnipeg that include some compiled code. Rather than run the Perl64 version, and then having to compile my own DLLs, I decided to just install the 32-bit version of Perl, and continue using the modules.

The application is feature-complete, I believe, and is ready to be tried in production. When I attempted to run it under a service account, though, I encountered an error that I hadn’t received running it under my working account. I could repro the error with a simple one-liner:

C:\Perl\bin>perl -MNet::SSLeay
Can’t load ‘C:/Perl/site/lib/auto/Net/SSLeay/SSLeay.dll’ for module Net::SSLeay:
load_file:Access is denied at C:/Perl/lib/DynaLoader.pm line 202.
at – line 0
Compilation failed in require.
BEGIN failed–compilation aborted.

I checked my PATH, and verified rights to the file indicated. Things were in order and I was stumped. Some google searches turned up advice to check my PATH variable and confirm permissions. OK.

I used Process Monitor from SysInternals and filtered on the perl command line. Toward the end I found a couple lines indicating ACCESS DENIED to C:\Perl\bin\libeay32.dll.


Now this is not the file that was mentioned in the error, but I checked this one, and the SSLeay.dll that was there, too, and wouldn’t you know? They had different ACLs than the rest of the files. Perhaps the ppm installer didn’t assign the rights when it installed them? Whatever. I granted the service account appropriate access and that fixed the problem.


Recalcitrant Vista SP1 install

I have spent a number of hours troubleshooting the installation of Windows Vista Service Pack 1 on a particular Dell Optiplex 755, but I finally succeeded.

Symptoms: The SP1 update was downloaded and queued for installation via the Automatic Updates engine. When initiated, the install would look like it had completed (going to 100% through the third configuration step). But upon reboot, the installation would rollback all changes.

Troubleshooting: I did some of the normal troubleshooting steps, including downloading the full installer, disabling AV, etc. Each attempt to install the service pack was time consuming, but ended the same way. Eventually, I tried running the system file checker,but that didn’t change anything.

SP1 installation support: Microsoft offers free support for SP1 installation, so I decided to give that a try. The first suggestion was that I try the installation in a clean boot environment, created using MSCONFIG:

  1. Click "Start", type: MSCONFIG in the search box and press Enter.
    Note: Please click "Continue" if the "User Account Control" window pops up.
  2. Click "Services", check the "Hide All Microsoft Services" box and click "Disable All" (if it is not gray).
  3. Click "Startup", click "Disable All", click "OK" and restart your computer.

I made the changes and attempted the install again, but without success. I bundled up some log info and sent it off to my support technician. Her next request was that I repair Vista, using installation media of the same Vista version that was currently running on the system, by running setup and selecting the upgrade option.

I ran into some issues with unreadable media and had to perform a firmware update on my DVD drive, but I got that working. The upgrade/repair took hours on a relatively powerful system. It did complete, however, and then I was able to run the SP1 install from the version I had downloaded.

Since this was a very significant system update, it would be prudent to back up any important data before performing this procedure on any system. All my software and data appears to have been preserved, but this is a lightly used system, and my important data is on my network account.

TinyMCE fixed!

I finally got around to using a javascript debugger to find out why the visual editor refused to work for me. I got the following error when there was an attempt to call tinyMCEPreInit.Start():Object doesn’t support this property or method”. I quick search led me to this forum thread, which references a PHP bug. I reproduced the bug behavior, and then made the code changes recommended in the forum post.
I’m now posting my first blog entry using the visual editor. Hurrah! Many thanks to the member who posted the solution, a certain bcodding. I wonder… Confirmed: that’s my colleague, Ben, from down the hall. Quite the coincidence!
Now I’ll go back to being out sick.

Troubleshooting Windows Activation

[UPDATE: Removed Vista info. instead of troubleshooting Vista, upgrade it. Added Windows 8, 8.1, and 10 info.]

Here are some troubleshooting stepsย โ€” for my future reference as much as anyone else’s โ€” for for gathering information for diagnosing and resolving Windows KMS client activation issues.

Quick Fix: Try this first!

Most Windows activation issues I’ve encountered are resolved by entering the appropriate product key (not a secret; see footnote):

Windows 7 Enterprise Volume:33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 8 Enterprise Volume:32JNW-9KQ84-P47T8-D8GGY-CWCK7
Windows 8.1 Enterprise Volume:MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows 10 Enterprise Volume:NPPR9-FWDCX-D2C8J-H872K-2YT43

Enter the code above and attempt to reactivate. If it works, you should be all set. If it doesn’t, the following steps will help identify the issue.

Gathering Information.

Gathering data is essential to fixing problems. If you ask me (or other IT staff) for help with Windows activation, the first thing I will ask from you is the output of the commands below. I recommend opening a text editor and copying all the commands and output into a file, which you can send to us if you need additional help resolving the activation issue.

NOTE: All these steps require running commands from a console window (cmd.exe), which you may need to run As Administrator. These commands work in Windows 7, 8, 8.1 and 10.

1. Run ipconfig /all to capture current IP configuration information.
This could tell us whether the system is in a netreg-ed subnet and needs to register at http://netreg.uvm.edu, or if there are other basic network configuration problems. We really just need the Ethernet adapter, assuming that’s what is being used to connect the system to the network. We don’t need all the additional tunneling adapters, etc. If someone is using a wireless adapter, possibly with the VPN client, then info about those adapters also should be captured.

2. Run a DNS query to make sure the system. (Note the space between srv and _vlmcs):

Continue reading

Reset Offline Files cache

For my reference, mostly…
In Windows XP: In Explore’s Tools → Folder Options → Offline Files, then press CTRL+SHIFT and click the “Delete Files” button. How Macintosh is that? I’ve had to perform that maneuver a few times. With Windows Vista and later, the reworked Offline Files facility has worked much better. But occasionally, the Offline Files database still gets munged.
NOTE: Once you set the value and reboot, all the content in the Offline Files cache for all accounts on the system is purged. You need to perform a sync operation in order to populate your files into the Offline Files cache again.
If you have files in the Offline Files cache that haven’t been successfully synced to the server, those files will be lost. For this reason, I will often make a local copy of “My Documents” to another folder on C: (e.g.: c:\temp\MyDocsCopy) while the network interfaces are disabled, to make sure I’m copying data from the cache. It never hurts to create a backup.
In Windows 7 and 8, the process requires setting a single registry value:

To reinitialize the Offline Files cache, create the following DWORD registry value with a value of 1 and restart the system.
Note that you will have to create the Parameters key, and any unsynchronized changes will be lost. In addition, any files and folders pinned by means other than Folder Redirection or Group Policy will no longer be pinned on that client.
The setting of this registry value may be automated using REG.EXE.
In an elevated command prompt, run the following command.

REG ADD "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v FormatDatabase /t REG_DWORD /d 1 /f