Category Archives: Windows 10

SetupDiag Illuminates Updates Too

About three months ago I wrote about the Microsoft SetupDiag.exe tool. In that February 17 post, I explained how it provides info about upgrade errors and gotchas. Although the Microsoft Docs article doesn’t really say so, SetupDiag Illuminates Updates too. That is: you can use it to gather information and intelligence about update errors, failures, and so forth. Because those occur more frequently than upgrades, this capability is perhaps even more valuable.

If SetupDiag Illuminates Updates Too, Then What?

A failed Windows Upgrade leaves a copy of SetupDiag.exe behind, in the $Windows.~BT/Sources folder. Windows Update does no such thing. Thus, would-be investigators should bookmark this link, from whence the latest and greatest version may always be downloaded:

Download SetupDiag

Once you have this tool in hand, open an administrative Command Prompt or PowerShell session, then enter its full path specification. I found one in the Windows.old folder hierarchy on a recently-upgraded Dev Channel test PC, and it produced the following (partial) output:

SetupDiag Illuminates Updates Too.output-example

Run a local copy of the program if you’ve got one, though it’s best to download a current version instead.
[Click image for full-sized view.]

Once SetupDiag runs through all of its log searches and processing rules, it will produce a report that provides the error code and error string (aka “bug check code” and “bug check string,” respectively). This is usually enough information to lead affected users to possible solutions. Just today, in fact, I read a story about update failures for the May 11 KB5003173 that used such data to diagnose possible issues with manual Microsoft Edge removals. It seems that leaving old directories behind will stymie the update. See this Windows Latest story for details.

The Consummation You Should Seek

Be it upgrade or update, you’ll eventually want SetupDiag to show you something like this to indicate a successful outcome:

Once you’ve finished troubleshooting, and fixed things, SetupDiag should tell you something like this.
[Click image for full-sized view.]

Cheers!

Facebooklinkedin
Facebooklinkedin

KB5003173 Brings Critical Security Updates

This month’s “Patch Tuesday” fell on  May 11. Windows versions 20H2 and 21H1 went to Build Numbers 19041/42.985. The delivery vehicle KB5003173 brings critical security updates to users, including fixes for three zero-day attacks labeled “critical:”

  • CVE-2021-31204 – .NET and Visual Studio Elevation of Privilege Vulnerability. Affects Visual Studio 2019 version 16.0-16.9, .NET 5.0 and .NET Core 3.1 (reported straight from MS).
  • CVE-2021-31207 – Microsoft Exchange Server Security Feature Bypass Vulnerability. A Microsoft Exchange vulnerability previously used in the 2021 Pwn2Own hacking challenge, attributable to either Devcore or Team Viettel.
  • CVE-2021-31200 – Common Utilities Remote Code Execution Vulnerability (affects Microsoft’s Neural Network Intelligence (NNI) toolkit, and comes courtesy of Abhiram V/Resec System via Github.

Experts Urge Installing KB5003173 Brings Critical Security Updates

Most discussion of the new CU from security experts strongly recommends installing this update (see, for example, this BleepingComputer item). In addition to the 3 critical items already cited, this update fixes 55 vulnerabilities overall, one more of which is also labeled “critical”. 50 are designated “important” and one “Moderate.” To most people in the know, this makes the update worth installing, even though the three afore-mentioned vulnerabilities are not yet known to be exploited in the wild.

What Else Ya Got?

In the KB overview info, MS specifically calls out the following highlights (quoted verbatim from that source):

  • Updates to improve security when Windows performs basic operations.
  • ~Updates to improve Windows OLE (compound documents) security.
  • Updates security for Bluetooth drivers.

That document also mentions security updates to the Windows App Platform and Frameworks, the Windows Kernel, Windows Media, the Microsoft Scripting Engine, and the Windows Silicon Platform. A little bit of everything, in other words. For further details on all 55 items covered in this update, check the May entries in the Security Update Guide from MS.

I concur with the experts: this update is worth installing. Check it out, and make the call for yourself. For the record, I had no trouble with it on any of the half-dozen machines eligible for the update. No issues during install, and nothing noticeable afterwards. So far, anyway…

 

 

Facebooklinkedin
Facebooklinkedin

First Look: Lenovo X12 Tablet PC

I’ve owned a Surface Pro 3 since 2014. Before that I owned a Fujitsu Q704. Both were small, powerful, somewhat loaded i7 tablets. I also had a Dell Venue Pro 11 with an i5 CPU. I liked all of those machines. Indeed, I appreciate a moderately powerful tablet PC that’s  compact and can handle office/productivity work. That’s why I requested “something similar” from Lenovo. They sent me their latest detachable 11th Gen (Tiger Lake) ThinkPad X12 last week. This is my first look: Lenovo X12 Tablet PC introduction and overview.

First Look: Lenovo X12 Tablet PC.Speccy Overview

Speccy lists basic componentry: 4-core 11th-gen i7, 16 GB RAM, Iris Xe graphics, 1 TB WD SSD, Intel AX201 Wi-Fi.
[Click image for full-sized view.]

Taking a First Look: Lenovo X12 Tablet PC

Lenovo also sent me a full-sized wired keyboard and a ThinkPad Thunderbolt 3 Dock Gen 2 (PN: 40AN0135US). I wouldn’t recommend attempting serious use of this device without a USB3 or Thunderbolt 3/4 dock, because it needs backup storage at a minimum. The ability to add one or two monitors via HDMI or DisplayPort is nice, as is wired GbE and a bunch of USB3 ports (4 on the back, 1 on the front). The unit I received MSRP is over US$2,500 but you won’t pay Lenovo more than US$1,700 to actually take it home (not including wired keyboard and Thunderbolt dock).

In the connectivity vein, the X12 features a Thunderbolt 4 controller for its USB-C ports. AFAIK, this is the first time I’ve worked with a PC that has Thunderbolt 4 support, rather than the preceding version. It picked up my Belkin dock immediately (though it’s a Tbolt 3 version device). It just happened to be sitting on the same desk, and immediately brought up the Seagate 5TB and a 16 GB Mushkin USB3 UFD, as you can see in the Speccy screencap above.

My first time to see Thunderbolt 4 come up in the eponymous control center app.

Basics Stats, Look and Feel

The tablet is thin and light (1.67 lbs sans keyboard; 2.4 lbs with). Dimensions are petite at 11.15 x 8.01 x 0.34″ (sans keyboard) or 0.57″ (with keyboard) (in mm that’s 283 x 204 x 8.6 or 14.5). Nevertheless, it feels pretty sturdy in the hand and on the lap (though I don’t much care for the lapabilty of this kind of PC ). If I’m not at a desk or table, I prefer to use the tablet by itself sans keyboard.

It’s got a full HD panel (1920×1280 pixels) that’s rated at around 400 nits of brightness. So far, I’ve found it fine for reading, surfing and handling email (but I really haven’t put it through too many of its paces just yet). I’m not quite familiar enough to rate its battery life yet, either. That said, it’s never flagged while I’ve used it, though I’ve yet to use it for longer than 4 hours.

More to Come … Soon

That’s it for today’s first look. I am impressed enough with the X12 to be considering a purchase of my own such unit. I will take more time to play, measure, and experiment. Then, I’ll know better if my desire to own this beast is merely a passing case of techno-lust, or a genuine desire to own another tablet to replace my aging Surface Pro 3. Stay tuned!

 

Facebooklinkedin
Facebooklinkedin

Resenting Mobile-Only Network UIs

In the process of troubleshooting the LAN here at the Tittel household recently, I replaced a Gen 1 Router/Switch/WAP device with its Gen 2 counterpart. Spectrum provides that equipment for something like $7 a month. I don’t resent that charge. But what has me considering a switch to my own equipment is resenting mobile-only network UIs now forced upon me.

What does that mean? It means I can’t log into the gateway’s TCP/IP address in a Web browser any more to access and manage setup and configuration. No! I must now use the MySpectrum app on a cellphone instead. That’s a problem for all kinds of reasons, some good ones, and some that may sound whiny. Apologies in advance.

Why I’m Resenting Mobile-Only Network UIs

Because I MUST run the device UI through a smartphone app, I’m limited to its tiny screen, virtual touch keyboard, and limited silicon. Basically, that means my 100 wpm typing speed on a keyboard falls off  a cliff when I switch to a screen-based layout. This gives my facility and productivity a massive knock, and earns my displeasure.

And alas, I’m no spring chicken anymore either. At 68, I am already in the habit of viewing web pages at 125% magnification to make things easier on my eyeballs. I’ve been known to bump that to 150% or higher when faced with lots of fine print. Forcing me onto a 750×1334 screen goes against my preferences, and hurts my eyes.

And then there are the UI exigencies that small screens dictate. I checked, and I have to work through 7 screens to reserve an IP address within the new app. It used to be a lot faster and easier under the old, Web-based UI. Sigh.

Now that my rant is ended, I’d like to remind Spectrum that good customer service is about providing accessible alternatives. C’mon guys: if a late middle-aged, early geriatric has mild usability issues, what about others with more severe access or vision impediments? Is a cellphone-only approach really workable for everybody?

Exploring Technology Alternatives

I won’t let this slow me down too much. First, I plan to see if I can get MySpectrum to run on my iPad. I do have a Bluetooth keyboard for that device, and can put it to work for configuration jobs. I also see that long-time high-value remote access app TeamViewer lets users run a cellphone app from a PC desktop. That’s not the usual path for remote access between such devices, but it might be just what I need.

Stay tuned. Once my current fit of pique subsides, I may find some kind of workable alternative or usage scenario. If I do, I’ll report back with more info.

Facebooklinkedin
Facebooklinkedin

NirSoft BlueScreenView Worth Learning

Israeli developer Nir Sofer is the person behind the outstanding Windows utility site nirsoft.net. I’ll be describing his blue screen viewing tool in today’s item. And when I explain what makes NirSoft BlueScreenView worth learning, I mean it is something handy to have around for both Windows professionals and enthusiasts.

Why say this? Because, sooner or later, nearly every Windows PC experiences a crash. In older Windows versions, such a screen was invariably blue. That earned it the initialism BSOD, for “Blue Screen of Death.” In Windows 10, such screens sometimes come up in green instead and may be called GSODs for that reason. For a fascinating historical look at BSODs from the past, check out Mark Russinovich’s evil little BlueScreen Screen Saver. It not only simulates BSODs, it also simulates the data acquisition and reboot phases that follow immediately thereafter.  Says Russinovich “…its accuracy will fool even advanced NT developers” (it does not, however, look like a real Windows 10 BSOD or GSOD). Like I said: it’s evil.

Why Is NirSoft BlueScreenView Worth Learning?

Simply put, this nice little tool reads the dump files that Windows collects as it recovers from a serious error. It provides immediate insight into what blew up, and what other OS and application modules were involved.

You can provoke BSOD with an input string to an administrative command prompt, if you like. WARNING! This will immediately crash the PC into which it is entered. Close all apps, and save your work beforehand, to avoid unpleasant surprises.

That command string is:

taskkill /im svchost.exe /f

Svchost.exe is a critical Windows 10 process. It acts as a shell for loading services based around dynamic load library (DLL) files. Because DLLs are often shared, multiple processes will call on a single svchost.exe instance to access its DLL. By running this command you’re killing all svchost instances immediately. This renders Windows unable to run, so it crashes instead.

The flag in the resulting BSOD reads “CRITICAL_PROCESS_DIED.” That brief phrase tells you that, except as a sure-fire way of provoking a BSOD, this is an extremely bad idea. But it’s a useful technique to cause a bluescreen, to show what NirSoft BlueScreenView can do.

NirSoft BlueScreenView Worth Learning.bsd-windows

Dump files in top pane, Dump trace in lower pane. This one shows the CRITICAL_PROCESS_DIED error from the lead-in graphic.
[Click image for full-sized view.]

Working Through BlueScreenView Output

As you examine the image above, you’ll see a dump file that starts with a date string (051021) and ends with the tell-tale file extension “.dmp”. It shows a time stamp, the bug check string, and a bug check code, followed by up to 4 parameters. It also shows which driver caused the crash: in this case, we killed the driver for the operating sytem kernel itself! (That’s noskrnl.exe plus a hex offset, as shown in column 9.)

Generally when I’m using this tool, I look first at Column 9 (caused by driver). That’s because the transitory blue screen window provides most of the preceding data. I usually care most about the bug check string and code because they make dandy lookup strings for guidance online. Column 9 points to the actual cause, and can be extremely informative.

Spend a little time with this tool, and use it to practice reading dump files. Trust me: it’ll come in handy someday. ‘Nuff said

Facebooklinkedin
Facebooklinkedin

More Networking Trouble Manifests

Wouldn’t you know it? Today’s a busy day here at Chez Tittel. I’ve got multiple deliverables due, and it’s my son’s “A day” at school (8 classes, several of them challenging). “The Boss” needs her Internet access, too, for purposes both commercial and personal.  That’s no doubt why today, of all days, more networking trouble manifests here and now. For as long as two hours we had no access at all.

When More Networking Trouble Manifests, Then What?

Yesterday, I was inclined to blame my aging desktop when only its NIC stopped working. Today, we lost not just all of the wired connections, but wireless was popping in and out, too. Suddenly things were much clearer: the combination WAP/router from Spectrum was failing — or flailing — intermittently.

A quick call to tech support confirmed that (a) I have a first-gen WAP/router device for the company’s 1 Gbe service and (b) such behavior  happens often enough for team members to know about it. My friendly support guy “Jeff” suggested I drive over to the nearest Spectrum offices and trade in the current unit for a new one.

In the Land of the Blind…

Fortunately, the nearest such office is less than 15 minutes from the house. So I packed up the WAP/router, jumped in the car, drove over and swapped it for a replacement device. Surprise! It’s got a 2.5 GbE interface between cable modem and WAP/router, which I supposed is all to the good.

Even more fortunately, it proved to be (mostly) a matter of plug-and-play upon installing the new device. I did have to reboot the cable modem to get it to recognize and talk to the WAP/router (by getting its MAC address table updated, I assume). I will have to do some clean-up work (static IP assignments for my networked printers) later.

But for now, things are working more or less as they should be. I’m keeping my fingers crossed that they’ll stay that way. I’ve learned now that a failing switch can make NIC drivers go wonky, and have added to my store of troubleshooting lore and experience.

And that’s the way things go sometimes, here in Windows-World! Sigh.

Facebooklinkedin
Facebooklinkedin

GbE Adapter Driver Goes MIA

I had an interesting if unwanted surprise waiting for me when I returned to my production PC after taking a break this morning. Instead of my usual Internet connection, I had zilch. Domain names weren’t resolving. Running IPCONFIG I saw an APIPA address (starts with 169.x.x.x). I knew this meant my NIC had lost its connection with the primary network router, from whence DNS, DHCP and Internet access come. Upon checking the driver in Device Manager, I saw these dreaded words “No drivers are installed for this device” (see above). Indeed when a GbE adapter driver goes MIA, there isn’t much you can do with that device until the driver gets fixed.

If GbE Adapter Driver Goes MIA, Then What?

Fortunately my Asrock Extreme 7+ has two GbE adapters: an Intel I211 and an Intel I219-V. It was the I219-V that dropped off the network. But when I plugged in the I211, it immediately resumed operation. My suspicion: driver corruption in the I219-V driver. So I visited the Intel download site and grabbed a copy of the 26_2.zip Intel Ethernet Adapter Complete Driver Pack.

But then, things got interesting. The same thing that happened with the I219-V started up with the I211. It wasn’t until I reinstalled a new driver from the Intel pack linked above that the I219-V returned to normal operation. I ran DISM /checkhealth with nothing found, but SFC /scannow did report making some repairs. Something odd has definitely hit my production networking facilities.

Bracing for the Inevitable…

I’ve been pondering a new desktop PC build for some time now. This rig is built around an Asrock Extreme7+ and an i7-6700 Skylake processor . Both made their debut in Autumn 2015 (the chip in September, the board in November). As I recall I built this system in the Spring of 2016. That’s now more than 5 years ago. I’m inclined to think this may be fate’s way of telling me it’s time to replace my desktop. Time to revisit and revise my build plans, and get on the stick.

Note Added May 7 (One Day Later)

Today, the whole network here at Chez Tittel blew up. Weird wireless and wired LAN behavior convinced me the Spectrum-supplied WAP/Router/switch device was losing … something. A quick trip to the Spectrum store and a device swap set things right. Read all about it here: More Network Trouble Manifests.

Facebooklinkedin
Facebooklinkedin

Beware Potential Defender Engine 1.1.18100.5 Gotcha

Here’s an interesting item. Check your system/boot (usually C:) drive in Windows 10. If it’s filling up (or full), that may come from a (hopefully temporary) Windows Defender gotcha. The program starts creating loads of 2K binary files in the Scans/History/Store subfolder. Ghacks reports tens of thousands to nearly a million such files showing up on affected PCs. Normally, a healthy Defender installation has one or two files in this folder (shown in the lead-in graphic). That makes it easy to check if a system is subject to this potential Defender Engine 1.1.18100.5 gotcha.

How to Check For Potential Defender Engine 1.1.18100.5 Gotcha

The complete directory path to check is:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store
If  you see more than a handful of files there, you may be subject to the gotcha. It it’s chock-full of files and your C: drive is filling up, the gotcha is active! It’s OK to delete those files (Defender will make more), according to Brinkmann.

Brinkmann theorizes that the current Defender Engine version — namely 1.1.18100.5 — is responsible. He says MS is aware of the gotcha, and is planning a  fix with the next engine update. That new version should carry an ID of 1.1.18100.6, and be ready as soon as Thursday, May 6.

FWIW, I checked all of my Windows 10 PCs. While all of them are indeed running Engine version 1.1.18500.5, none of them is showing symptoms indicative of the gotcha. Clearly, it’s out there. But it’s not clear how widespread or active this gotcha may be. And it sounds like MS is already working on a fix that should do away with it completely.

At least, we don’t have to wait too long to find out if a fix is forthcoming. As I write this item, it could be just over 24 hours from release. For the record, Microsoft updates usually hit the Internet at 9:00 AM Pacific Time on release days. That’s about 26.5 hours from now.

Note Added May 5 Afternoon

A new engine build is already out,  and should download automatically to all Windows 10 PCs running Defender. I just found it already installed on my test PCs, to wit:

Potential Defender Engine 1.1.18100.5 Gotcha.new-engine

Note the new engine is out: 1.1.18100.6. Problem solved!

That was quick! Glad MS is on the ball today. Thanks to @WindowsInsider and the whole Windows Team.

Facebooklinkedin
Facebooklinkedin

DevMgr Gets View Devices by Driver Option

Here’s something new and interesting. Dev Channel Insiders can see a new View menu option in Device manager. That’s right: with Build 21370, DevMgr gets View Devices by Driver option.

The menu element is shown in the lead-in graphic for this story, above. To the left, find a long version of that same screencap. It’s menu-free and shows just under half of the total listing that appears.

Please note: you can see all drivers listed using oemnnn.inf names. In fact, these are assigned as drivers get installed. To the right, you see the true driver name — e.g. netwbw02.inf for oem1.inf –which tells you it’s a Bluetooth networking driver of some kind.

This Lenovo ThinkPad X380 Yoga has 119 drivers installed. That’s a pretty normal count for a Windows 10 PC.

As I look at my other Windows 10 PCs, I see driver counts as low as the low 80s to as high as the low 200s. Actually, that number depends on how many devices (both Microsoft and third-party) are installed in some specific Windows 10 image. Indeed, what’s present and accounted for is what shows up in such tools and their listings.

Is DevMgr Gets View Devices by Driver Option Good?

The purpose of the change, according to Sergey Tkachenko at WinAero.com, is to “make it easier to see what hardware is using which drivers.” I’ve grown fond of the GitHub project DriverStore Explorer (RAPR.exe) for that same purpose, but it is nice to get easy access to the OEM numbers associated with drivers as in this view. Any device name with a carat to its left (e.g. oem11.inf) is actually the root of a device tree. Expand same by clicking the carat and you see various PCIe, LPC and PMC controllers for which it is a parent.

This view is pretty handy for understanding how some hardware elements in a PC are related to others. In fact, this makes for an interesting, informative and useful addition to Device Manager. It’s rumored to be targeted for inclusion in the 21H2 “Sun Valley” release of Windows 10. That’s far enough out that it could easily change. Stay tuned, and i”ll keep you informed. DevMgr has always been a fave tool for me, so I’m more than just a little interested.

Facebooklinkedin
Facebooklinkedin

N&I Rollout Hits Production PCs

It’s heeeeeeeere! The Dell Optiplex 7080, with its 10th-generation i7 CPU, popped up with News & Interests (N&I) in the notification area. This followed after updating to KB5001030. I’d read this was underway. But I now have personal, tangible evidence that the N&I rollout hits production PCs. Now the question becomes: how long will the rollout take to get to other, older PCs?

I See That N&I Rollout Hits Production PCs

You can see it, too, in the lead-in graphic for this story. It shows the Winver.exe  window just above the notification area, including the “weather bug” for N&I. So far, this is the only 19042 or 19043 PC (I have 5 of them altogether) on which N&I has made an appearance.

As you can read in this Windows Latest story, the rollout is underway. But I can tell you from personal observation that it’s hit fewer rather than more of its potential targets at the moment. Here’s how the afore-linked story explains things:

Unfortunately, the feature isn’t available yet for all users, according to several user reports. It looks like a wider rollout is not expected until the end of the month.

That story also concludes with the following statements:

News and Interests feed will be enabled automatically with a server-side update. More users are expected to receive the feature on May 11, while others will get it by the end of the month or in June.

I’m inclined to go along with this, though I do find myself wondering where and how they come up with this information. There hasn’t been much discussion about how rollouts work from MS itself, except to say that it starts out with a smaller population of PCs, and gradually extends its coverage to includes a larger population over time. Seems like the veracity of the timing will be demonstrated in the next 7 to 8 weeks. We’ll see!

Facebooklinkedin
Facebooklinkedin