Force DPI Scaling For Configuration Manager Console

Versions of Configuration Manager Console prior to 1704 are painful to use on  4K displays which much of the text either completely unreadable or requires use of magnifier…

A shim can be created using Application Compatibility Administrator (x86) from the Windows ADK to generate a fix using the DpiUnaware shim. This could also be applied to any application that displays incorrectly on high DPI screens.

image

 

This SHIM can also be downloaded here https://1drv.ms/u/s!AiFhB4fT6aiTgdwnQTct1TdZHK1swQ

This can be installed from administrative cmd prompt :

sdbinst HighDpiFix.sdb

Posted in AppCompat, ConfigMgr | Tagged | Leave a comment

Case of the OneDrive for Business “Sorry can’t add your folder right now”

Setting up OneDrive for Business successfully completed sign-in and two factor authentication, but failed on final step with error:

Sorry, OneDrive can’t add your folder right now

Please contact support.

image

Taking a trace with Fiddler showed a HTTP 501 error occurring:

HTTP Request

GET https://mycompany-my.sharepoint.com/personal/malcolm_mccaffery_mycompany_com_au/_api/SPFileSync/sync/a5dbb123de934919a713088f2308a099/RootFolder HTTP/1.1
Connection: Keep-Alive
Accept-Language: en-AU
Cookie: SPOIDCRL=…
User-Agent: Microsoft SkyDriveSync 17.3.6799.0327 ship; Windows NT 6.3 (9600)
Application: OneDriveSync
X-MachineDomainInfo: {19B44062-2A9A-4D7E-AF96-92F286583EA3}
X-MachineId: 565a5069-f661-462d-8b1e-f138a34a14d1
X-RequestStats: btuc=0;did=380d4a0e-68e8-ca9e-abea-ca20c1862c8f;ftuc=0;
X-TransactionId: …
Host: mycompany-my.sharepoint.com

HTTP Response

HTTP/1.1 501 Not Implemented
Cache-Control: private, max-age=0
Expires: Sat, 06 May 2017 11:06:03 GMT
Last-Modified: Sun, 21 May 2017 11:06:03 GMT
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
X-SP-SERVERSTATE: ReadOnly=0
X-SyncError: 3031
X-ClientErrorCode: MachineIsNotAllowedToSync
SPClientServiceRequestDuration: 26
SPRequestDuration: 83
X-AspNet-Version: 4.0.30319
SPRequestGuid: c5cdf39d-5091-3000-fc55-e85a5fc44411
request-id: c5cdf39d-5091-3000-fc55-e85a5fc44411
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 16.0.0.6511
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
P3P: CP=”ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI”
Date: Sun, 21 May 2017 11:06:04 GMT
Content-Length: 0

On a working machine the request only had two differences

GET https://mycompany-my.sharepoint.com/personal/malcolm_mccaffery_mycompany_com_au/_api/SPFileSync/sync/a5dbb123de934919a713088f2308a099/RootFolder HTTP/1.1
Connection: Keep-Alive
Accept-Language: en-AU
Cookie: SPOIDCRL=…
User-Agent: Microsoft SkyDriveSync 17.3.6798.0207 ship; Windows NT 6.3 (9600)
Application: OneDriveSync
X-MachineDomainInfo: {8ABF2899-769C-4892-B86C-7DDE44C75D1F}
X-MachineId: 565a5069-f772-462d-8b1r-g138a41a14e5
X-RequestStats: btuc=0;did=c97f4f1a-9ffd-3100-313d-6cf40b68bab4;ftuc=0;
X-TransactionId: …
Host: mycompany-my.sharepoint.com

 

The reason for the failure is client has implemented tenant sync client restriction by domain GUID; the failing device is on a different domain than those that had been allowed.

This can be fixed by running PowerShell cmdlet to enable all required domain GUIDs, like so:

Set-SPOTenantSyncClientRestriction -Enable -DomainGuids “786548DD-877B-4760-A749-6B1EFBC1190A; 877564FF-877B-4760-A749-6B1EFBC1190A”

To workout domain GUIDs in an environment you can use the following PowerShell cmd:

$domains = (Get-ADForest).Domains; foreach($d in $domains) {Get-ADDomain -Identity $d | Select ObjectGuid}

The domain’s objectGUID can also be viewed with tools like ADExplorer 

We also learn that by using Fiddler you can get much better info about the reason for  OneDrive error message, then OneDrive offers…

You can simulate a different Domain GUID by using Fiddler AutoResponder feature:

image

Posted in Fiddler, Office, Troubleshooting | Tagged | Leave a comment

Unable to Import Boot Images in ConfigMgr on Server 2016

Attempting to import any boot image in ConfigMgr console showed the following error:

The specified file can not be imported. Make sure the file is not read only and you have read and write access to it.

Checking share and NTFS permissions, confirming file is not read only I then checked C:\Program Files\Microsoft Configuration Manager\Logs\SMSProv.log on the ConfigMgr server.

Searching the log file for the share my boot WIM was in found the relevant error message:

WIM index is 1.  $$<SMS Provider><05-04-2017 21:39:18.026-600><thread=9680 (0x25D0)>
Image language ID 1033 and en-US~  $$<SMS Provider><05-04-2017 21:39:18.027-600><thread=9680 (0x25D0)>
Loaded the image from \\sccmdc01\SWSRC\Boot Images\{A510ED17-35CA-43F4-9AAD-1D2C304F090C}.wim.  $$<SMS Provider><05-04-2017 21:39:18.073-600><thread=9680 (0x25D0)>
Temporary path for WIM file is C:\Windows\TEMP\BootImages\{3F3D2BE5-C6E3-4572-BCF7-CE6021840F6F}\temp.  $$<SMS Provider><05-04-2017 21:39:18.075-600><thread=9680 (0x25D0)>
Loaded the image index 1.  $$<SMS Provider><05-04-2017 21:39:18.108-600><thread=9680 (0x25D0)>
ERROR> failed to mount wim file, err=577~  $$<SMS Provider><05-04-2017 21:39:18.117-600><thread=9680 (0x25D0)>
~*~*~e:\cm1702_rtm\sms\siteserver\sdk_provider\smsprov\sspbootimagepackage.cpp(4143) : Failed to insert OSD binaries into the WIM file~*~*~  $$<SMS Provider><05-04-2017 21:39:18.502-600><thread=9680 (0x25D0)>
~*~*~Failed to insert OSD binaries into the WIM file ~*~*~  $$<SMS Provider><05-04-2017 21:39:18.503-600><thread=9680 (0x25D0)>

To translate error 577 ran cmd line:

C:\Users\chentiangemalc>net helpmsg 577

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

This is same issue we saw here

The server had Secure Boot Enabled + ADK 1703 installed. Disabling Secure Boot on server allowed the boot image to be imported.

Posted in ConfigMgr, Windows 10 | Leave a comment

Case of The ICACLS /RESET Destruction

Someone advised me their Windows 10 had become extremely unstable. Issues included Edge would open for a second then immediately close. In addition frequently they received the message “The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?”

image

Application event log errors included the following:

Log Name:      Application
Source:        Application Error
Date:          27/04/2017 5:58:02 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      DESKTOP-RCS3NTQ
Description:
Faulting application name: MicrosoftEdge.exe, version: 11.0.15063.0, time stamp: 0x58ccbc85
Faulting module name: EMODEL.dll, version: 11.0.15063.0, time stamp: 0x00d0adc7
Exception code: 0xc0000409
Fault offset: 0x00000000000ea8ec
Faulting process id: 0x16dc
Faulting application start time: 0x01d2bf2bfec2d16d
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\EMODEL.dll
Report Id: ee61e1dc-0cf7-4f78-aab5-b261ad5f966c
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Log Name:      Application
Source:        Microsoft-Windows-Immersive-Shell
Date:          27/04/2017 5:58:05 PM
Event ID:      5973
Task Category: (5973)
Level:         Error
Keywords:     
User:          DESKTOP-RCS3NTQ\chentiangemalc
Computer:      DESKTOP-RCS3NTQ
Description:
Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: The app didn’t start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

In Windows Event Viewer under Applications and Service Logs –> Microsoft –> Apps we find Microsoft-Windows-TWinUI/Operational even log which had the following errors:

Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          27/04/2017 5:58:05 PM
Event ID:      5990
Task Category: (5961)
Level:         Error
Keywords:     
User:          DESKTOP-RCS3NTQ\chentiangemalc
Computer:      DESKTOP-RCS3NTQ
Description:
Activation via contract helper of the app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge for the Windows.Launch contract failed with Server execution failed.

Log Name:      Microsoft-Windows-TWinUI/Operational
Source:        Microsoft-Windows-Immersive-Shell
Date:          27/04/2017 5:58:05 PM
Event ID:      5961
Task Category: (5961)
Level:         Error
Keywords:     
User:          DESKTOP-RCS3NTQ\chentiangemalc
Computer:      DESKTOP-RCS3NTQ
Description:
Activation of the app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge for the Windows.Launch contract failed with error: The app didn’t start..

If in Event Viewer we select View –> Show Analytic and Debug Logs and enable the Microsoft-Windows-TWinUI/Diagnostic we get this event:

Log Name:      Microsoft-Windows-TWinUI/Diagnostic
Source:        Microsoft-Windows-Immersive-Shell
Date:          27/04/2017 6:21:23 PM
Event ID:      5965
Task Category: (5965)
Level:         Information
Keywords:     
User:          DESKTOP-RCS3NTQ\chentiangemalc
Computer:      DESKTOP-RCS3NTQ
Description:
The description for Event ID 5965 from source Microsoft-Windows-Immersive-Shell cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

AppId: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
ContractId: Windows.Launch
HRESULT: 2148007941

The message id for the desired message could not be found

Decoding the HRESULT , using method shown here works out the equivalent Windows error message is “Access Denied”

Enabling user mode crash dumps with registry keys here results in a Edge crash dump file with the following stack:

0:007> kn
# Child-SP          RetAddr           Call Site
00 000000b4`a8efc8d8 00007ff9`6ea95ba1 ntdll!NtWaitForMultipleObjects+0x14
01 000000b4`a8efc8e0 00007ff9`6ea94e31 ntdll!WerpWaitForCrashReporting+0x6d
02 000000b4`a8efc940 00007ff9`6ea94867 ntdll!RtlReportExceptionHelper+0x269
03 000000b4`a8efceb0 00007ff9`60a21068 ntdll!RtlReportException+0x77
04 000000b4`a8efcf30 00007ff9`60a21312 MrmCoreR!Microsoft::Resources::FatalExceptionFilter+0x14
05 000000b4`a8efcf60 00007ff9`6eb26bd6 MrmCoreR!`Microsoft::Resources::ReportFatalException_MachineIssue_PathNotFound’::`1′::filt$0+0xe
06 000000b4`a8efcf90 00007ff9`6eb3ab9d ntdll!_C_specific_handler+0x96
07 000000b4`a8efd000 00007ff9`6ead9913 ntdll!RtlpExecuteHandlerForException+0xd
08 000000b4`a8efd030 00007ff9`6eadb629 ntdll!RtlDispatchException+0x373
09 000000b4`a8efd730 00007ff9`6b923c58 ntdll!RtlRaiseException+0x2d9
0a 000000b4`a8efdf90 00007ff9`60a212fc KERNELBASE!RaiseException+0x68
0b 000000b4`a8efe070 00007ff9`60a21130 MrmCoreR!Microsoft::Resources::ReportFatalException_MachineIssue_PathNotFound+0x34
0c 000000b4`a8efe0b0 00007ff9`609e6ac4 MrmCoreR!Microsoft::Resources::HandleFatalError+0xa4
0d 000000b4`a8efe0e0 00007ff9`609a0947 MrmCoreR!Microsoft::Resources::MetroAppClientProfile::GetMergeFolders+0x3e6e4
0e 000000b4`a8efe380 00007ff9`609a088e MrmCoreR!Microsoft::Resources::UnifiedResourceView::GetMergeFolderFromProfile+0x7f
0f 000000b4`a8efe3f0 00007ff9`609a234b MrmCoreR!Microsoft::Resources::UnifiedResourceView::GetAutoMergeSystemFolder+0x3e
10 000000b4`a8efe420 00007ff9`609a1e28 MrmCoreR!Microsoft::Resources::UnifiedResourceView::UnifiedViewFileInfo::AttemptAutoMerge+0x1a3
11 000000b4`a8efe7e0 00007ff9`609a0f10 MrmCoreR!Microsoft::Resources::UnifiedResourceView::UnifiedViewFileInfo::New+0xfc
12 000000b4`a8efe850 00007ff9`6099f561 MrmCoreR!Microsoft::Resources::UnifiedResourceView::LoadPriFiles+0x1d4
13 000000b4`a8efe920 00007ff9`6099f7da MrmCoreR!Microsoft::Resources::Runtime::CResourceManagerInternal::LoadPriFiles+0xb5
14 000000b4`a8efe9c0 00007ff9`6099fa85 MrmCoreR!Microsoft::Resources::Runtime::CResourceManagerInternal::LoadPriFile+0xba
15 000000b4`a8efeaa0 00007ff9`6099fc17 MrmCoreR!Microsoft::Resources::Runtime::CResourceManagerInternal::InitializeWithProfile+0x149
16 000000b4`a8efeb50 00007ff9`609d9a20 MrmCoreR!Microsoft::Resources::Runtime::CResourceManagerInternal::InitializeForCurrentApplication+0x2f
17 000000b4`a8efeb80 00007ff9`609a90a1 MrmCoreR!Microsoft::Resources::Runtime::CResourceManagerInternal::s_GetPackageDefaultResourceManagerInternal+0xd4
18 000000b4`a8efee10 00007ff9`609cee74 MrmCoreR!Windows::ApplicationModel::Resources::Core::CResourceManagerFactory::get_Current+0x111
19 000000b4`a8efee90 00007ff9`609ced46 MrmCoreR!Windows::ApplicationModel::Resources::Core::CResourceContextFactory::s_GetSingletonResourceManager+0x70
1a 000000b4`a8efeed0 00007ff9`609cf152 MrmCoreR!Windows::ApplicationModel::Resources::Core::CResourceContextFactory::GetForViewIndependentUse+0x36
1b 000000b4`a8efef20 00007ff9`609cf080 MrmCoreR!Windows::ApplicationModel::Resources::CResourceLoaderFactory::GetForViewIndependentUseWithName+0x92
1c 000000b4`a8efefa0 00007ff9`3d132e57 MrmCoreR!Windows::ApplicationModel::Resources::CResourceLoaderFactory::GetForViewIndependentUse+0x60
1d 000000b4`a8eff000 00007ff9`3d1099a7 eView!Windows::ApplicationModel::Resources::ResourceLoader::GetForViewIndependentUse+0x7b
1e 000000b4`a8eff070 00007ff9`3d10a8d5 eView!?InitializePlaceholderText@?Q__IAddressEditBoxViewModelPublicNonVirtuals@ViewModel@SpModel@@AddressEditBoxViewModel@23@UE$AAAXXZ+0x37
1f 000000b4`a8eff110 00007ff9`3d11e38a eView!SpModel::ViewModel::AddressEditBoxViewModel::AddressEditBoxViewModel+0x4d9
20 000000b4`a8eff1e0 00007ff9`3d11e68f eView!?get@?QAddressEditBox@__IBrowserViewModelPublicNonVirtuals@ViewModel@SpModel@@1BrowserViewModel@34@UE$AAAPE$AAVAddressEditBoxViewModel@34@XZ+0x9a
21 000000b4`a8eff220 00007ff9`3d11e7cd eView!SpModel::ViewModel::BrowserViewModel::Initialize+0x1d7
22 000000b4`a8eff270 00007ff9`3d163e4b eView!SpModel::ViewModel::BrowserViewModel::BrowserViewModel+0xd1
23 000000b4`a8eff2c0 00007ff9`3d164009 eView!?CreateInstance@?Q__IBrowserViewModelFactory@ViewModel@SpModel@@__BrowserViewModelActivationFactory@23@UE$AAAPE$AAVBrowserViewModel@23@W4FormFactor@3@I@Z+0x3b
24 000000b4`a8eff300 00007ff6`230ec7b0 eView!?__abi_SpModel_ViewModel___IBrowserViewModelFactory____abi___CreateInstance__1@?Q__IBrowserViewModelFactory@ViewModel@SpModel@@__BrowserViewModelActivationFactory@23@UE$AAAJW4FormFactor@3@IPEAPE$AAVBrowserViewModel@23@@Z+0x29
25 000000b4`a8eff340 00007ff6`2304b523 MicrosoftEdge!SpModel::ViewModel::BrowserViewModel::BrowserViewModel+0x88
26 000000b4`a8eff3c0 00007ff6`230eea9f MicrosoftEdge!SpartanXAML::App::App+0x6af
27 000000b4`a8eff5a0 00007ff6`230ed801 MicrosoftEdge!Platform::Details::__abi_FunctorCapture<<lambda_6b8fdf901351a57c212d2bb8baed4a63>,void,Windows::UI::Xaml::ApplicationInitializationCallbackParams ^ __ptr64>::Invoke+0x8f
28 000000b4`a8eff610 00007ff9`5fa9ee61 MicrosoftEdge!?__abi_Windows_UI_Xaml_ApplicationInitializationCallback___abi_IDelegate____abi_Invoke@?Q__abi_IDelegate@ApplicationInitializationCallback@Xaml@UI@Windows@@2345@UE$AAAJPE$AAVApplicationInitializationCallbackParams@345@@Z+0x31
29 000000b4`a8eff650 00007ff9`5fa9eb7c Windows_UI_Xaml!DirectUI::FrameworkApplication::MainASTAInitialize+0xa9 [d:\rs1\onecoreuap\windows\dxaml\xcp\dxaml\lib\frameworkapplication_partial.cpp @ 563]
2a 000000b4`a8eff690 00007ff9`69970495 Windows_UI_Xaml!DirectUI::FrameworkView::Initialize+0x6c [d:\rs1\onecoreuap\windows\dxaml\xcp\dxaml\lib\frameworkview_partial.cpp @ 53]
2b 000000b4`a8eff6d0 00007ff9`699be3a1 twinapi_appcore!Windows::ApplicationModel::Core::CoreApplicationView::CreateAndInitializeFrameworkView+0xa5
2c 000000b4`a8eff700 00007ff9`6bd45b62 twinapi_appcore!Microsoft::WRL::ComPtr<Windows::UI::Core::ICoreDispatcher>::operator=+0xed1
2d 000000b4`a8eff750 00007ff9`6e878364 SHCore!Microsoft::WRL::Details::RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>::~RuntimeClass<Microsoft::WRL::Details::InterfaceList<CRandomAccessStreamBase,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IRandomAccessStreamWithContentType,Microsoft::WRL::Details::InterfaceList<Windows::Storage::Streams::IContentTypeProvider,Microsoft::WRL::Details::InterfaceList<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<3>,Microsoft::WRL::CloakedIid<IRandomAccessStreamMode>,Microsoft::WRL::CloakedIid<IRandomAccessStreamFileAccessMode>,Microsoft::WRL::CloakedIid<IObjectWithDeferredInvoke>,Microsoft::WRL::CloakedIid<IObjectWithFileHandle>,Microsoft::WRL::CloakedIid<IUnbufferedFileHandleProvider>,Microsoft::WRL::CloakedIid<IRandomAccessStreamPrivate>,Microsoft::WRL::CloakedIid<ITransactedModeOverride>,Microsoft::WRL::CloakedIid<CFTMCrossProcServer>,Microsoft::WRL::Details::Nil>,Microsoft::WRL::Details::Nil> > > >,Microsoft::WRL::RuntimeClassFlags<3>,1,1,0>+0x1ea
2e 000000b4`a8eff840 00007ff9`6eaf70d1 kernel32!BaseThreadInitThunk+0x14
2f 000000b4`a8eff870 00000000`00000000 ntdll!RtlUserThreadStart+0x21


Launching ProcMon with a filter to include:

  • Process Name Contains Edge
  • Result is ACCESS DENIED

We find on the broken machine a single ACCESS DENIED on path C:\Users\chentiangemalc\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC

image

However on a working launch of Edge there were many more ACCESS DENIED events

image

However the working machine did succeed on AC folder.

image

To check what’s different with permissions I checked the permissions on working vs broken machine with the following command:

icacls %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC

Working Broken

S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
DESKTOP-RTTN04O\chentiangemalc:(I)(OI)(CI)(F)
Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194:(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)

Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

From this we can see the user is now missing Full Control, that is present in the working session. On the broken machine granting user full control to the folder fixes the issue:

icacls %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC /grant %username%:F

Edge now launches without crashing.

The Recycle Bin issue is caused by same problem, C:\$Recycle.Bin\<User’s SID> has had the user’s FULL CONTROL permission removed from it.

What caused issue in the first place?

Speaking with support staff identified that someone had tried to fix an issue by implementing a fix popularly spread across the internets as a magic fix for all types of problems:

C:\>icacls * /T /Q /C /RESET

One can expect this user will have many more issues caused by file permission corruption…

Wonder what the default permissions are for a file in Windows? I’ve saved that information here: https://1drv.ms/u/s!AiFhB4fT6aiTgdwAFvFYC7hzeHg4oQ (4.33 MB ZIP file, containing 150 MB txt file)

Posted in WinDbg, Windows 10, Microsoft Edge | Tagged | Leave a comment

Windows 10 Update Assistant – Something Went Wrong 0x80070241

Attempting to run Windows 10 Update Assistant for Windows 10 Creator’s update failed with error 0x80070241.

SomethingWentWrong

Checking C:\$WINDOWS.~BT\Sources\Panther\setuperr.log we find the following errors:

SP     CMountWIM::DoExecute: Failed to mount WIM file C:\$WINDOWS.~BT\Sources\SafeOS\winre.wim. Error 0x80070241[gle=0x00000241]
SP     Operation failed: Mount WIM file C:\$WINDOWS.~BT\Sources\SafeOS\winre.wim, index 1 to C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount. Error: 0x80070241[gle=0x000000b7]
MOUPG  MoSetupPlatform: ExecuteCurrentOperations reported failure!
MOUPG  MoSetupPlatform: Using action error code: [0x80070241]
MOUPG  CDlpActionImageDeploy::ExecuteRoutine(450): Result = 0x80070241
MOUPG  CDlpActionImpl<class CDlpErrorImpl<class CDlpObjectInternalImpl<class CUnknownImpl<class IMoSetupDlpAction> > > >::Execute(441): Result = 0x80070241
MOUPG  CDlpTask::ExecuteAction(3243): Result = 0x80070241
MOUPG  CDlpTask::ExecuteActions(3397): Result = 0x80070241
MOUPG  CDlpTask::Execute(1631): Result = 0x80070241
MOUPG  CSetupManager::ExecuteTask(2083): Result = 0x80070241
MOUPG  CSetupManager::ExecuteTask(2046): Result = 0x80070241
MOUPG  CSetupManager::ExecuteInstallMode(833): Result = 0x80070241
MOUPG  CSetupManager::ExecuteDownlevelMode(396): Result = 0x80070241
SP     CDeploymentBase::CleanupMounts: Unable to unmount the directory C:\$WINDOWS.~BT\Sources\SafeOS\SafeOS.Mount. Error: 0xC142011C[gle=0xc142011c]
MOUPG  CSetupManager::Execute(232): Result = 0x80070241
MOUPG  CSetupHost::Execute(368): Result = 0x80070241

So I attempted to mount the C:\$WINDOWS.~BT\Sources\SafeOS\winre.wim manually. This failed, checking log file at C:\Windows\Logs\DISM\dism.log we find the following errors:

[3280] [0x80070241] OpenFilterPort:(408): Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
[3280] [0x80070241] FltCommVerifyFilterPresent:(502): Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
[3280] [0x80070241] WIMMountImageHandle:(1241): Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
[3280] [0x80070002] StateStoreRemoveMountedImage:(1030): The system cannot find the file specified.
[3280] [0x80070002] WIMMountImageHandle:(1482): The system cannot find the file specified.

These errors are a known issue when using Windows ADK 1703 with Secure Boot Enabled.

Disabling Secure Boot, or uninstalling Windows ADK 1703 fixes the issue.

If disabling secure boot and you have BitLocker enabled, ensure you have BitLocker recovery key before disabling. (i.e. manage-bde -protectors -get C: )

If disabling secure boot, recommend it is re-enabled after update is complete.

Posted in Windows 10 | Tagged | Leave a comment

Case of the Empty Properties in ConfigMgr WMI Queries

To improve ConfigMgr performance, by default not all properties are retrieved when running a WMI query. The ConfigMgr PowerShell cmdlets by default retrieve all properties, but have a –Fast option, which gives us the same results as the normal WMI query.

In some cases it’s inconvenient to use the ConfigMgr cmdlets due to requirements of having Configuration Manager Console installed. While it is not to hard to hack a way around this limitation, it still requires a lot of DLLs from Configuration Manager install to make it work.

In this case I wanted to retrieve SDMPackageXML property of SMS_Application class, but normal WMI query returns NULL for this property.

Example code:

$server = "sccm01.testad.local"
$site = "TST"
$session = New-CimSession -ComputerName $server 
$sessionInfo = @{
    CimSession = $session
    NameSpace = "root\SMS\site_$site"
}

$appInfo = Get-CimInstance @sessionInfo -ClassName "SMS_Application" -Filter "LocalizedDisplayName = 'Microsoft Office 97' AND IsLatest = 1"

Result, SDMPackageXML is empty, the same as if –fast option has been used with Get-CMApplication in Powershell.

image

To figure out what was going on I monitored Powershell process with API monitor monitoring System Administration –> Windows Management Instrumentation (WMI)

image

Then I ran two PowerShell commands

Get-CMApplication -Name "Microsoft Office 97"
Get-CMApplication -Name "Micorosft Office 97" -fast

Checking the API monitor log we can see what was different:

Without FAST option

IWbemLocator::ConnectServer ( "\\SCCMDC01.testad.local\root\sms\site_TST", NULL, NULL, "", WBEM_FLAG_CONNECT_USE_MAX_WAIT, "", 0x0000029ef3780d20, 0x000000eb4114e2f8 ) 
IWbemServices::ExecQuery ( "WQL", "SELECT * FROM SMS_Application WHERE LocalizedDisplayName = 'Microsoft Office 97' AND IsLatest = 1", 304, 0x0000029ef377ff20, 0x000000eb3e34def8 )  
IWbemServices::GetObject ( "SMS_Application.CI_ID=16777703", 0, 0x0000029ef3782220, 0x000000eb3e34e0d0, NULL )   

With FAST option

IWbemLocator::ConnectServer ( "\\SCCMDC01.testad.local\root\sms\site_TST", NULL, NULL, "", WBEM_FLAG_CONNECT_USE_MAX_WAIT, "", 0x0000029ef3780d20, 0x000000eb4114e2f8 ) 
IWbemServices::ExecQuery ( "WQL", "SELECT * FROM SMS_Application WHERE LocalizedDisplayName = 'Microsoft Office 97' AND IsLatest = 1", 304, 0x0000029ef377ff20, 0x000000eb3e34def8 )  

We can see without the FAST option, an additional WMI command is sent, GetObject ( “SMS_Application.CI_ID=16777703”)

From this information we can build a working PowerShell command. In this case I used .NET methods because it was what I knew, further investigation needs to be done if there is a more PowerShell-ish way to achieve the same result:

$server = "sccm01.testad.local"
$site = "TST"

$options = New-Object System.Management.ConnectionOptions
# configure connection options as necessary

$scope = New-Object System.Management.ManagementScope("\\$server\root\sms\site_$site",$options)
$scope.Connect()

$options = New-Object System.Management.ObjectGetOptions
# if we don't know CI_ID we need to use our normal WMI query by application name first to find it
$object = New-Object System.Management.ManagementObject($scope,"SMS_Application.CI_ID=16777703",$options)
$object.Get()

We now have the package XML

image

It should be noted that this type of WMI query is quite a bit slower than the original, so should only be used when needed.

Posted in .NET, API Monitor, ConfigMgr, WMI | Tagged | Leave a comment

Simple WMI Trace Viewer in PowerShell

Run this script as local Administrator to start tracing WMI events. When you are done tracing hit ENTER to view the results. This does not display all WMI trace events, check the WMI Activity Trace event log in Windows Event viewer to view all events.

This uses Windows inbuilt trace logs but presents the data in a more useful format. Instead of Out-GridView you could use Export-Csv cmdlet to output data to disk.

This should work on Windows 7/8/10 and Server 2008+

The script can be downloaded here: https://1drv.ms/u/s!AiFhB4fT6aiTgdo_knyvL4C_7fHQiw

Example output after launching ConfigMgr Software Center:

SoftwareCenter

 

The script is also available here:

$wmiLog = "Microsoft-Windows-WMI-Activity/Trace"
echo y | Wevtutil.exe sl $wmiLog /e:true
Read-Host -Prompt "Tracing WMI Started. Press [ENTER] to stop"
echo y | Wevtutil.exe sl $wmiLog /e:false
$events = Get-WinEvent -LogName $wmiLog -Oldest | Where-Object {$_.message.Contains("Operation = Start") -or $_.message.Contains("Operation = Provider") }

if ($events -eq $null)
{
    Write-Host "No WMI events in trace!"
    return
}

$table = New-Object System.Data.DataTable
[void]$table.Columns.Add("Computer")
[void]$table.Columns.Add("Namespace")
[void]$table.Columns.Add("Type")
[void]$table.Columns.Add("Query")
[void]$table.Columns.Add("UserName")
[void]$table.Columns.Add("Process")

ForEach ($event in $events)
{
    switch ($event.Properties.Count)
    {
        6 {
            $typeStart = $event.Properties[1].Value.IndexOf("::")+2
            $typeEnd = $event.Properties[1].Value.IndexOf(" ",$typeStart) 
            $type = $event.Properties[1].Value.Substring($typestart,$typeEnd-$typeStart)
            $query = $event.Properties[1].Value.Substring($event.Properties[1].Value.IndexOf(":",$typeEnd)+2)
            $process = Get-Process -Id ($event.Properties[2].Value) -ErrorAction SilentlyContinue
            if ($process -eq $null) 
            { 
                $process = "($($event.Properties[2].Value))"
            }
            else
            {
                $process = "$($process.Name) ($($process.Id))"
            }      

            [void]$table.Rows.Add(`
                $env:COMPUTERNAME,`
                "\\.\root\cimv2",`
                $type,`
                $query,`
                "N/A",
                $process)
        }
        8 {
            $typeStart = $event.Properties[3].Value.IndexOf("::")+2
            $typeEnd = $event.Properties[3].Value.IndexOf(" ",$typeStart) 
            $type = $event.Properties[3].Value.Substring($typestart,$typeEnd-$typeStart)
            $query = $event.Properties[3].Value.Substring($event.Properties[3].Value.IndexOf(":",$typeEnd)+2)
            $process = Get-Process -Id ($event.Properties[6].Value) -ErrorAction SilentlyContinue
            if ($process -eq $null) 
            { 
                $process = "($($event.Properties[6].Value))"
            }
            else
            {
                $process = "$($process.Name) ($($process.Id))"
            }

            [void]$table.Rows.Add(`
                $event.Properties[4].Value,`
                $event.Properties[7].Value,`
                $type,`
                $query,`
                $event.Properties[5].Value,
                $process)
        }
        default
        {
            Write-Error "Unexpected number of event properties."
            Write-Host $event
            Write-Host $event.Properties
        }
    }
}

$table | Out-GridView

Posted in Debugging, PowerShell | Tagged | Leave a comment