Archive for the ‘My tips and tricks’ Category

Ddrescue to the rescue

September 20, 2014 Leave a comment

A few weeks back, thanks to the blue screen caused by Microsoft’s batch of faulty updates, I formatted a teacher’s class computer and redid it from scratch – this was before I managed to find the work around to fix the blue screen issues. The computer was running fine since then, until this past week. The teacher started complaining bitterly about how slow the PC had become. I checked for malware, as well as for any other crappy software that may have been causing the slow down. I found nothing. I asked the teacher to monitor the PC, while I investigated further.

A few days later, the teacher was even more frustrated with the machine. Now it was taking forever to start up, shut down and was hanging on applications. I looked through Event Viewer, only to discover ATAPI errors were being logged. Not just one either, there were dozens of errors. The moment I saw this, I knew that the hard drive was on the way out. While the SATA port could be faulty or even the cable, the odds of those being the culprits were rather low. Too many bad experiences in the past have taught me that it is almost always the drive at fault.

I procured a spare drive and decided the quickest fix was to simply clone one drive to the other. Using Clonezilla I tried to do the clone. On my first pass, about 75% of the way through the PC looked like it went to sleep and I couldn’t see any output on the monitor. I couldn’t revive the PC, so I rebooted and tried the procedure again. This time, it got up to about 97.5% before it crashed out. Based on what I saw, Clonezilla was hitting bad sectors, corrupt files or the mechanical weakness in the drive. Now I was getting worried, because any more cloning attempts could hasten the end of the faulty drive. Not only that, it was wasting time. Setting up the PC from scratch again was my last resort, since it would take hours. Before I gave up and did that, I remembered Ddrescue.

I had tried to use Ddrescue on my home computer more than a year ago when the hard drive holding my Windows 8 install died. Sadly, that drive was too damaged even for Ddrescue to be able to save. I was hoping that this hard drive of the teacher hadn’t yet hit that stage.

I ran Ddrescue and then waited as the drive literally copied itself sector by sector over to the new drive. What I wasn’t aware of is that Ddrescue doesn’t understand file systems – it just copies raw data from one drive to another. This means it will copy any file system, but in order to do so, it must copy every block on the disk. A tool like Clonezilla will understand a file system and only copy used data blocks, therefore saving lots of time by not copying essentially blank space.

Ddrescue did hit one patch of bad data, but was able to continue going, then came back at the end to try and pull out what it could. Thankfully, whatever bad data there was wasn’t too major, and Ddrescue completed successfully. Booting from the new drive was a success, and best of all, the speed was back again. I did run a sfc /scannow at the command prompt to check for any potential corrupt system files. SFC did say it fixed some errors, and I rebooted. Apart from that, it looks like I managed to save this system in the nick of time. The old hard drive was still under warranty, and has been returned to the supplier. He can return that drive and get a replacement for us, which will become a new hot spare for some other classroom.

When Windows Update goes wrong

Windows Update is usually a very reliable method of keeping Windows based computers up to date. Rough in the early days, it’s come a long way since then. Smooth and mostly transparent in the background, it isn’t often that bad updates slip through.

Unfortunately, during after August’s Patch Tuesday, such an event occurred. After a number of updates were either automatically approved or approved by myself, we had some computers blue screen and go into a reboot loop. Thankfully, out of almost 180 computers, only 5 have suffered the problem seen below:


All of the affected computers were running Windows 7 x64 SP1 with all updates applied. The first 3 times this happened, I couldn’t find a cure for the problem and ended up wiping and redoing the computer from scratch. Later in the week, I found some instructions online on how to get out of the loop and get back into working order.

  1. Get into the Recovery Console either from install media or by letting the Repair your Computer wizard run after a number of crashes.
  2. Open up a Command Prompt and delete the FNTCACHE.DAT file located in C:\Windows\System32
  3. Reboot the computer, and you should now be able to get back into Windows.
  4. Delete the FNTCACHE.DAT file again, as it will have been recreated by Windows.
  5. Lastly, go to Windows Update in the Control Panel, then view Installed Updates. Remove KB2982791 and optionally KB2970228. The other 2 updates mentioned out there on the web only apply to Windows 8.1/Server 2012 and so are irrelevant to Windows 7 computers.
  6. Reboot after the patches are removed.
  7. As I said, it’s not often anymore that bad updates slip through all of Microsoft’s testing, but it does happen. Although it’s frustrating, I don’t intend to modify how I approve patches. I’d rather take the risk of something like this happening than get hammered by Alureon or Conficker or some other nasty because I ignored security patches.

Fixing Windows Update issues

August 3, 2014 1 comment

About three weeks ago, I approved a number of updates to be downloaded into WSUS for distribution on the school network. Among those updates was an update for the Windows Update client itself. I watched the WSUS console as the computers started reporting back and after a while I began to notice an odd pattern. 36 out of 39 computers in our main computer lab were not reporting in.

Taking a look at one of the affected computers in the lab, the cause of the computer not reporting in became clear: Windows Update Agent 7.6.7600.320 was failing to install repeatedly. Since this new version was required to download and install updated from WSUS, the computers would not be able to patch themselves until this Agent issue was fixed.

I tried numerous approaches to get the issue fixed: Uninstall anti-virus software, try installing updates at shutdown instead of through Windows Update in the Control Panel, run the System Update Readiness checker tool, run System File Check from the command prompt. Nothing worked. I was on the verge of preparing to wipe the lab and reimage the computers when I came across the answer.

Thanks to some vigorous internet scouring, I came across this Knowledge Base article on Microsoft’s website: Thankfully, the latest update agent was available to download right there from the article. I downloaded the 64 bit version and attempted to install the update manually on my affected lab computer. After a required reboot, I had success. Windows Update connected again and proceeded to download the now missing 17 updates and installed them. With this proving to be the solution, I went to each computer and installed the new update agent by hand. One by one, these computers were cured of the issue.

One computer however refused to install the updated agent. Checking the CBS Log file found in C:\Windows\Logs\CBS revealed that it thought it needed to be rebooted before updates could be installed. However, rebooting did not solve the problem. I’ve had issues in the past with Server 2008 where it got stuck on updates and needed a certain XML file to be deleted before it would boot again. Going to the location of the XML file, I couldn’t find the usual XML file. I did however find a reboot.xml file, which I viewed. This file pointed to a registry key that I assume was supposed to be deleted after the last round of updates. Since the key wasn’t deleted, the computer still thought it needed to be restarted. Deleting this key and rebooting solved the issue – I could now install the updated agent and install updates again.

At this point in time, I’m still not exactly sure why this lab of computers failed to install the update agent while the rest of the school did so without much fuss. About the only thing I can think of is that it’s somehow related to how the lab was cloned which was somehow causing an issue. Reading through the CBS logs doesn’t shed much light on the issue, since I don’t fully understand everything that’s captured in those log files.

I suppose this serves as a good reminder that while WSUS and Windows Updates in general normally just work, sometimes things can go wrong.

Fixing Windows Update on Windows 7

Generally speaking, the Windows Update mechanism usually just works. Updates are downloaded and installed usually without much fuss. In the home environment, it’s pretty rare that things will go wrong, since computers at home are less likely to come under heavy use and abuse. Most of the time at work I have no issues with Windows Update, despite the pounding the computers take in the school environment.

Sometimes however Windows Update gets broken. Malware infection, powering a computer off during the update process and hard disk corruption are some of the most likely culprits. I’ve found myself fixing a few computers in the last week at work that have developed faulty update mechanisms.

To fix the problem, there’s two tools I’ve used. System File Check is built into Windows, while the System Update Readiness (SUR) tool can be downloaded from Microsoft’s website. The first port of call is to simply run sfc /scannow from an elevated command prompt and let it scan the system. I’ve found this to fix some problems, and it serves as a good stepping stone for step 2.

Step 2 involves running the SUR tool. The SUR tool looks like a stand alone Windows Update, though it is actually scanning your computer’s Component Base Store for corruption and either fixing the issues, or logging the issues it can’t fix into a very useful log file. Depending on the speed of your computer and the number of faults, the process could take up to 20 minutes to complete.

If the computer still refuses to install updates after step 2, it’s time to check the SUR log to find out exactly what is wrong. Navigate to C:\Windows\Logs\CBS\CheckSUR.log and find out exactly what files or packages are causing the problem.

In the case of the computers at work, all of them were missing certain manifest files out of the C:\Windows\WinSxS directory. To fix the issue, I copied the same manifest files from a working PC and placed them into the C:\Windows\Temp\CheckSur\WinSxS\Manifests folder and reran the SUR tool. Checking the log file after the tool had run indicated that all the remaining problems had been fixed. After that, the problematic updates installed without issue.

Research on the internet indicates that things can be a whole lot more corrupt that what I experienced, but thankfully I had it easy. There’s a nice long article on the SUR tool as well as how to analyse the logs on here.

Although it is frustrating to deal with Windows Update issues, the mechanism is largely robust enough that with a little time and effort, you can fix just about any problem. Certainly a far cry from Windows Update errors and troubleshooting in Windows XP!

Creating bootable USB drives using Rufus

With the seemingly slow decline of optical drives in computers, it’s becoming more and more common to install the OS via a bootable USB flash drive. I outlined a method of doing so using built in Windows tools way back in 2010. However, that method is little tedious and doesn’t make the flash drive capable of an UEFI based install, only legacy BIOS.

Enter a better way of doing things: Rufus.


With an easy to use graphical interface, you can select all the options you’ll need to make a bootable flash drive. In particular, under “Partition scheme and target system type” you can select GPT as the partition type for an UEFI based install. At work, our brand new server doesn’t have a DVD drive, so this was the only way to install Windows Server onto the server in UEFI mode. No other tool could do that.

Make sure you have an ISO image of the disk you want to put onto the flash drive – Rufus doesn’t do a live capture from a physical disk unfortunately. You can even make a bootable MS-DOS based flash drive if you have the MS-DOS files, useful if you need to be able to flash an older computer’s BIOS or RAID card for example.

Add Rufus to the list of essential tools any administrator or technician should have in their toolkit.

Having fun with Solid State Drives

A week ago, our school purchased 3 SSD’s, to run a small experiment on the viability of replacing many of our mechanical hard drives with SSD’s instead. Our older classroom PC’s have 160GB mechanical drives in them, any newer machine generally has 500GB mechanical drives. Most of the the time, usage of the mechanical drive doesn’t surpass 50GB total. Since all staff documents are redirected to their network profiles, most staff don’t store info on the local PC’s themselves.

We purchased 3 Samsung 840 EVO 120GB drives. One was to be installed in our staff work room, and the other two in classrooms with different types of PC, in order to get a decent sample range. One PC is much newer than the other, with the older model being what most classrooms currently have.

In order to save time, I decided to use the included cloning utility to do a straight clone from the mechanical to SSD. This way we save time, transfer a working system as is with minimal downtime and we don’t use up activations on Windows and Office. In the past, I’ve had issues with cloning software being unable to clone from a larger to smaller drive, but I’m pleased to say that Samsung Magician was able to clone 2 of the drives successfully.

As luck would have it, the oldest PC out of the 3 kept throwing up this error when the clone got to 100%


I scoured the net, but I couldn’t find much in the way of information on this particular problem. It could be the fact that the motherboard doesn’t support the AHCI standard, despite supporting SATA 300 ports. I’m guessing when MSI designed these particular boards back in the day, they were trying to save every penny possible, and ended up using the version Intel’s ICH9 chipset that didn’t support AHCI.

Anyway, solving this problem was a little more tricky. Samsung Magician would not finish the job, no matter what. Upgrading to a newer version didn’t help, nor did a typical restart. Eventually, I had to turn to 3rd party tools if I wanted to get the job done. Clonezilla refused to clone the drive, due to the larger-smaller problem. Trying to force Clonezilla did result in a copy, but the copy refused to work no matter what. I turned to Parted Live next. Using the included GParted, I copied the existing 2 partitions off of the mechanical drive and onto the SSD, while resizing the main partition to fit. This time, both partitions successfully copied. Trying to boot the drive however simply resulted in a blinking cursor. Turns out that GParted couldn’t create a proper partition table. Using the Windows 7 Emergency Recovery Disk, I let it detect and repair problems, which it duly did by creating a proper partition table.

After the required reboot, the new drive was up and running, easily maxing out the SATA port, despite the chipset not supporting AHCI and all the advanced features it brings. Even on this older slower PC, applications feel snappier to open up, boot time is reduced, and there’s almost no sign of typical mechanical thrashing you normally encounter the first few minutes after a PC starts up.

The other classroom PC has a SATA 600 port, so performance on that machine is screaming. The teacher in that class is actually the head of IT, so I look forward to him putting the drive to good use and providing some feedback. The drive in the staff work room is performing, but I suspect Windows needs to be reinstalled. Even before the clone, Windows was not too healthy on that particular PC, and the SSD hasn’t magically cured the symptoms.

Overall, I suspect that despite the still rather high price, we will be making more use of SSD’s in the future. While a 1TB mechanical hard drive is about half the price of these 120GB units, the speed and other benefits of the SSD are not easily ignored. Older computers in the classrooms will get an extended lease on life due to these drives, and that is a good thing as it will allow us to focus on other IT projects for a change, instead of constantly replacing the older computers. Eventually, the older PC’s will have to be replaced of course, but an extension of life is welcome for the time being.

Understanding Windows 8x Secure Boot

February 16, 2014 Leave a comment

This past week at work, I installed Windows 8.1 Pro on my workstation. While a lot of people don’t like Windows 8, I’ve long since gotten used to it, and I rather like 8.1’s speed and features. Plus, I need to have it to effectively manage Internet Explorer 10 and 11 on our client machines, which is another story.

I wanted to do a full UEFI install of Windows 8.1, as well as enable Secure Boot for security purposes. However, when I enabled Secure Boot and restarted, I had no graphics output at all. I’d forgotten that my computer’s dedicated graphics card doesn’t support UEFI GOP, so I won’t be able to use Secure Boot while I have that graphics card installed.

I’ve had some experience with UEFI’s Secure Boot feature in the past, but the events of installing 8.1 onto my PC helped solidify a lot of concepts for me. In a nutshell, here’s what I’ve picked up:

  • You need an Intel 7 or 8 series chipset motherboard. The X79 series is also supported past a certain firmware range from what I’ve read. Not sure about AMD based motherboards, as I haven’t used an AMD board in years.
  • Intel 6 series chipset boards are not supported, despite having UEFI.
  • Your hard drive has to be formatted in GPT partition style.
  • Your graphics card needs to support UEFI GOP, or your system will not boot. From what little I can find out, Intel HD 2500, HD 4000 and up on board graphics are supported as well as the Nvidia Geforce 700 series. The Nvidia GTX 680 had a firmware update release that let it work as well, but I haven’t heard anything about the lower end 600 series cards. Again, not sure about AMD cards.

So just to recap the above list – Must be a modern Intel and presumably AMD motherboard of the last 18 months, and your graphics card needs to be compatible. If you don’t have the correct combination, your PC will not boot with Secure Boot enabled. You will have no graphics output on your monitors at all.

Now here’s the next part that makes things so complicated and confusing for people. If your hardware combination doesn’t support Secure Boot, you can turn it off and enable the Compatibility Support Module (CSM) of the motherboard. With the CSM enabled, you’ll be able to use your old graphics card just fine. This enables your newer office/school PC with low end Geforce 210/Geforce 610’s and so on to run.

If you do an UEFI install of Windows 8.1, but leave Secure Boot disabled, you’ll get the following watermark on the desktop:


Microsoft have released an update which will make this watermark go away. While Secure Boot isn’t working, at least you won’t have this reminder in the corner every time you log in.

As time goes on, more and more discrete graphics cards will properly support UEFI GOP out the box, enabling more computers to have Secure Boot enabled and working correctly. While there has been written a lot of things about Secure Boot, it brings a lot of modern security to a system that has been sorely lacking it in the past.