The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Archive for the ‘Windows’ Category

« Previous Entries
Next Entries »

FileZilla not available as homebrew cask any more

Posted by jpluimers on 2019/01/07

After an outrage about AdWare mid last year on the Windows side of things, a new outrage on the Mac side of things at the end of last year caused FileZilla to be removed from the homebrew cask repository.

They do not care that there is a non-bundle version that (right now) does not have adware, as FileZilla could put AdWare in that version at any moment in time.

After trying to update, it will disappear, and you might get an error like this (a full log is below the fold):

"Error: Cask 'filezilla' is unavailable: No Cask with this name exists."

Too bad, as FileZilla was fun while it lasted.

For the dare devils, you might want to try the non-bundled version at fosshub, but please run it through at least VirusTotal before installing, and remember: you have to trust yet another man-in-the-middle!

Uninstalling now that the cask has been removed is described in:

Related:

 

–jeroen

Read the rest of this entry »

Posted in Apple, Power User, Windows | Leave a Comment »

Monitoring: you can ignore ShellHWDetection service warnings on when it’s not started

Posted by jpluimers on 2018/12/31

I’m monitoring quite a bunch of Windows machines with Zabbix.

One of the services I turn off for monitoring is ShellHWDetection as otherwise you get this notification often:

Service "ShellHWDetection" (Shell Hardware Detection) is not running (startup type automatic)

When it happens, it’s always when there is nobody logged on to the machine. But sometimes you do not get this message. I’ve not fully figured out the pattern well, but since the service is associated with auto-play of inserted CD/DVD/USB and other media, I don’t bother too much.

References:

–jeroen

Posted in *nix, Monitoring, Power User, Windows, Zabbix | Leave a Comment »

Windows 7 Home Premium SP1 update throwing 8E5E03FB and later 80070490

Posted by jpluimers on 2018/12/28

A while ago one of our machines threw an error 8E5E03FB while installing SP1 (KB976932) on Window 7 Home Premium.

This is what I used to recover from that (note that failed alone means it failed with the previous error code):

  1. Performed chkdsk %SystemDrive% /F, rebooted, waited for any issues to get fixed (none were)
  2. Disabled Avast anti virus, then update -> failed
  3. Reboot, then update -> failed
  4. Reboot in safe mode, then update -> failed
  5. On an Administrative command prompt, run sfc /scannow
  6. Reboot, then update -> failed
  7. Downloaded [WayBackDownload Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932) from Official Microsoft Download Center **
  8. Reboot, then install download -> failure
  9. Looked at %SystemRoot%\Logs\CBS\CBS.log and found this entry:
    • CBS Failed call to CryptCATAdminAddCatalog. [HRESULT = 0x8e5e03fb - JET_errPageNotInitialized
  10. Searched for that combination
  11. Via [WayBackError code 8E5E03FB for Windows 7 updates – Microsoft Community, went for https://aka.ms/diag_wu to [WayBack] https://download.microsoft.com/download/6/C/9/6C970550-32AB-4235-9CDD-7FC9DD848BBB/WindowsUpdate.diagcab
  12. Ran the diagnostics which fixed many problems, but left alone a 0x80070057.
  13. Rebooted, then installed the SP1 download -> failed.
  14. Via[WayBackSP1 installation failure, Code 0x8e5e03fb, performed the steps in [WayBackHow do I reset Windows Update components?.
  15. Rebooted, then installed the SP1 download -> failed, but for a new reason: 0x80070490.
  16. Rebooted, then used on-line Windows update to install SP1 -> failed, but for again a new reason: Code B7. This was in the CBS.Log: Store corruption detected in function CCSDirectTransaaction::ShouldKeepAliveFromInstallmap on resource amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_56aba0211ca246c2.
  17. Uninstalled Avast.
  18. Installed CheckSUR (KB947821:[WayBackDownload System Update Readiness Tool for Windows 7 (KB947821) [October 2014] from Official Microsoft Download Center)
  19. Rebooted, then used on-line Windows update to install SP1 -> failed, but for a new reason: 0x80070490. This was in the CBS.Log: Failed to resolve package 'Package_2_for_KB2507938~31bf3856ad364e35~amd64~~6.1.1.4' [HRESULT = 0x80070490 - ERROR_NOT_FOUND].
  20. Searching for that error, I found [WayBack[Win7HomePremium] Unable to install Service Pack 1 – Page 2 which got me to [WayBackDownload SFCFix – MajorGeeks, then run these in an administrative command prompt:
    SFC /SCANNOW
    SFCFix
  21. The latter reported no errors, so I did some more searching and bumped into [WayBackInstallation Failures / CBS Store corruptions: Uncommon issues and troubleshooting – Microsoft GTSC Romania – Enterprise Platforms Support.
  22. It lead me to uninstall the package encompassing 'Package_2_for_KB2507938~31bf3856ad364e35~amd64~~6.1.1.4': dism /online /remove-package /packagename:Package_2_for_KB2507938~31bf3856ad364e35~amd64~~6.1.1.4
  23. Rebooted, then used on-line Windows update to install SP1 -> failed
  24. CBS.log first 0x80070490 entry is still Failed to resolve package 'Package_2_for_KB2507938~31bf3856ad364e35~amd64~~6.1.1.4' [HRESULT = 0x80070490 - ERROR_NOT_FOUND]
  25. Performed wusa /uninstall /KB:2507938 -> failed indicating De update KB2507938 is niet op deze computer geïnstalleerd. (“The update KB2507938 is not installed on this computer.”)
  26. That resulted into one Google Search hit: [WayBack[SOLVED] [Win7] Error Code 80070490 to KB3126587, so downloaded [WayBackDownload Security Update for Windows 7 (KB2507938) from Official Microsoft Download Center
  27. Manually installed the downloaded KB2507938 -> failed with De update geldt niet voor uw computer. (“The update is not applicable to your computer”)
  28. Followed [WayBack] Windows Update Forum Posting Instructions and a few extra steps from [SOLVED] [Win7] Error Code 80070490 to KB3126587 so came up with this:
    1. To get into a relatively clean CBS log: Reboot, then install download -> failure
    2. Run CheckSUR KB947821
    3. On the administrative console, run
      • SFC /SCANNOW
      • SFCFix
      • FRST64
        the latter with search argument KB2507938
  29. Attached files from:
    1. %SystemRoot%\Logs\CBS:
      • CBS.log
      • CbsPersist_20170709180806.cab
        • This is the log file during SP1 update
      • CheckSUR.log
      • CheckSUR.persist.log
    2. %SystemRoot%\Logs\SFCFix:
    3. %SystemRoot%\Logs\FRST64:
      • Addition.txt
      • FRST.txt

So I asked this question: [WayBack[Win7HomePremium] SP1 fails with 0x80070490 as KB2507938 is not fully present.

Extra tools used

** SP1 download

TL;DR: for English Windows 7 x64 you need [WayBackhttps://download.microsoft.com/download/0/A/F/0AFB5316-3062-494A-AB78-7FB0D4461357/windows6.1-KB976932-X64.exe

Note that the download file naming is very confusing as you will see only the above 6 files from the below list (which is English, but similar for other languages):

Read the rest of this entry »

Posted in Power User, Windows, Windows 7 | Leave a Comment »

eventviewer – filtering on service stop/start events

Posted by jpluimers on 2018/12/27

Based on eventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault « The Wiert Corner – irregular stream of stuff, I’ve made similar filters for service stop/start events.

Works on translated systems:

PowerShell
Get-EventLog System | Where-Object {$_.EventID -eq "7036"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Or on one line:

Get-EventLog System ^| Where-Object {$_.EventID -in "6005","6006","7000","7009","7036","7040","7042","7043","7045"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Note the -In operator was introduced in PowerShell 3: [WayBack]

Source: PowerShell v3 – New -in Operator | Jonathan Medd’s Blog

I’ve adapted the custom view to include all these event IDs above (note some links have disappeared moving my notes to a blog post):

  • [WayBack] 6005: The Event log service was started (indication for system startup).
  • [WayBack] 6006: The Event log service was stopped (indication for system shutdown).
  • [WayBack] 7000: The <servicename> service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.
  • [WayBack] 7009: A timeout was reached (30000 milliseconds) while waiting for the <servicename> service to connect.
  • [WayBack] 7036:
    • The <servicename> service entered the stopped state.
    • The <servicename> service entered the running state.
  • [WayBack] 7040: The start type of the <servicename> service was changed from demand start to auto start.
  • [WayBack] 7042: The <servicename> service was successfully sent a stop control.
  • [WayBack] 7043: The <servicename> service did not shut down properly after receiving a preshutdown control.
  • [WayBack] 7045: A service was installed in the system.

Other event IDs that might be relevant via [WayBack] Windows Server restart / shutdown history – Server Fault:

  • [WayBack] 6008: “The previous system shutdown was unexpected.” Records that the system started after it was not shut down properly.
  • [WayBack] 6009: Indicates the Windows product name, version, build number, service pack number, and operating system type detected at boot time.
  • [WayBack] 6013: Displays the uptime of the computer. There is no TechNet page for this id.
  • [WayBack] 1074: “The process X has initiated the restart / shutdown of computer on behalf of user Y for the following reason: Z.” Indicates that an application or a user initiated a restart or shutdown.
  • [WayBack] 1076: “The reason supplied by user X for the last unexpected shutdown of this computer is: Y.” Records when the first user with shutdown privileges logs on to the computer after an unexpected restart or shutdown and supplies a reason for the occurrence.
  • [WayBack] 41 (source: Microsoft-Windows-Kernel-Power)
  • [WayBack] 1001: (source: BugCheck).
  • [WayBack] 12, which is typically the first eventid to be logged after a reboot/reset etc and shows the actual “system start time”, i.e.: “The operating system started at system time ‎2017‎-‎09‎-‎19T02:46:06.582794900Z.”

A more complete list of Windows Kernel related Event IDs is at [WayBack] rootkit.com/NETEVENT.H at master · bowlofstew/rootkit.com.

Steps for the custom view:

Open Event Viewer then

  • Right click Custom Views
  • Click Create Custom View
  • Under the Filter tab
    • Keep Logged as Any time
    • Select all the Event level types (Critical, Warning, etc.)
    • Choose by source = Service Control Manager, Service Control Manager Performance Diagnostic Provider
    • Optionally; For Event ID under the Includes/Excludes Event IDs section enter 6005,6006,7000,7009,7036,7040,7042,7043,7045 for the Event ID
  • Click Ok
  • Enter a name like Shutdown Events and any description then
  • Click Ok again to complete the custom event log.

Your new custom view should show up in the list of custom views with the correct filter applied.

–jeroen

Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

eventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault

Posted by jpluimers on 2018/12/25

Works on translated systems:

PowerShell
Get-EventLog System | Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Or on one line:

Get-EventLog System ^| Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

I’ve adapted the custom view to include all these event IDs above:

  • 12: The operating system started at system time ‎<iso8601utc>.
  • 13: The operating system is shutting down at system time  <iso8601utc>.
  • 109: The kernel power manager has initiated a shutdown transition.
  • 1074: [WayBack] The process <process> has initiated the restart of <computer name> for the following reason: No title for this reason could be found.
    Minor Reason: <reason>
    Shutdown Type: <type>
  • 1076: [WayBack] The reason supplied by user <user name> for the last unexpected shutdown of this computer is: <error description>
    Reason Code: <error code>
    Bug ID: <bug id>
    Bugcheck String: <string>
    Comment: <comment>
  • 6008: [WayBack] The previous system shutdown at <time> on <date> was unexpected.

Steps for the custom view:

Open Event Viewer then

  • Right click Custom Views
  • Click Create Custom View
  • Under the Filter tab
    • Keep Logged as Any time
    • Select all the Event level types (Critical, Warning, etc.)
    • Choose by source = Windows Logs > System
    • For Event ID under the Includes/Excludes Event IDs section enter 12,13,1074,1076,6008 for the Event ID
  • Click Ok
  • Enter a name like Shutdown Events and any description then
  • Click Ok again to complete the custom event log.

Your new custom view should show up in the list of custom views with the correct filter applied.

Source: [WayBackeventviewer – View Shutdown Event Tracker logs under Windows Server 2008 R2 – Server Fault

–jeroen

Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

Windows Server 2008 and Server 2008 R2 – OpenDNS

Posted by jpluimers on 2018/12/10

I did this a long time ago, but forgot to blog about it back then: [Archive.isWindows Server 2008 and Server 2008 R2 – OpenDNS.

Summary:

Start with the DNS manager:

%SystemRoot%\system32\dnsmgmt.msc /s

Then open your machine, and double-click Forwarders:

In the dialog, click the Edit button and add DNS servers (for instance Google DNS 8.8.8.8 and 8.8.4.4).

In my case it became this:

Google DNS servers added

Google DNS servers added

Click Done buttons until all dialogs are closed.

 

–jeroen

Read the rest of this entry »

Posted in DNS, Internet, Power User, Windows, Windows Server 2008, Windows Server 2008 R2 | Leave a Comment »

Adding Windows machines to Samba domains and security

Posted by jpluimers on 2018/12/07

If adding a Windows machine to a Samba domain fails and the below “solves” your issue, then you need to tighten the security on the Samba side:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
; Enable NT-Domain compatibility mode
; Default:
; [value not present]
; "DomainCompatibilityMode"=-
"DomainCompatibilityMode"=dword:00000001

; Disable required DNS name resolution
; Default:
; [value not present]
; "DNSNameResolutionRequired"=-
"DNSNameResolutionRequired"=dword:00000000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
; Disable requirement of signed communication
; My Samba (3.0.33) works with signed communication enabled, so no need to disable it.
; Default:
; "RequireSignOrSeal"=dword:00000001
; Disable the usage of strong keys
; Default:
; "RequireStrongKey"=dword:00000001
"RequireStrongKey"=dword:00000000

–jeroen

Posted in *nix, *nix-tools, Power User, samba SMB/CIFS/NMB, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9 | Leave a Comment »

UTF-8 support for single byte character sets is beta in Windows and likely breaks a lot of applications not expecting this (via Unicode in Microsoft Windows: UTF-8 – Wikipedia)

Posted by jpluimers on 2018/12/04

Uh-oh: [WayBack] Unicode in Microsoft Windows: UTF-8 – Wikipedia:

Microsoft Windows has a code page designated for UTF-8code page 65001. Prior to Windows 10 insider build 17035 (November 2017),[7] it was impossible to set the locale code page to 65001, leaving this code page only available for:

  • Explicit conversion functions such as MultiByteToWideChar
  • The Win32 console command chcp 65001 to translate stdin/out between UTF-8 and UTF-16.

This means that “narrow” functions, in particular fopen, cannot be called with UTF-8 strings, and in fact there is no way to open all possible files using fopen no matter what the locale is set to and/or what bytes are put in the string, as none of the available locales can produce all possible UTF-16 characters.

On all modern non-Windows platforms, the string passed to fopen is effectively UTF-8. This produces an incompatibility between other platforms and Windows. The normal work-around is to add Windows-specific code to convert UTF-8 to UTF-16 using MultiByteToWideChar and call the “wide” function.[8] Conversion is also needed even for Windows-specific api such as SetWindowText since many applications inherently have to use UTF-8 due to its use in file formats, internet protocols, and its ability to interoperate with raw arrays of bytes.

There were proposals to add new API to portable libraries such as Boost to do the necessary conversion, by adding new functions for opening and renaming files. These functions would pass filenames through unchanged on Unix, but translate them to UTF-16 on Windows.[9] This would allow code to be “portable”, but required just as many code changes as calling the wide functions.

With insider build 17035 and the April 2018 update (nominal build 17134) for Windows 10, a “Beta: Use Unicode UTF-8 for worldwide language support” checkbox appeared for setting the locale code page to UTF-8.[a] This allows for calling “narrow” functions, including fopen and SetWindowTextA, with UTF-8 strings. Microsoft claims this option might break some functions (a possible example is _mbsrev[10]) as they were written to assume multibyte encodings used no more than 2 bytes per character, thus until now code pages with more bytes such as GB 18030 (cp54936) and UTF-8 could not be set as the locale.[11]

  1. Jump up^ [WayBack“UTF-8 in Windows”Stack Overflow. Retrieved July 1, 2011.
  2. Jump up^ [WayBack“Boost.Nowide”.
  3. Jump up^ [WayBackhttps://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strrev-wcsrev-mbsrev-mbsrev-l
  4. Jump up^ [WayBack“Code Page Identifiers (Windows)”msdn.microsoft.com.

Via [WayBack] Microsoft Windows Beta UTF-8 support for Ansi API could break things. Wiki Article of the Change… – Tommi Prami – Google+

Related, as handling encoding is hard, especially if it is changed or not your default:

–jeroen

Posted in .NET, C, C++, Delphi, Development, Encoding, GB 18030, Power User, Software Development, UTF-16, UTF-32, UTF-8, UTF16, UTF32, UTF8, Windows, Windows 10 | 2 Comments »

A 90-byte “whereis” program – The Old New Thing

Posted by jpluimers on 2018/11/23

I needed a “get only the first result” of WHERE (which is present after Windows 2000, so XP, Server 2003 and up), so based on [WayBackA 90-byte “whereis” program – The Old New Thing I came up with this:

@echo off
:: based on https://blogs.msdn.microsoft.com/oldnewthing/20050120-00/?p=36653
::for %%f in (%1) do @echo.%%~$PATH:f
for %%e in (%PATHEXT%) do @for %%i in (%1 %~n1%%e) do (
  @if NOT "%%~$PATH:i"=="" (
    echo %%~$PATH:i
    goto :eof
  )
)
:: note: WHERE lists all occurrences of a file on the PATH in PATH order
goto :eof

Two changes:

  • it takes into account the extension if you specify it (unlike WHERE.EXE)
  • it bails out at the first match (like WHERE.EXE)

References:

–jeroen

Posted in Batch-Files, Development, Power User, Scripting, Software Development, The Old New Thing, Windows, Windows Development | Leave a Comment »

O&O ShutUp10: download free antispy tool for Windows 10

Posted by jpluimers on 2018/11/23

I’m not surprised this free product is from German origin:

With O&O ShutUp10 you have full control over which functions under Windows 10 you wish to use, and you decide when the passing on of your data goes too far.

[WayBackO&O ShutUp10: download free antispy tool for Windows 10

Download: [WayBackdl5.oo-software.com/files/ooshutup10/OOSU10.exe

Run it after each update as well.

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

« Previous Entries
Next Entries »