Tag Archives: Windows

Fix for CrowdStrike Windows Crashes

Earlier today CrowdStrike release an update that can cause Windows based computer to crash to a bluescreen of death. An update to their product has been provided to stop this from impacting further computers.

If a computer is crashing to a BSOD the following can be done to get the computer to work normally.

1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys” and delete it. 
4. Boot the host normally.

Hopefully this helps my fellow techs.

CrowdStrike Source if you’re not comfortable with my instructions: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts

Provision Windows Store Apps for Windows 10 Imaging

When building fat Windows 10 Images it is necessary to sometimes install Windows Store apps, however you can’t just install them from the standard Windows Store, doing so will cause sysprep to fail. At no point should you try to run any Windows store apps when building an image.

DISM can be used to provision the app for all users in your image. The following is an example command using Microsoft Reader, it’s dependance of Microsoft VCLibs and finally it’s licence file:

Dism /Online /Add-ProvisionedAppxPackage /PackagePath:Microsoft.Reader_2017.612.315.3642_neutral_~_8wekyb3d8bbwe.AppxBundle /DependencyPackagePath:Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe.Appx /LicensePath:Microsoft.Reader_8wekyb3d8bbwe_e5086f30-ff13-cf16-91fb-0cc6ed9c5613.xml

To obtain the app files you must download them from the Microsoft Windows Store for Business. Sign in with a user account and find the package you are looking for.

Once you have found the app you’re looking for select offline for the licence type.

Click Manager, then no the next screen click Get App.

Now Select your Processor architecture, if 32 bit windows select x86, for 64 bit select X64, Finally select your language. Ignore the Download button at the end of the line this will download a JSON file not required for this process.

Scroll down and click the Download link under “Download the package for offline use”, this will download the Package for Reader.

The next link down the page is the licensing file for Offline install, download this preferably to the same location.

Finally after the licence link you will see “Required frameworks”, this of course depends on the app you are trying to download, these may be architecture dependent also. Download these files into the same location as well.

Once you have all the files in a single folder or location open a command prompt or powershell window with administrator privileges and change directory to the location of your downloaded files from the Windows Store.

Execute the DSIM command like the following:

Dism /Online /Add-ProvisionedAppxPackage /PackagePath:PackageFileName /DependencyPackagePath:DependencyPackageFileName /LicensePath:LicenceFilename

Once this as executed the package will install for all users, and your windows image will seal correctly.

TechNet – DISM App Package (.appx or .appxbundle) Servicing Command-Line Options

cab_XXXX Files in your C:\Windows\Temp Folder

You may have noticed the Windows TEMP folder filling up with cab_XXX files on systems, probably more servers than anything. It appears that makecab.exe is trying to zip CBS log files in the C:\Windows\Logs\CBS folder, these files can be rather large and for some reason it’s unable successfully complete the operation, so it creates this cab file instead… every 30 minutes.

The only solution i’ve been able to find is to run the following two commands to clean up the files, the second line will remove the CbsPersist files that makecab.exe is trying to compress:

cmd.exe /c del C:\Windows\Temp\*cab* /Q
cmd.exe /c del C:\Windows\Logs\CBS\*CbsPersist* /Q

A fatal error occurred while trying to sysprep the machine

This appears to be a problem with relation to the Windows 8.1 Metro Apps and I resolved by doing the following (NB. critical to observe the sysprep log file (setuperr.log);

  1. Take Snapshot
  2. Run Sysprep: sysprep /generalize /oobe /shutdown
  3. When the error occurs, check the error log and then query the problem package using PowerShell (insert name of package into the “”). Get-AppxPackage -AllUsers | Where Name -Like “”
  4. Once you have it run the following to remove the package; Get-AppxPackage -AllUsers | Where Name -Like “” | Remove-AppxPackage
  5. Repeat steps 3 and 4 until successful.

If you don’t care whatsoever for Metro Apps (which is the case in our environment) you could just run the following and remove all packages; Get-AppxPackage | Remove-AppxPackage

Windows 10 Update P2P Distribution

In Windows 10 there is a new feature added to Windows update, the P2P distribution of Windows updates. This is done to to reduce the load on Microsoft’s servers and that’s probably pretty heft given how many Windows computers are actually in the world, but maybe not so good for people with data caps or excess changes on there data usage.

Lots of people have panicked about this with some major sites saying you should turn this feature off completely, which is a stupid move on their part. This feature can be leveraged in your favour to save you some metered data.

My advice is to set this feature to On and set it to only use PCs on my Local Network.

Follow these steps:

  1. Search for “Check for updates” in the Start menu.
  2. Under “Windows Update” choose “Advanced options.”
  3. Under “Choose how updates are installed” click “Choose how updates are delivered.”
  4. Click on the option “PCs on my Local Network.”

Windows 10 Updates Advanced Settings

This will restrict the sharing of updates files to your local network meaning other Windows 10 computers in your network will be able to leverage updates that they all have saving you data by only needing to download the update files once.

Windows XP – The End

As of today if your still running Windows XP then you have a big problem. There will be no more security updates for Windows XP.

You may have notice this message on your computer recently as well.

Windows XP End of Support NoticeYou pretty much have no choice now, disconnected Windows XP from the internet or upgrade because it will just be a matter of time before you pay the price with a security breach if you havn’t already been hit.

Windows 8.1 Update 1

Windows 8.1 Update 1 downloads, thats right you can download the updates now. Most of the changes in this update are designed to win back users who were unhappy with the interface changes mad in Windows 8 that are really designed for using a touch screen.

These updates must be applied in order:

  1. KB2919442
    x86: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2919442-x86_94ee3d715e732ed28c64b8096327375a35f5d211.msu
    x64: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2919442-x64_f97d8290d9d75d96f163095c4cb05e1b9f6986e0.msu
    ARM: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2919442-arm_506ed7113697c597c2859d295d562fa4311834ec.msu
  2. KB2919355
    x86: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2919355-x86_de9df31e42fe034c9a763328326e5852c2b4963d.msu
    x64: download.windowsupdate.com/d/msdownload/update/software/crup/2014/02/windows8.1-kb2919355-x64_e6f4da4d33564419065a7370865faacf9b40ff72.msu
    ARM: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2919355-arm_a6119d3e5ddd1a233a09dd79d91067de7b826f85.msu
  3. KB2932046
    x86: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2932046-x86_bfd8ca4c683ccec26355afc1f2e677f3809cb3d6.msu
    x64: download.windowsupdate.com/d/msdownload/update/software/crup/2014/02/windows8.1-kb2932046-x64_6aee5fda6e2a6729d1fbae6eac08693acd70d985.msu
    ARM: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2932046-arm_fe6acf558880d127aef1a759a8c2539afc67b5fb.msu
  4. KB2937592
    x86: download.windowsupdate.com/d/msdownload/update/software/crup/2014/02/windows8.1-kb2937592-x86_96a3416d480bd2b54803df26b8e76cd1d0008d43.msu
    x64: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2937592-x64_4abc0a39c9e500c0fbe9c41282169c92315cafc2.msu
    ARM: download.windowsupdate.com/c/msdownload/update/software/crup/2014/02/windows8.1-kb2937592-arm_860c83a0cccc0519111f57a679ae9f9d071315e5.msu
  5. KB2938439
    x86: download.windowsupdate.com/c/msdownload/update/software/crup/2014/03/windows8.1-kb2938439-x86_ac9aca7e41c8e818edbea0a8026189ee086f7aa2.msu
    x64: download.windowsupdate.com/c/msdownload/update/software/crup/2014/03/windows8.1-kb2938439-x64_3ed1574369e36b11f37af41aa3a875a115a3eac1.msu
    ARM: download.windowsupdate.com/d/msdownload/update/software/crup/2014/03/windows8.1-kb2938439-arm_4a536d9ddcd9993cbe4fbc309ebd50a18d65f954.msu
  6. KB2949621 – Sorry don’t have an address for this last one
    x86:
    x64:
    ARM:

How to Reinitialize Windows Offline Files Cache

Ever had problems with Windows Offline files, e.g. you had some offline files pointing to a server that no longer exists, or it’s just being difficult. The best thing you can do is reset and clear it’s settings.

  1. To do this disable Offline Files in Windows File Explorer
  2. The open regedit
  3. Go tot he Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache
  4. Create a DWORD called FormatDatabase
  5. Set it’s value to 1

How to re-initialize the offline files cache and database