Applies to:

Windows 7

Windows 8

For those of you coming from a Windows XP world, you will notice that when a bugcheck (a.k.a. Blue Screen of Death (B.S.O.D.)) occurs, that you don’t get a kernel only memory.dmp file created in %systemroot% (c:\windows).

That is due to change in behavior starting with Windows 7 as described in:

Kernel dump storage and clean up behavior in Windows 7

http://blogs.msdn.com/b/wer/archive/2009/02/09/kernel-dump-storage-and-clean-up-behavior-in-windows-7.aspx

For the domain administrators, if you want to have the memory.dmp’s analyzed, all you have to do is use Group Policy Preferences to deploy the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

AlwaysKeepMemoryDump (DWORD) 1 (hex)

Applies to:

Windows 8

Remote Server Administration Tools for Windows 8

http://www.microsoft.com/en-us/download/details.aspx?id=28972

Applies to:

Windows 8

MSIT Plans, Deploys, and Manages Windows 8
http://www.microsoft.com/en-us/download/details.aspx?id=30182

Applies to:

Windows Server 2012

Windows 8

Windows Server 2008 R2

Windows 7

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

For example, when you get a Stop A.  What do those “Arguments” mean?

Once you install the “Debugging Tools for Windows”, which is available from here:

Download and Install Debugging Tools for Windows
http://msdn.microsoft.com/en-US/windows/hardware/gg463009

3: kd> .bugcheck
Bugcheck code 0000000A
Arguments 00000000`00000018 00000000`00000002 00000000`00000000 fffff802`d154b7bf

The arguments are ‘Parameters” that can be passed.

In the example above, we got a Stop A.  You could use the Debugger.CHM file to find out what the Arguments/Parameters mean for that specific bug check.

Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL

Parameter

Description

1
Memory referenced

2
IRQL at time of reference

3
0: Read
 
1: Write

4 Address which referenced memory

I’m also able to get this information by typing “!analyze -show A”

3: kd> !analyze -show A
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000000, IRQL
Arg3: 0000000000000000, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: 0000000000000000, address which referenced memory

Based on this information, I know that in the example above for my Stop A:

18 was the memory referenced

The IRQL was at 2

It was a Read

And the address which referenced memory was fffff802`d154b7bf.

The nice thing about the Debugger.CHM and the MSDN library (link below) is that they list the common

• Cause(s)
• Resolution(s)

Bug Check Code Reference
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560129(v=vs.85).aspx

This has all the list of every single bug check code that we have:

Code Name

0x00000001 APC_INDEX_MISMATCH

0x00000002
DEVICE_QUEUE_NOT_BUSY

0x00000003
INVALID_AFFINITY_SET

0x00000004
INVALID_DATA_ACCESS_TRAP

0x00000005
INVALID_PROCESS_ATTACH_ATTEMPT

0x00000006
INVALID_PROCESS_DETACH_ATTEMPT

0x00000007
INVALID_SOFTWARE_INTERRUPT

0x00000008
IRQL_NOT_DISPATCH_LEVEL

0x00000009
IRQL_NOT_GREATER_OR_EQUAL

0x0000000A
IRQL_NOT_LESS_OR_EQUAL

0x0000000B
NO_EXCEPTION_HANDLING_SUPPORT

0x0000000C
MAXIMUM_WAIT_OBJECTS_EXCEEDED

0x0000000D
MUTEX_LEVEL_NUMBER_VIOLATION

0x0000000E
NO_USER_MODE_CONTEXT

0x0000000F
SPIN_LOCK_ALREADY_OWNED

0x00000010
SPIN_LOCK_NOT_OWNED

0x00000011
THREAD_NOT_MUTEX_OWNER

0x00000012
TRAP_CAUSE_UNKNOWN

0x00000013
EMPTY_THREAD_REAPER_LIST

0x00000014
CREATE_DELETE_LOCK_NOT_LOCKED

0x00000015
LAST_CHANCE_CALLED_FROM_KMODE

0x00000016
CID_HANDLE_CREATION

0x00000017
CID_HANDLE_DELETION

0x00000018
REFERENCE_BY_POINTER

0x00000019
BAD_POOL_HEADER

0x0000001A
MEMORY_MANAGEMENT

0x0000001B
PFN_SHARE_COUNT

0x0000001C
PFN_REFERENCE_COUNT

0x0000001D
NO_SPIN_LOCK_AVAILABLE

0x0000001E
KMODE_EXCEPTION_NOT_HANDLED

0x0000001F
SHARED_RESOURCE_CONV_ERROR

0x00000020
KERNEL_APC_PENDING_DURING_EXIT

0x00000021
QUOTA_UNDERFLOW

0x00000022
FILE_SYSTEM

0x00000023
FAT_FILE_SYSTEM

0x00000024
NTFS_FILE_SYSTEM

0x00000025
NPFS_FILE_SYSTEM

0x00000026
CDFS_FILE_SYSTEM

0x00000027
RDR_FILE_SYSTEM

0x00000028
CORRUPT_ACCESS_TOKEN

0x00000029
SECURITY_SYSTEM

0x0000002A
INCONSISTENT_IRP

0x0000002B
PANIC_STACK_SWITCH

0x0000002C
PORT_DRIVER_INTERNAL

0x0000002D
SCSI_DISK_DRIVER_INTERNAL

0x0000002E
DATA_BUS_ERROR

0x0000002F
INSTRUCTION_BUS_ERROR

0x00000030
SET_OF_INVALID_CONTEXT

0x00000031
PHASE0_INITIALIZATION_FAILED

0x00000032
PHASE1_INITIALIZATION_FAILED

0x00000033
UNEXPECTED_INITIALIZATION_CALL

0x00000034
CACHE_MANAGER

0x00000035
NO_MORE_IRP_STACK_LOCATIONS

0x00000036
DEVICE_REFERENCE_COUNT_NOT_ZERO

0x00000037
FLOPPY_INTERNAL_ERROR

0x00000038
SERIAL_DRIVER_INTERNAL

0x00000039
SYSTEM_EXIT_OWNED_MUTEX

0x0000003A
SYSTEM_UNWIND_PREVIOUS_USER

0x0000003B
SYSTEM_SERVICE_EXCEPTION

0x0000003C
INTERRUPT_UNWIND_ATTEMPTED

0x0000003D
INTERRUPT_EXCEPTION_NOT_HANDLED

0x0000003E
MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED

0x0000003F
NO_MORE_SYSTEM_PTES

0x00000040
TARGET_MDL_TOO_SMALL

0x00000041
MUST_SUCCEED_POOL_EMPTY

0x00000042
ATDISK_DRIVER_INTERNAL

0x00000043
NO_SUCH_PARTITION

0x00000044
MULTIPLE_IRP_COMPLETE_REQUESTS

0x00000045
INSUFFICIENT_SYSTEM_MAP_REGS

0x00000046
DEREF_UNKNOWN_LOGON_SESSION

0x00000047
REF_UNKNOWN_LOGON_SESSION

0x00000048
CANCEL_STATE_IN_COMPLETED_IRP

0x00000049
PAGE_FAULT_WITH_INTERRUPTS_OFF

0x0000004A
IRQL_GT_ZERO_AT_SYSTEM_SERVICE

0x0000004B
STREAMS_INTERNAL_ERROR

0x0000004C
FATAL_UNHANDLED_HARD_ERROR

0x0000004D
NO_PAGES_AVAILABLE

0x0000004E
PFN_LIST_CORRUPT

0x0000004F
NDIS_INTERNAL_ERROR

0x00000050
PAGE_FAULT_IN_NONPAGED_AREA

0x00000051
REGISTRY_ERROR

0x00000052
MAILSLOT_FILE_SYSTEM

0x00000053
NO_BOOT_DEVICE

0x00000054
LM_SERVER_INTERNAL_ERROR

0x00000055
DATA_COHERENCY_EXCEPTION

0x00000056
INSTRUCTION_COHERENCY_EXCEPTION

0x00000057
XNS_INTERNAL_ERROR

0x00000058
FTDISK_INTERNAL_ERROR

0x00000059
PINBALL_FILE_SYSTEM

0x0000005A
CRITICAL_SERVICE_FAILED

0x0000005B
SET_ENV_VAR_FAILED

0x0000005C
HAL_INITIALIZATION_FAILED

0x0000005D
UNSUPPORTED_PROCESSOR

0x0000005E
OBJECT_INITIALIZATION_FAILED

0x0000005F
SECURITY_INITIALIZATION_FAILED

0x00000060
PROCESS_INITIALIZATION_FAILED

0x00000061
HAL1_INITIALIZATION_FAILED

0x00000062
OBJECT1_INITIALIZATION_FAILED

0x00000063
SECURITY1_INITIALIZATION_FAILED

0x00000064
SYMBOLIC_INITIALIZATION_FAILED

0x00000065
MEMORY1_INITIALIZATION_FAILED

0x00000066
CACHE_INITIALIZATION_FAILED

0x00000067
CONFIG_INITIALIZATION_FAILED

0x00000068
FILE_INITIALIZATION_FAILED

0x00000069
IO1_INITIALIZATION_FAILED

0x0000006A
LPC_INITIALIZATION_FAILED

0x0000006B
PROCESS1_INITIALIZATION_FAILED

0x0000006C
REFMON_INITIALIZATION_FAILED

0x0000006D
SESSION1_INITIALIZATION_FAILED

0x0000006E
SESSION2_INITIALIZATION_FAILED

0x0000006F
SESSION3_INITIALIZATION_FAILED

0x00000070
SESSION4_INITIALIZATION_FAILED

0x00000071
SESSION5_INITIALIZATION_FAILED

0x00000072
ASSIGN_DRIVE_LETTERS_FAILED

0x00000073
CONFIG_LIST_FAILED

0x00000074
BAD_SYSTEM_CONFIG_INFO

0x00000075
CANNOT_WRITE_CONFIGURATION

0x00000076
PROCESS_HAS_LOCKED_PAGES

0x00000077
KERNEL_STACK_INPAGE_ERROR

0x00000078
PHASE0_EXCEPTION

0x00000079
MISMATCHED_HAL

0x0000007A
KERNEL_DATA_INPAGE_ERROR

0x0000007B
INACCESSIBLE_BOOT_DEVICE

0x0000007C
BUGCODE_NDIS_DRIVER

0x0000007D
INSTALL_MORE_MEMORY

0x0000007E
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

0x0000007F
UNEXPECTED_KERNEL_MODE_TRAP

0x00000080
NMI_HARDWARE_FAILURE

0x00000081
SPIN_LOCK_INIT_FAILURE

0x00000082
DFS_FILE_SYSTEM

0x00000085
SETUP_FAILURE

0x0000008B
MBR_CHECKSUM_MISMATCH

0x0000008E
KERNEL_MODE_EXCEPTION_NOT_HANDLED

0x0000008F
PP0_INITIALIZATION_FAILED

0x00000090
PP1_INITIALIZATION_FAILED

0x00000092
UP_DRIVER_ON_MP_SYSTEM

0x00000093
INVALID_KERNEL_HANDLE

0x00000094
KERNEL_STACK_LOCKED_AT_EXIT

0x00000096
INVALID_WORK_QUEUE_ITEM

0x00000097
BOUND_IMAGE_UNSUPPORTED

0x00000098
END_OF_NT_EVALUATION_PERIOD

0x00000099
INVALID_REGION_OR_SEGMENT

0x0000009A
SYSTEM_LICENSE_VIOLATION

0x0000009B
UDFS_FILE_SYSTEM

0x0000009C
MACHINE_CHECK_EXCEPTION

0x0000009E
USER_MODE_HEALTH_MONITOR

0x0000009F
DRIVER_POWER_STATE_FAILURE

0x000000A0
INTERNAL_POWER_ERROR

0x000000A1
PCI_BUS_DRIVER_INTERNAL

0x000000A2
MEMORY_IMAGE_CORRUPT

0x000000A3
ACPI_DRIVER_INTERNAL

0x000000A4
CNSS_FILE_SYSTEM_FILTER

0x000000A5
ACPI_BIOS_ERROR

0x000000A7
BAD_EXHANDLE

0x000000AB
SESSION_HAS_VALID_POOL_ON_EXIT

0x000000AC
HAL_MEMORY_ALLOCATION

0x000000AD
VIDEO_DRIVER_DEBUG_REPORT_REQUEST

0x000000B4
VIDEO_DRIVER_INIT_FAILURE

0x000000B8
ATTEMPTED_SWITCH_FROM_DPC

0x000000B9
CHIPSET_DETECTED_ERROR

0x000000BA
SESSION_HAS_VALID_VIEWS_ON_EXIT

0x000000BB
NETWORK_BOOT_INITIALIZATION_FAILED

0x000000BC
NETWORK_BOOT_DUPLICATE_ADDRESS

0x000000BE
ATTEMPTED_WRITE_TO_READONLY_MEMORY

0x000000BF
MUTEX_ALREADY_OWNED

0x000000C1
SPECIAL_POOL_DETECTED_MEMORY_CORRUPTION

0x000000C2
BAD_POOL_CALLER

0x000000C4
DRIVER_VERIFIER_DETECTED_VIOLATION

0x000000C5
DRIVER_CORRUPTED_EXPOOL

0x000000C6
DRIVER_CAUGHT_MODIFYING_FREED_POOL

0x000000C7
tIMER_OR_DPC_INVALID

0x000000C8
IRQL_UNEXPECTED_VALUE

0x000000C9
DRIVER_VERIFIER_IOMANAGER_VIOLATION

0x000000CA
PNP_DETECTED_FATAL_ERROR

0x000000CB
DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS

0x000000CC
PAGE_FAULT_IN_FREED_SPECIAL_POOL

0x000000CD
PAGE_FAULT_BEYOND_END_OF_ALLOCATION

0x000000CE
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

0x000000CF
TERMINAL_SERVER_DRIVER_MADE_INCORRECT_MEMORY_REFERENCE

0x000000D0
DRIVER_CORRUPTED_MMPOOL

0x000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL

0x000000D2
BUGCODE_ID_DRIVER

0x000000D3
DRIVER_PORTION_MUST_BE_NONPAGED

0x000000D4
SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD

0x000000D5
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL

0x000000D6
DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION

0x000000D7
DRIVER_UNMAPPING_INVALID_VIEW

0x000000D8
DRIVER_USED_EXCESSIVE_PTES

0x000000D9
LOCKED_PAGES_TRACKER_CORRUPTION

0x000000DA
SYSTEM_PTE_MISUSE

0x000000DB
DRIVER_CORRUPTED_SYSPTES

0x000000DC
DRIVER_INVALID_STACK_ACCESS

0x000000DE
POOL_CORRUPTION_IN_FILE_AREA

0x000000DF
IMPERSONATING_WORKER_THREAD

0x000000E0
ACPI_BIOS_FATAL_ERROR

0x000000E1
WORKER_THREAD_RETURNED_AT_BAD_IRQL

0x000000E2
MANUALLY_INITIATED_CRASH

0x000000E3
RESOURCE_NOT_OWNED

0x000000E4
WORKER_INVALID

0x000000E6
DRIVER_VERIFIER_DMA_VIOLATION

0x000000E7
INVALID_FLOATING_POINT_STATE

0x000000E8
INVALID_CANCEL_OF_FILE_OPEN

0x000000E9
ACTIVE_EX_WORKER_THREAD_TERMINATION

0x000000EA
THREAD_STUCK_IN_DEVICE_DRIVER

0x000000EB
DIRTY_MAPPED_PAGES_CONGESTION

0x000000EC
SESSION_HAS_VALID_SPECIAL_POOL_ON_EXIT

0x000000ED
UNMOUNTABLE_BOOT_VOLUME

0x000000EF
CRITICAL_PROCESS_DIED

0x000000F1
SCSI_VERIFIER_DETECTED_VIOLATION

0x000000F3
DISORDERLY_SHUTDOWN

0x000000F4
CRITICAL_OBJECT_TERMINATION

0x000000F5
FLTMGR_FILE_SYSTEM

0x000000F6
PCI_VERIFIER_DETECTED_VIOLATION

0x000000F7
DRIVER_OVERRAN_STACK_BUFFER

0x000000F8
RAMDISK_BOOT_INITIALIZATION_FAILED

0x000000F9
DRIVER_RETURNED_STATUS_REPARSE_FOR_VOLUME_OPEN

0x000000FA
HTTP_DRIVER_CORRUPTED

0x000000FC
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY

0x000000FD
DIRTY_NOWRITE_PAGES_CONGESTION

0x000000FE
BUGCODE_USB_DRIVER

0x000000FF
RESERVE_QUEUE_OVERFLOW

0x00000100
LOADER_BLOCK_MISMATCH

0x00000101
CLOCK_WATCHDOG_TIMEOUT

0x00000103
MUP_FILE_SYSTEM

0x00000104
AGP_INVALID_ACCESS

0x00000105
AGP_GART_CORRUPTION

0x00000106
AGP_ILLEGALLY_REPROGRAMMED

0x00000108
THIRD_PARTY_FILE_SYSTEM_FAILURE

0x00000109
CRITICAL_STRUCTURE_CORRUPTION

0x0000010A
APP_TAGGING_INITIALIZATION_FAILED

0x0000010C
FSRTL_EXTRA_CREATE_PARAMETER_VIOLATION

0x0000010D
WDF_VIOLATION

0x0000010E
VIDEO_MEMORY_MANAGEMENT_INTERNAL

0x0000010F
RESOURCE_MANAGER_EXCEPTION_NOT_HANDLED

0x00000111
RECURSIVE_NMI

0x00000112
MSRPC_STATE_VIOLATION

0x00000113
VIDEO_DXGKRNL_FATAL_ERROR

0x00000114
VIDEO_SHADOW_DRIVER_FATAL_ERROR

0x00000115
AGP_INTERNAL

0x00000116
VIDEO_TDR_ERROR

0x00000117
VIDEO_TDR_TIMEOUT_DETECTED

0x00000119
VIDEO_SCHEDULER_INTERNAL_ERROR

0x0000011A
EM_INITIALIZATION_FAILURE

0x0000011B
DRIVER_RETURNED_HOLDING_CANCEL_LOCK

0x0000011C
ATTEMPTED_WRITE_TO_CM_PROTECTED_STORAGE

0x0000011D
EVENT_TRACING_FATAL_ERROR

0x00000121
DRIVER_VIOLATION

0x00000122
WHEA_INTERNAL_ERROR

0x00000124
WHEA_UNCORRECTABLE_ERROR

0x00000127
PAGE_NOT_ZERO

0x0000012B
FAULTY_HARDWARE_CORRUPTED_PAGE

0x0000012C
EXFAT_FILE_SYSTEM

0x00000133
DPC_WATCHDOG_VIOLATION

0x00000138
GPIO_CONTROLLER_DRIVER_ERROR

0x00000139
KERNEL_SECURITY_CHECK_FAILURE

0x00000144
BUGCODE_USB3_DRIVER

0x0000014B
SOC_SUBSYSTEM_FAILURE

0x1000007E
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M

0x1000007F
UNEXPECTED_KERNEL_MODE_TRAP_M

0x1000008E
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M

0x100000EA
THREAD_STUCK_IN_DEVICE_DRIVER_M

0xC0000218
STATUS_CANNOT_LOAD_REGISTRY_FILE

0xC000021A
STATUS_SYSTEM_PROCESS_TERMINATED

0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH

0xDEADDEAD
MANUALLY_INITIATED_CRASH1

Applies to:

Windows Vista Service Pack 2

Windows Vista SP2

Note:  You should check http://support.microsoft.com for the latest version of the different files.

List of Memory leaks and Performance related hotfixes post SP2 for Windows Vista SP2:

970520 The Wmiprvse.exe process creates a memory leak on a computer that is running Windows Server 2008 if you remotely monitor this process by using the WMI interface on a computer that is running Windows Server 2003 or Windows XP
http://support.microsoft.com/?id=970520

Update(s):

Wmiperfclass.dll 6.0.6002.22131
Wmiperfclass.mof
Wmiperfinst.dll 6.0.6002.22131
Wmiperfinst.mof

972600 After you disconnect from a remote desktop session to a destination computer that is running Windows Vista or Windows Server 2008, the default printer is changed when you log on the destination computer from the console
http://support.microsoft.com/?id=972600

Update(s):
Umrdp.dll 6.0.6002.22169
Rdpclip.exe 6.0.6002.22169

980080 Files may be corrupted when a computer that is running Windows Vista or Windows Server 2008 enters the sleep mode or the hibernate mode
http://support.microsoft.com/?id=980080

Update(s): 
Aliide.sys  1.2.0.0
Amdide.sys  6.0.6002.22366 
Atapi.sys  6.0.6002.22366
Ataport.sys  6.0.6002.22366
Cmdide.sys  2.0.7.0
Intelide.sys  6.0.6002.22366
Msahci.sys  6.0.6002.22366
Pciide.sys  6.0.6002.22366
Pciidex.sys  6.0.6002.22366
Viaide.sys  5.1.3790.150 

980259 The SNMP service does not respond to any SNMP requests after a Group Policy refresh in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=980259

Update(s):
Snmp.exe  6.0.6002.22399

981462  The account password is not changed when the Maximum password age is reached on a client computer that is running Windows Vista or Windows Server 2008
http://support.microsoft.com/?id=981462 

Update(s):
Netlogon.dll 6.0.6002.22366
Nlsvc.mof

981964 You experience low performance when you access many small files on an SMB version 1 protocol-enabled remote server from a Windows Vista or Windows Server 2008-based client computer

http://support.microsoft.com/?id=981964

Update(s):
Mrxsmb10.sys 6.0.6002.22403

Ntkrnlpa.exe 6.0.6002.22403
Ntoskrnl.exe 6.0.6002.22403
Rdbss.sys 6.0.6002.22403

982341 Scheduled tasks are delayed in Windows Server 2008 or in Windows Vista
http://support.microsoft.com/?id=982341

Update(s):
Tmm.dll  6.0.6002.22404 
Taskeng.exe  6.0.6002.22404
Taskeng.mof
Schedsvc.dll  6.0.6002.22404
Schedsvc.mof

982528 Operations that use a USB device take a long time to complete on a computer that is running Windows Vista or Windows Server 2008
http://support.microsoft.com/?id=982528

Update(s):
Usbccid.sys  6.0.6002.22413

2272153 It takes four minutes for a computer that is running Windows Vista or Windows Server 2008 to open a Microsoft Office 2003 document from a network share
http://support.microsoft.com/?id=2272153

Update(s):
Mrxsmb20.sys 6.0.6002.22439
Mrxsmb.sys 6.0.6002.22439

2281477 There is about a 20- to 30-second delay in Windows Server 2008 or in Windows Vista when you open a network drive, and its target folder is a DFS share
http://support.microsoft.com/?id=2281477

Update(s):
Csc.sys 6.0.6002.22446
Cscmig.dll 6.0.6002.22446
Cscsvc.dll 6.0.6002.22446

2464876 The WMI repository is corrupted on a computer that is running Windows Server 2008 or Windows Vista
http://support.microsoft.com/?id=2464876

Update(s):

Repdrvfs.dll 6.0.6002.22526
Repdrvfs.tmf

2492806 - A Windows Vista-based, Windows Server 2008-based, and Windows 7-based or Windows Server 2008 R2-based computer that shares some files and some folders may not respond to file share requests
http://support.microsoft.com/?id=2492806

Update(s):

Srvnet.sys 6.0.6002.22571
Srv.sys 6.0.6002.22571
Srv2.sys 6.0.6002.22571

2505189  An update is available for DirectWrite and XPS issues in Windows Vista SP2 and in Windows Server 2008 SP2
http://support.microsoft.com/?id=2505189

Update(s):
Dwrite.dll 7.0.6002.22583
Fntcache.dll 7.0.6002.22583

2518423 Remote Procedure Call (RPC) service crashes in Windows Server 2008 or in Windows Vista
http://support.microsoft.com/?id=2518423

Update(s):
Rpcss.dll 6.0.6002.22615

2523126 A session pool leak occurs when a desktop sharing application runs on a Windows Vista-based or Windows Server 2008-based computer
http://support.microsoft.com/?id=2523126

Update(s):
Win32k.sys 6.0.6002.22616

2526870  Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 may stop responding at the Welcome screen after you enter the user credentials to log on to the computer
http://support.microsoft.com/?id=2526870

Update(s):
Gpprefcl.dll 6.0.6001.18664

2525064 Ntfs.sys driver takes a long time to mount a large volume in Windows Vista or in Windows Server 2008
http://support.microsoft.com/?id=2525064

Update(s):
Ntfs.sys  6.0.6002.22616

2520487 AD DS database size increases significantly when the Credential Roaming feature is enabled in Windows Vista, in Windows 7, in Windows Server 2008 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2520487

Update(s): 
Dimsroam.dll  6.0.6002.22892

2537589 SMB/CIFS sessions leak in Windows Vista, in Windows Server 2008, in Windows 7 and in Windows Server 2008 R2
http://support.microsoft.com/?id=2537589

Update(s):
Dfsc.sys  6.0.6002.22625

2545479 A memory leak occurs, and client requests may take a long time, when you run an application that is based on COM+ and that is registered as single-threaded
http://support.microsoft.com/?id=2545479

Update(s):
Ole32.dll  6.0.6002.22633

2553549 All the TCP/IP ports that are in a TIME_WAIT status are not closed after 497 days from system startup in Windows Vista, in Windows 7, in Windows Server 2008 and in Windows Server 2008 R2
http://support.microsoft.com/?id=2553549

Update(s):
Tcpipreg.sys 6.0.6002.22643
Tcpip.sys 6.0.6002.22643

2581608 Logon scripts take a long time to run in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2581608

Update(s):
Gpapi.dll 6.0.6002.22679
Gpsvc.dll 6.0.6002.22679

2637230 The files in a <filename>_files folder that is associated with an .htm file are not replaced by using Windows Explorer in Windows Vista, in Windows 7, in Windows Server 2008 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2637230

Update(s):
Shell32.dll 6.0.6002.22846

2664408 Variable %userdomain% roaming profile path is not resolved correctly in Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista
http://support.microsoft.com/?id=2664408

Update(s):

Profprov.dll 6.0.6002.22775
Profsvc.dll 6.0.6002.22775
Userprofilewmiprovider.mof

2665364 MS12-019: Vulnerability in DirectWrite could allow denial of service: March 13, 2012
http://support.microsoft.com/?id=

Update(s):
D2d1.dll 7.0.6002.18582

2665803 Slow network file transfer if KB 2251177 is installed on a computer that is running Windows Vista or Windows Server 2008
http://support.microsoft.com/?id=2665803

Update(s):
Rdbss.sys 6.0.6002.22778

2686917 You cannot unlock a computer that is running multiple language versions of Windows Vista SP2 or of Windows Server 2008 SP2
http://support.microsoft.com/?id=2686917

Update(s):
Authui.dll 6.0.6002.22825

2715964 Handle leak when the PdhEnumObjects function is called in Windows Vista or in Windows Server 2008
http://support.microsoft.com/?id=2715964

Update(s):
Bcrypt.dll  6.0.6002.22872
User32.dll  6.0.6002.22872

2727941 "0x00000050" Stop error when you create a volume snapshot in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2727941

Update(s):
Volsnap.sys 6.0.6002.22894

Please take a look at the link below:

“Resource Calculators”

http://technet.microsoft.com/en-us/library/cc546837.aspx

Applies to:

Windows 8

Windows Server 2012

Browse to:

Group Policy Settings Reference for Windows 8 and Windows Server 2012

http://www.microsoft.com/en-us/download/details.aspx?id=25250

Select download next to WindowsServer2012andWindows8GroupPolicySettings.xlsx.

Applies to:

Windows Server 2012

Windows 8

Windows Server 2008 R2

Windows 7

Windows Server 2003

Windows XP

So you are building a new image of Windows, and you want to deploy it to your environment.

You have been using unattend.txt/sysprep since Windows NT 4.0/2000/Server 2003 days or a 3rd party imaging software

And on Vista/Server 2008, you switched out to unattend.xml/syprep.

You passed by the Microsoft BDD (Business Desktop Deployment) toolkit. 

That is alright, now you could save yourself time when building new systems (laptops, workstations or servers), and continue doing your other work by using the "Microsoft Deployment Toolkit”.

Microsoft Deployment Toolkit (MDT) 2012 Update 1

http://www.microsoft.com/en-us/download/details.aspx?id=25175

and a nice intro guide from Jeff Stokes, one of my fellow PFE (Premier Field Engineer) buddies at:

http://blogs.technet.com/b/jeff_stokes/archive/tags/mdt/

or check out “The Deployment guys”

http://blogs.technet.com/b/deploymentguys/

Applies to:

Windows Server 2003 R2 Service Pack 2

Windows Server 2003 Service Pack 2

Windows XP Service Pack 3

Architecture

If you want to find out the ‘architecture’ of Windows Management Instrumentation (WMI), you want to read this MSDN article.  It will give you a nice perspective on how things move and work.

In this diagram above, we are able to see the “WMI Infrastructure” and “WMI providers” which are using the moving pieces that end-up getting corrupted.

Other related references:

Windows Management Instrumentation: A Simple, Powerful Tool for Scripting Windows Management.  (MSDN magazine)
http://msdn.microsoft.com/en-us/magazine/cc302338.aspx

and

WMI Architecture Basics
http://blogs.technet.com/b/askperf/archive/2007/06/12/wmi-architecture-basics.aspx

Best Practices

Before we talk about troubleshooting, let’s start out with the WMI best practices.

#1) Backup your WMI repository

Click on Start, Run

Type “wmimgmt.msc” without the quotation marks and press Enter.

Right click on “WMI Control (Local)”

Click on “Properties”

Select “Backup/Restore” tab

Click on “Back Up Now…”

A naming format that you might want to use is “WMI_Backup_MachineN_MM_DD_YEAR”

Note:  Where MachineN = Machine Name

Where MM_DD_YEAR = Month, Date, and Year

Click on “Open”

So, where does it backup by default?

C:\windows\system32\wbem\repository

How to backup the WMI repository from a command prompt.

winmgmt /backup C:\windows\system32\wbem\repository\WMI_Backup_MachineN_MM_DD_YEAR.rec

To create an automated way of backing it up.

#2) The WMI service is a part of one of the bigger Service Host (SVCHOST.exe).  When you have problems, you will have to break it apart.  You might as well go ahead and do it ahead of time.

Click on Start

Click on Run

Type “CMD.exe” without the quotation marks and press Enter.

Type “RUNDLL32.EXE %Systemroot%\SYSTEM32\WBEM\WMISVC.DLL,MoveToAlone” without the quotation marks and press Enter.

Go to Services (services.msc) and restart WMI

Note:  I prefer it this way than the “net stop/net start” since it will stop and restart the dependent services.

#3) Install the WMI hotfixes that have released after Windows XP SP3, and Windows Server 2003 SP2:

List of WMI related hotfixes post Service Pack 2 for Windows Server 2003
http://blogs.technet.com/b/yongrhee/archive/2010/07/02/list-of-wmi-related-hotfixes-post-service-pack-2-for-windows-server-2003.aspx

#4) Increase the amount of Private bytes that WMI is able to use.

Memory and Handle Quotas in the WMI Provider Service
http://blogs.technet.com/b/askperf/archive/2008/09/16/memory-and-handle-quotas-in-the-wmi-provider-service.aspx

Note:  Yes, we increased it to 512 MB in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Note 2:  If you have any software that uses WMI extensively such as SMS, SCCM/SCCM client, and SCOM/SCOM client.

#5) Prevent WMI repository (database) corruptions. (Optional)

You might want to disable the “Enable write caching on the device��.

If you have fast disks, such as Solid-State Drives (SSD’s) on your Windows XP or Windows Server 2003.

Note: Don’t do this on 4200 RPM, 5200 RPM, 5400 RPM, and 7200 RPM drives. Your system will come down to a crawl.

Note 2: On servers, this is less of an issue, since a lot of the servers, have a battery backed scsi controller. That is, if the administrators keep the replacing the battery on a timely manner. All it takes is 1 hard reset (hard reboot by pressing the power button or if the server hangs) and you have the chance of corrupting the WMI repository (database).

Troubleshooting

Step 1.  Check the “Best practices” section above.

For example, restore your WMI repository from a backup.

Step 2.  Run the  WMI Diagnostic tool:

WMIDiag 2.1 for Windows 7 and Windows Server 2008 R2.
http://blogs.technet.com/b/yongrhee/archive/2012/02/02/wmidiag-2-1-for-windows-7-and-windows-server-2008-r2.aspx

Note:  It works fine in Windows XP and Windows Server 2003.

Step 3. Enable WMI verbose logging per:

Logging Activities for WMI Core Components Before Windows Vista
http://msdn.microsoft.com/en-us/library/windows/desktop/aa392285(v=vs.85).aspx

and if troubleshooting WMI providers:

Logging Activities for WMI Provider Components Before Windows Vista
http://msdn.microsoft.com/en-us/library/windows/desktop/aa392285(v=vs.85).aspx

Step 4.  Check the DCOM permissions per

WMI Troubleshooting
http://msdn.microsoft.com/en-us/library/windows/desktop/aa394603(v=vs.85).aspx

Step 5.  Check for file corruptions

Start, Run

Type “SFC /SCANNOW” without the quotation marks, and then press Enter.

Step 6.  Go thru the “WMI Service Log Files”

Wbemcore.log
Wbemess.log
Mofcomp.log
Wmiadap.log
Wbemprox.log
Framework.log
Winmgmt.log

http://msdn.microsoft.com/en-us/library/windows/desktop/aa827355(v=vs.85).aspx

Step 7.  Go thru the “WMI Provider Log Files”

Wmiprov.log
Ntevt.log
Dsprovider.log

http://msdn.microsoft.com/en-us/library/windows/desktop/aa827354(v=vs.85).aspx

Step 8. If the issue is with a particular WMI provider, then you could try narrowing down the problem by going thru:

Splitting up WMI Providers for Troubleshooting
http://blogs.technet.com/b/askperf/archive/2009/05/29/splitting-up-wmi-providers-for-troubleshooting.aspx

Step 9.  Fix the corrupt WMI repository (database)

Note:  Never, ever delete the WMI repository.

================ Start of WMI_Repository_Rebuild.cmd================

sc config winmgmt start= disabled

net stop winmgmt /y

if exist "%windir%\system32\wbem\repository.old" rmdir /s/q "%windir%\system32\wbem\repository.old"
rename "%windir%\system32\wbem\repository" "%windir%\system32\wbem\repository.old"
for /f %s in ('dir /b /s %windir%\system32\wbem\*.dll') do regsvr32 /s %s
wmiprvse /regserver
winmgmt /regserver

sc config winmgmt start= auto

net start winmgmt /y

================ End of WMI_Repository_Rebuild.cmd================

If the system in question hosts Exchange you should run the following additional CMD file after the WMI service is back up.
MOFCOMP %windir%\system32\wbem\exwmi.mof
MOFCOMP -n:root\cimv2\applications\exchange %windir%\system32\wbem\wbemcons.mof
MOFCOMP -n:root\cimv2\applications\exchange %windir%\system32\wbem\smtpcons.mof
MOFCOMP %windir%\system32\wbem\exmgmt.mof

You could download the “Microsoft Attack Surface Analyzer” version 1.0 from:

Attack Surface Analyzer
http://www.microsoft.com/en-us/download/details.aspx?id=24487

And read all about it here:

Improving Security Using Attack Surface Analyzer
http://technet.microsoft.com/en-us/security/gg749821.aspx

Attack Surface Analyzer 1.0 Released
http://blogs.msdn.com/b/sdl/archive/2012/08/02/attack-surface-analyzer-1-0-released.aspx

If you are having problems with the installation of hotfixes (windows update or the functionality ones, or service pack or a language pack), here are links to install the CheckSUR tool to fix these issues:

System Update Readiness Tool for Windows Server 2008 R2 for Itanium-based Systems (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=13833

System Update Readiness Tool for Windows Server 2008 R2 x64 Edition (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=14668

System Update Readiness Tool for Windows 7 for x64-based Systems (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=20858

System Update Readiness Tool for Windows 7 (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=3132

System Update Readiness Tool for Windows Server 2008 for Itanium-based Systems (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=3748

System Update Readiness Tool for Windows Server 2008 x64 Edition (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=3748

System Update Readiness Tool for Windows Server 2008 (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=22931

System Update Readiness Tool for Windows Vista for x64-based systems (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=1540

System Update Readiness Tool for Windows Vista (KB947821) [September 2012]
http://www.microsoft.com/en-us/download/details.aspx?id=22931

References:
===========
What is the System Update Readiness Tool?
http://windows.microsoft.com/is-IS/windows7/What-is-the-System-Update-Readiness-Tool

947821 System Update Readiness Tool fixes Windows Update errors in Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008
http://support.microsoft.com/?id=947821

958045 Error code when you try to use Windows Update or Microsoft Update to install updates: "0x800B0001"
http://support.microsoft.com/?id=958045

Applies to:

Windows Server 2012

Windows Server 2008 R2

Windows 7

Question:  How do you convert the VMWare .vmdk’s into a Hyper-V .vhd disks?

The tool is able to convert .vmdk’s from:

VMware vSphere 4.1
VMware vSphere 5.0

Supports the following guests (child partitions):
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003 SP2
Windows 7

Applies to:
Windows Server 2008 R2 Service Pack 1
Windows Server 2008 R2 SP1
W2K8 R2 Service Pack 1
W2K8 R2 SP1

Note:  You should check http://support.microsoft.com for the latest version of the different files.

List of Domain Controllers (DC’s) related hotfixes post SP1 for Windows Server 2008 R2 SP1 as of Sep. 2012:

2698279 Settings that are driven by a Netlogon GPO do not work as expected in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2698279

Update(s):
Netlogon.dll 6.1.7601.21958
Bootfix.bin
Nlsvc.mof
Supersede(s):
2666938 Client computer uses site-less SRV records after you restart the computer in Windows 7 or in Windows Server 2008 R2

2685888 Netlogon Semaphore performance counters display incorrect values in the Performance Monitor in a Windows Server 2008 R2-based domain environment
http://support.microsoft.com/?id=2685888

Update(s):
Expand.exe.mui 6.1.7601.21948
Netmsg.dll.mui 6.1.7601.21948
Netlogon.dll 6.1.7601.21948 (updated in 2698279)
Nlsvc.mof  (updated in 2698279)
Supersede(s):
2654097  New event log entries that track NTLM authentication delays and failures in Windows Server 2008 R2 are available
2589015 Selective authentication over a forest trust fails when Windows Server 2008 R2-based RODC and RWDC are involved in the authentication process
2580119 The operating system cannot establish a secure channel after a failed deployment of Windows 7 or Windows Server 2008 R2 on client computers
2494158 Managed service account authentication fails after its password is changed in Windows 7 or in Windows Server 2008 R2

2684982 The Lsass.exe process crashes on Windows Server 2008 R2-based domain controllers
http://support.microsoft.com/?id=2684982

Update(s):
Logoncli.dll 6.1.7601.21934
Netlogon.dll 6.1.7601.21934  (updated in 2698279)

2712286 "1101" error code when you run an esentutl /g command on a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2712286

Update(s):
Esent.dll 6.1.7601.22013
Supersede(s):
2566592 Tuple index is corrupted in a Windows Server 2008 R2 domain

2671874 Heavy WAN usage after you restart centralized Windows Server 2008 R2-based domain controllers
http://support.microsoft.com/?id=2671874

Update(s):
Ntdsai.dll 6.1.7601.21980
Ntdsa.mof

Supersede(s):
2665616 You cannot install a new domain controller on a computer that is running Windows Server 2008 R2 because of an RPC error
2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2
2641962 The msDS-HasInstantiatedNCs and msDS-hasMasterNCs attributes do not replicate if an authoritative restore is performed in Windows Server 2008 R2
2621146 MS11-095: Description of the security update for Active Directory: December 13, 2011
2618669 An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2
2616886 Group membership is emptied on a Windows Server 2008 R2-based RODC after the group is converted from a universal group into a global domain group or a local domain group
2580503 The DirSync control returns more search results than expected in a Windows Server 2008 R2-based domain
2526455  You cannot open the properties of any object by using ADSI Edit after you mount a restored Active Directory database file by using the Active Directory database mounting tool in a Windows Server 2008 R2 Active Directory domain environment
2500682 NSPI query for address book information is slow and high CPU usage on domain controllers in a Windows Server 2008 R2 domain
2468316 A paged LDAP query fails on the second page and the pages that follow in Windows Server 2008 R2
2458125 The Value field under the Attribute item for event ID 5136 is empty in Windows Server 2008 and in Windows Server 2008 R2
2413670 Events 1659, 1481, and 1173 are recorded in the Directory Service event log on Windows Server 2008 R2-based domain controllers after you remove Active Directory Domain Services from the last domain controller in a tree root domain

2680097 Iscsilog.dll is not included in the system state backup files on a Windows Server 2008 R2 SP1-based computer
http://support.microsoft.com/?id=2680097

Update(s):
Crypt32.dll 6.1.7601.21935
Supersede(s):
2677070
2641690 Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing
2615174 "0x80092013, CRYPT_E_REVOCATION_OFFLINEA" error message when you try to verify a certificate that has multiple chains in Windows Server 2008 R2 or in Windows 7
2507119 Outlook crashes when you try to open a compressed email message that is created by a third-party Outlook add-in in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2

2545833 Slow performance occurs when many user authentication requests are handled in Windows Server 2008 R2
http://support.microsoft.com/?id=2545833

Update(s):
Cryptdll.dll 6.1.7601.21732

2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2695401

Update(s):
Lsass.exe 6.1.7601.21959
ksecdd.sys
Supersede(s):
2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2
2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment
2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers
2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012
2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2
2522623 InitializeSecurityContext function might not fall back to NTLM authentication in Windows 7 or in Windows Server 2008 R2 when Kerberos fails and has the STATUS_NO_LOGON_SERVERS status

2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2695401

Update(s):
Supersede(s):
2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2
2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment
2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012
2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2

2701275 The Log On To feature does not work when the name of a Windows 7-based or Windows Server 2008 R2-based client computer contains six or more Traditional Chinese characters
http://support.microsoft.com/?id=2701275

Update(s):
Kerberos.dll 6.1.7601.21966
Supersede(s):
2678068 Remote Assistance invitation fails in an Active Directory environment in Windows 7 or in Windows Server 2008 R2
2566059 RC4 pre-authentication failure for the Network Service account in Windows Server 2008 R2 or in Windows 7
2526946 An SSO solution that calls the LsaLogonUser function to pass a KERB_TICKET_LOGON structure for Kerberos authentication does not work in Windows 7 SP1 or in Windows Server 2008 R2 SP1
2425227 MS11-013: Description of the security update for Kerberos in Windows 7 and in Windows Server 2008 R2: February 8, 2011

2425227 MS11-013: Description of the security update for Kerberos in Windows 7 and in Windows Server 2008 R2: February 8, 2011
http://support.microsoft.com/?id=2425227

Update(s):
kdcsvc.dll

2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2
http://support.microsoft.com/?id=2642658

Update(s):
Ntdsutil.exe 6.1.7601.21898

2696718 NTLM authentication fails intermittently after the computer password is changed through a Windows Server 2008 R2-based RODC
http://support.microsoft.com/?id=2696718

Update(s):
Samsrv.dll 6.1.7601.21970
Samsrv.mof
Samlib.dll 6.1.7601.21970
Samsrv.mof
Supersede(s):
2642658 You cannot create users, computers, or groups on a domain controller that is running Windows Server 2008 R2
2641192 The badPwdCount attribute is not reset to 0 on a Windows Server 2008 R2-based or Windows Server 2008-based PDC when the reset request is sent from an RODC
2618669 An update is available to detect and prevent too much consumption of the global RID pool on a domain controller that is running Windows Server 2008 R2
2386717 The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer

2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2695401

Update(s):
Schannel.dll 6.1.7601.21959
Supersede(s):
2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment
2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers
2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012
2416849 SSL authentication fails and X.509 error occurs when a WCF-enabled application performs mutual authentication in Windows 7, in Windows Server 2008 R2, in Windows Vista, or in Windows Server 2008

2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2695401

Update(s):
Sspicli.dll 6.1.7601.21959
Supersede(s):
2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2
2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment
2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers
2655992 MS12-049: Vulnerability in TLS could allow information disclosure: July 10, 2012
2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012
2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2
2522623 InitializeSecurityContext function might not fall back to NTLM authentication in Windows 7 or in Windows Server 2008 R2 when Kerberos fails and has the STATUS_NO_LOGON_SERVERS status

2695401 DPAPI keys are not synchronized when you unlock a Windows 7-based or Windows Server 2008 R2-based computer
http://support.microsoft.com/?id=2695401

Update(s):
Cng.sys  6.1.7601.21959 
Secur32.dll  6.1.7601.21959 
Supersede(s):
2691043 The Lsass.exe process crashes when you sign in to Lync 2010 to load a certificate from roaming profiles in Windows 7 or in Windows Server 2008 R2
2675498 "NetBIOS domain name\username" format cannot be used with the Kerberos referral mechanism to log on to a computer in a cross-forest environment
2665790 Resource-based constrained delegation KDC_ERR_POLICY failure in environments that have Windows Server 2008 R2-based domain controllers
2585542 MS12-006: Description of the security update for Webio, Winhttp, and schannel in Windows: January 10, 2012
2545850 Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2

2633205 Auto-enrollment process for computer certificates fails on a client computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/?id=2633205

Update(s):
Ncrypt.dll  6.1.7601.21872
Ncryptui.dll  6.1.7601.21872
Supersede(s):
2507840 Keys in the CNG user interface are always described as having no description in Windows 7 or in Windows Server 2008 R2

2619880 "The network path was not found" error message when you start a LDAP-related application in Windows Server 2008 R2
http://support.microsoft.com/?id=2619880

Update(s):
Wldap32.dll 6.1.7601.21822

2637692 RPC threads may stop responding in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2637692

Update(s):
Rpcrt4.dll 6.1.7601.21849

2685088 The screen saver grace period does not work as expected if the period exceeds 60 seconds on a computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/?id=2685088

Update(s):
Winlogon.exe 6.1.7601.21980

Supersede(s):
2617878 You cannot set the LogonTimeout setting after the default RDP listener (RDP-Tcp) is deleted in Windows Server 2008 R2
2562672 Computer stops responding if the smart card is removed during hibernation in Windows 7 or in Windows Server 2008 R2
2468353 The MPR still calls the NPPasswordChangeNotify function to notify a password change event in Windows 7 or in Windows Server 2008 R2 even though the password change is unsuccessful

2600484 Certain user folders are absent from the user profile in Windows 7 or in Windows Server 2008 R2 if the folders are excluded from the roaming profile
http://support.microsoft.com/?id=2600484

Update(s):
Userenv.dll 6.1.7601.21793

2575866 RSoP shows a red X on the icons for registry settings in 64-bit Windows Vista, in 64-bit Windows 7, in 64-bit Windows Server 2008 or in 64-bit Windows Server 2008 R2
http://support.microsoft.com/?id=2575866

Update(s):
Scecli.dll 6.1.7601.21864

2537556 When you use a GPO for application deployment in Windows 7 or in Windows Server 2008 R2, the deployment fails or is delayed
http://support.microsoft.com/?id=2537556

Update(s):
Appmgmts.dll 6.1.7601.21704

2715922 Home folder is not mapped to a client computer when multiple users are logged on to a computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/?id=2715922

Update(s):
Profsvc.dll 6.1.7601.22009

Supersede(s):
2709630 Delay occurs when you log on to a domain from a computer that is running Windows 7 or Windows Server 2008 R2
2673347 Home directory settings that you defined in Group Policy are not applied on a Windows 7 SP1-based or Windows Server 2008 R2 SP1-based VDI client
2664408 Variable %userdomain% roaming profile path is not resolved correctly in Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista
2661663 Stale user profile folders are not deleted completely in Windows 7 or in Windows Server 2008 R2
2600484 Certain user folders are absent from the user profile in Windows 7 or in Windows Server 2008 R2 if the folders are excluded from the roaming profile
2065362 "Unable to log you on because your profile could not be loaded, please contact your administrator" error when you try to log on to a computer in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2

2581608 Logon scripts take a long time to run in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2581608

Update(s):
Gpsvc.dll 6.1.7601.21830
Gpapi.dll 6.1.7601.21830

Supersede(s):
2553771 GetGPOList function does not return all GPOs in Windows 7, in Windows Server 2008 R2, in Windows Vista or in Windows Server 2008
2550944 Group Policy logon scripts do not run in Windows 7 or in Windows Server 2008 R2

2738974 Incorrect start time of Group Policy scheduled tasks on a client computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/?id=2738974

Update(s):
Microsoft.grouppolicy.reporting.resources.dll 6.1.7601.22078
Microsoft.grouppolicy.reporting.dll 6.1.7601.22078
Gpme.dll 6.1.7601.17514
Gppref.dll 6.1.7601.22078
Gpprefbr.dll 6.1.7601.22078
Gpprefcn.dll 6.1.7601.22078
Gpregistrybrowser.dll 6.1.7601.17514
Propshts.dll 6.1.7601.22078

Related list of hotfixes:
------------------------------
List of DFS related hotfixes post Service Pack 1 for Windows Server 2008 R2.
http://blogs.technet.com/b/yongrhee/archive/2011/10/21/list-of-dfs-related-hotfixes-post-service-pack-1-for-windows-server-2008-r2.aspx

List of DNS related hotfixes post SP1 for Windows Server 2008 R2 SP1
http://blogs.technet.com/b/yongrhee/archive/2012/02/18/list-of-dns-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx

List of Network related hotfixes post SP1 for Windows 7 SP1 and Windows Server 2008 R2 SP1
http://blogs.technet.com/b/yongrhee/archive/2011/06/12/list-of-network-related-hotfixes-post-sp1-for-windows-server-2008-r2-sp1.aspx

Applies to:

Windows Server 2012

Windows 8

Windows 8 and Windows Server 2012 Compatibility Cookbook
http://www.microsoft.com/en-us/download/details.aspx?id=27416

Applies to:

Windows 8

Overview of Mobile Broadband in Windows 8
http://www.microsoft.com/en-us/download/details.aspx?id=30695

Building Portable Hotspots for Windows 8
http://www.microsoft.com/en-us/download/details.aspx?id=30684

Windows 8 Integration for Wireless Hotspot Operators
http://www.microsoft.com/en-us/download/details.aspx?id=30698

Providing Mobile Broadband Metadata
http://www.microsoft.com/en-us/download/details.aspx?id=30694

Matching Service Metadata for MVNO Scenarios
http://www.microsoft.com/en-us/download/details.aspx?id=30691 

Overview of Mobile Broadband Windows Runtime API
http://www.microsoft.com/en-us/download/details.aspx?id=29891

Mobile Broadband SMS
http://www.microsoft.com/en-us/download/details.aspx?id=30700

Applies to:

Windows 7 Service Pack 1

Windows 7 SP1

Windows Server 2008 R2 Service Pack 1

Windows Server 2008 R2 SP1

Note: You should check http://support.microsoft.com for the latest version of the different files.

List of Remote Assistance related hotfixes post SP1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 as of Oct. 2012:

2712331 Duplicate SID information is added to the MachineLaunchRestriction registry entry when you update the Offer Remote Assistance Group Policy setting in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2712331

Update(s):
Raserver.exe  6.1.7601.21992
Rendezvoussession.tlb  6.1.7600.16385 

2678068 Remote Assistance invitation fails in an Active Directory environment in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2678068

Update(s):
Kerberos.dll  6.1.7601.21932

2665720 Remote Assistance does not display a desktop that has a resolution of 1366 x 768 correctly in Windows 7
http://support.microsoft.com/?id=2665720

Update(s):
Rdpcore.dll  6.1.7601.21977 

2618837 GDI objects are not displayed correctly on multiple monitors in Windows 7 or in Windows Server 2008 R2
http://support.microsoft.com/?id=2618837

Update(s):
Win32k.sys  6.1.7601.21820 

2614066 Black screen during a Remote Assistance session in Windows Vista, in Windows Server 2008, in Windows 7, or in Windows Server 2008 R2
http://support.microsoft.com/?id=2614066

Update(s):
Msra.exe  6.1.7601.21814
Racpldlg.dll  6.1.7601.21814

Alright ladies and gentleman, for those in the U.S.A. that are still browsing with the other search engines.  Let’s do the blind test comparison at http://www.BingItOn.com

Note: Bring It On without the r.

And see it yourself which search engine gets the answers that you are looking for, out there in the World Wide Web.

or for those of you in living in other countries where Bing.com is still showing as “Beta”, such as Australia, Brazil, Germany, Japan, Korea, etc… if you set Bing.com to United States – English, you could see the improvements:

Select “Preferences” which is the wheel nut icon.

Click on “Or change your country/region”

Select “United States – English”

Happy web surfing.

Applies to:

Every single product that we (Microsoft) shipped, such as:
Windows Server 2012
Windows 8
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
Windows Server 2000
Windows 2000
Windows NT 4.0 Server
Windows NT 4.0 Workstation
Exchange
SQL
Sharepoint
Lync
Communicator
Office
Internet Explorer
and so on.

Have you ever wondered what 0x00000005 or 0x80070005 meant?

We have the tool named ERR.exe which has the Win32 headers and privates for products that we ship.
We used to ship the ERR.exe tool in “Windows Server 2003 Resource Kit”
If you are a developer or use Visual Studio, in the Visual Studio Tools, there is a GUI version of the tool called ERRLOOKUP.exe.

You could download it here:
Microsoft Exchange Server Error Code Look-up
http://www.microsoft.com/en-us/download/details.aspx?id=985

Note: It should really be called “Microsoft Win32 Error Code Look-up”

To install:

Just click on “Run”

Type a location such as “c:\temp”

Click on “Ok”

There will be a folder called “Err” and inside of it, the err.exe tool.

I personally, like to copy the err.exe tool to c:\windows\system32, so that I won’t have to enter the path from the command line, since c:\windows\system32 is in the Path of the “Environment Variable”.

What type of information can I get out of this tool?

You are able to see which NTStatus header files the tool looks thru, and the components, which are the base Windows O.S. components, used by any application that has to run on top.

Usage:

For example, let’s find out what a 0x00000005 is actually.

Open a command prompt (cmd.exe) and type:

Err.exe 0x00000005

So you end up with 39 matches.

Ok, so which one applies to you? Depending on the component you are troubleshooting, you will choose that particular component.

For example, for most Windows administrators, we are going to be looking for winerror.h or ntstatus.h

In Windows XP and Windows Server 2003, what I noticed is that admin’s will click on the “For more information, see Help and Support Center at …” which leads to nowhere… =) and disregard the “Data:” section, since it shows values in “Bytes” which looks like just some hex numbers:

If you click on “Words”, we could see a hex value of “c0001066”

In this example, we get an error message that we already knew, but really, the information contained here is a gold mine, when you are troubleshooting a problem.

Here is an example of Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2, in the event log, one of my VM’s was getting the following error message:

Log Name: System

Source: Server

Date: 10/6/2012 7:03:03 AM

Event ID: 2505

Level: Error

Description:

The server could not bind to the transport \Device\NetBT_Tcpip_{6AB7579E-2A1E-41C5-8AF4-E028EF4D3D20} because another computer on the network has the same name. The server could not start.

If I click on the “Details” tab, I’m able to go to the “Binary data:” and look at the “Words” value.

In this case 0000034 which is 0x0000034

Typing “err.exe 34”, I’m able to get the following info:

Looking at the “winerror.h, I’m able to see multiple winerror.h, so I need to gauge what applies to the issue that I’m troubleshooting.

In this case, I knew the event log error was regarding “duplicate name exists on the network”.

Are you looking for an opportunity to work on the cutting edge of Windows technology?  Are you looking for a challenging opportunity to develop your skills further?  Do you want to be a part of a team that teaches, prevents and fixes issues?  If you said yes to these questions then we are looking for you and your talents.

What is a PFE like?

How to become a Premier Field Engineer (PFE)

we also have the CTS interview cycle, which is very similar to our (PFE) organizations process.

One of us: What it was like to interview for a support role at Microsoft

Do I really need at least 5 years of experience?

What we are really looking for is IQ, practical knowledge, logical thought, and communication skills.

What are the benefits?

Perks & Benefits

Is it a good place to work for?

It makes Fortune’s 100 best companies to work for.

How do I prepare?

Here is an example of what you should be learning to try getting into one of the positions.

Seeing the domains through the forest: What you need to know to build your career in Directory Services technologies

My personal advice is, be hungry to take on new challenges that await you.  For a lot of folks, that might look like ‘work’ but if you are really passionate about technology, you love it 24x7.

Browse to http://careers.microsoft.com

Select “Services & Consulting” and select “United States”

Click on “Search”

Select “Windows” under Product

Select “Services & Support” under “Division”

Click on “Search”

You will have the three (3) jobs above.

Irvine, CA. is where I’m based out of, which is about 1 hour away from Los Angeles, CA.

San Francisco, CA. is close to ‘Silicon Valley’

And Issaquah, WA. is about 35 minutes south of Redmond, WA. which is our main headquarters.

Let’s say that you want to stay in the East coast or Mid-west or in the Mountain region.

Or

You specialize in another technology such as Exchange, SQL, Sharepoint, etc…

That is ok.

You could see that we have over 100 posting as of today.

The PDF is available at for download at:

Springboard Series Resource Guide for Windows 8

http://www.microsoft.com/en-us/download/details.aspx?id=34798