[SOLVED] Problems after installing KB4524104 on Windows Server 2012 R2

valistral

valistral

Contributor
Joined
Mar 26, 2019
Posts
52
The first symptoms were crashes with 32 bits ASP.NET IIS processes out of the blue, then the Network Policy Server MMC console crash on open throwing an exception. And when I tried to run SFC /verifyonly the following happened:

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 99% complete.

Windows Resource Protection could not perform the requested operation.

Apparently there's yet another Component Store corruption (I just posted another thread a some 2 weeks ago or so), I attached the CBS log for clarity on the failed SFC scan.

I managed to caveat around some issues to at least restore websites functionality on IIS but I'd like to be able to use the NPS snap-in again since I'd need to modify a few settings in there, As this seems to be a WU caused issue I thought this was the right forum for the thread but in case it's not feel free to move it around.

Thanks again for any insight you could provide me.
 

Attachments

Hi!

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.


  1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
  2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  3. Save any open documents and close all open windows.
  4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  6. SFCFix will now process the script.
  7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
  8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.



SFC Scan


  1. Click on the Start button and in the search box, type Command Prompt
  2. When you see Command Prompt on the list, right-click on it and select Run as administrator
  3. When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\cbs.txt"
  4. This will create a file, cbs.txt on your Desktop. Please attach this to your next post.
 

Attachments

Rerun SFC, now still stops at 99% but says that there were no integrity violations:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 99% complete.

Windows Resource Protection did not find any integrity violations.

Although in the CBS log it still shows the component store is corrupted.
 

Attachments

Step#1 - Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running 1-2 mins prior to it failing.
2. Try running SFC just like you have in the past.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the magnifying glass on the toolbar as shown below.
i3yiUac.png


4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and provide the link to the LogFile.PML file as well as your CBS.log Examples of services to upload to are Dropbox or OneDrive or SendSpace.
 
I took the full capture of the SFC scan, there shouldn't be much noise.

Attached is the CBS log while here is the capture.
 

Attachments

Thanks:

Retrieve Components Hive
1. Navigate to C:\Windows\System32\Config and locate the COMPONENTS file.
2. Please copy this file to your desktop.
Note: If you receive an error that this file is in-use, simply reboot your computer and try again.
3. Right-click on this file on your desktop and select Send To...Compressed (zipped) folder. This will create a file named COMPONENTS.ZIP on your desktop.
4. The file will likely be too large to upload here so please upload to a file sharing service. Examples of services to upload to are Dropbox or OneDrive or SendSpace and then just provide the link in your reply.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

Done.
----------

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by <censored> (13-10-2019 23:52:28) Run:8
Running from C:\Users\<censored>\Desktop
Loaded Profiles: <censored> & MediaAdmin$ & <censored> (Available Profiles: <censored> & MediaAdmin$ & <censored> & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
cmd: reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
[-HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\84ea79cb0a8..55c9b56d933_b03f5f7f11d50a3a_4.0.9696.16561_163ce096d0e01570]
[-HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_netfx4-filetrackerui_dll_ln_b03f5f7f11d50a3a_4.0.9696.16561_none_e9f4e26a38193d2d]
StartRegedit:
[HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\84ea79cb0a8..55c9b56d933_b03f5f7f11d50a3a_4.0.9696.16561_163ce096d0e01570]
"appid"=hex:38,34,65,61,37,39,63,62,30,61,38,39,34,64,33,38,35,35,30,34,34,35,\
35,63,39,62,35,36,64,39,33,33,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,\
61,6c,2c,20,56,65,72,73,69,6f,6e,3d,34,2e,30,2e,39,36,39,36,2e,31,36,35,36,\
31,2c,20,50,75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,62,30,33,66,35,66,37,\
66,31,31,64,35,30,61,33,61,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,\
74,65,63,74,75,72,65,3d,61,6d,64,36,34,2c,20,76,65,72,73,69,6f,6e,53,63,6f,\
70,65,3d,4e,6f,6e,53,78,53
"CatalogThumbprint"="4702b3f0b1248547b0c454890f722c54ffe7e6669f52c5c536df7c5161fb2022"
"p!CBS_package_10_for_kb4486105~31bf3856ad364e35~amd64~~6.3.1.2992._1755114730fb4151"=hex:53,\
00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,30,5f,66,6f,72,5f,4b,42,34,\
34,38,36,31,30,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,61,\
6d,64,36,34,7e,7e,36,2e,33,2e,31,2e,32,39,39,32,2e,34,34,38,36,31,30,35,2d,\
38,39,32,5f,6e,65,75,74,72,61,6c,5f,47,44,52,39
"s!CBS_package_10_for_kb4486105~31bf3856ad364e35~amd64~~6.3.1.2992._1755114730fb4151"=hex:53,\
00,00,00,00,00,00,00,50,61,63,6b,61,67,65,5f,31,30,5f,66,6f,72,5f,4b,42,34,\
34,38,36,31,30,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,61,\
6d,64,36,34,7e,7e,36,2e,33,2e,31,2e,32,39,39,32,2e,34,34,38,36,31,30,35,2d,\
38,39,32,5f,6e,65,75,74,72,61,6c,5f,47,44,52
"i!CBS_package_10_for_kb4486105~31bf3856ad364e35~amd64~~6.3.1.2992._1755114730fb4151"=hex:53,\
00,00,00,01,00,00,00,50,61,63,6b,61,67,65,5f,31,30,5f,66,6f,72,5f,4b,42,34,\
34,38,36,31,30,35,7e,33,31,62,66,33,38,35,36,61,64,33,36,34,65,33,35,7e,61,\
6d,64,36,34,7e,7e,36,2e,33,2e,31,2e,32,39,39,32,2e,34,34,38,36,31,30,35,2d,\
38,39,32,5f,6e,65,75,74,72,61,6c,5f,47,44,52,39

[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_netfx4-filetrackerui_dll_ln_b03f5f7f11d50a3a_4.0.9696.16561_none_e9f4e26a38193d2d]
"S256H"=hex:95,e6,1b,6b,51,eb,5f,c6,df,0e,d5,c4,9e,04,cf,a2,c2,1a,64,8e,04,0c,\
07,ea,eb,e0,04,b5,c0,a6,c4,05
"identity"=hex:4e,65,74,46,78,34,2d,46,69,6c,65,54,72,61,63,6b,65,72,55,49,5f,\
64,6c,6c,5f,6c,6e,2c,20,43,75,6c,74,75,72,65,3d,6e,65,75,74,72,61,6c,2c,20,\
56,65,72,73,69,6f,6e,3d,34,2e,30,2e,39,36,39,36,2e,31,36,35,36,31,2c,20,50,\
75,62,6c,69,63,4b,65,79,54,6f,6b,65,6e,3d,62,30,33,66,35,66,37,66,31,31,64,\
35,30,61,33,61,2c,20,50,72,6f,63,65,73,73,6f,72,41,72,63,68,69,74,65,63,74,\
75,72,65,3d,61,6d,64,36,34
"c!84ea79cb0a8..55c9b56d933_b03f5f7f11d50a3a_4.0.9696.16561_163ce096d0e01570"=hex:
"f!filetrackerui.dll"=dword:00000001
EndRegedit:
*****************

Error: (0) Failed to create a restore point.

========= reg load HKLM\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS =========

The operation completed successfully.


========= End of CMD: =========

HKEY_LOCAL_MACHINE\COMPONENTS\CanonicalData\Deployments\84ea79cb0a8..55c9b56d933_b03f5f7f11d50a3a_4.0.9696.16561_163ce096d0e01570 => removed successfully
HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_netfx4-filetrackerui_dll_ln_b03f5f7f11d50a3a_4.0.9696.16561_none_e9f4e26a38193d2d => removed successfully
Registry ====> The operation completed successfully.


==== End of Fixlog 23:52:29 ====
 
SFC completes and CBS log looks clean, at my eyes at least, attached is the CBS log and procmon capture here.

Should I eventually run DISM to see if it catches Metadata corruption? I think I glanced like 14 last time I ran it after these problem arised.

Thanks again, best regards.
 

Attachments

Thanks.

Please do the following:

Step#1 - Export CBS hive
  • Click on the Start button and in the search box, type regedit
  • When you see regedit on the list, right-click on it and select Run as administrator.
  • When regedit opens, using the left pane, navigate to the following registry key and select it by clicking on it once.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing
  • Once selected, click File > Export....
  • Change the Save as type: to Registry Hive Files (.).
  • Name this file ComponentBasedServicing (with no file extension) and save it to your Desktop.
  • Right-click on the saved file and choose Send To -> Compressed (zipped) Folder.
  • Attach the .ZIP file to your next post.
  • If the file is too large to upload here, upload to Dropbox or OneDrive or SendSpace and just provide the link here.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

Done
--------

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by <censored> (14-10-2019 22:12:00) Run:9
Running from C:\Users\<censored>\Desktop
Loaded Profiles: <censored> & MediaAdmin$ & <censored> (Available Profiles: <censored> & MediaAdmin$ & <censored> & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_727_for_KB4103725~31bf3856ad364e35~amd64~~6.3.1.4.4103725-1129_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_731_for_KB4284815~31bf3856ad364e35~amd64~~6.3.1.6.4284815-1139_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_732_for_KB4338815~31bf3856ad364e35~amd64~~6.3.1.9.4338815-1147_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_732_for_KB4338831~31bf3856ad364e35~amd64~~6.3.1.11.4338831-1147_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_688_for_KB4093114~31bf3856ad364e35~amd64~~6.3.1.5.4093114-1081_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_732_for_KB4457129~31bf3856ad364e35~amd64~~6.3.1.7.4457129-1153_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_733_for_KB4471320~31bf3856ad364e35~amd64~~6.3.1.4.4471320-1158_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_733_for_KB4480963~31bf3856ad364e35~amd64~~6.3.1.5.4480963-1158_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_733_for_KB4487000~31bf3856ad364e35~amd64~~6.3.1.12.4487000-1160_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_766_for_KB4507448~31bf3856ad364e35~amd64~~6.3.1.9.4507448-1218_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd|Package_766_for_KB4507463~31bf3856ad364e35~amd64~~6.3.1.12.4507463-1219_neutral_GDR
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_1.0.0.0_zh-tw_deec12a375329fca|Paciage_2023_for_KB4516067~31bf3856ad364e35~amd64~~6.3.1.8.4516067-3318_neutral_GDR


*****************

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_727_for_KB4103725~31bf3856ad364e35~amd64~~6.3.1.4.4103725-1129_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_731_for_KB4284815~31bf3856ad364e35~amd64~~6.3.1.6.4284815-1139_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_732_for_KB4338815~31bf3856ad364e35~amd64~~6.3.1.9.4338815-1147_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_732_for_KB4338831~31bf3856ad364e35~amd64~~6.3.1.11.4338831-1147_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_688_for_KB4093114~31bf3856ad364e35~amd64~~6.3.1.5.4093114-1081_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_732_for_KB4457129~31bf3856ad364e35~amd64~~6.3.1.7.4457129-1153_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_733_for_KB4471320~31bf3856ad364e35~amd64~~6.3.1.4.4471320-1158_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_733_for_KB4480963~31bf3856ad364e35~amd64~~6.3.1.5.4480963-1158_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_733_for_KB4487000~31bf3856ad364e35~amd64~~6.3.1.12.4487000-1160_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_766_for_KB4507448~31bf3856ad364e35~amd64~~6.3.1.9.4507448-1218_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_0.0.0.0_none_391d74e4892257bd\\Package_766_for_KB4507463~31bf3856ad364e35~amd64~~6.3.1.12.4507463-1219_neutral_GDR" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_1.0.0.0_zh-tw_deec12a375329fca\\Paciage_2023_for_KB4516067~31bf3856ad364e35~amd64~~6.3.1.8.4516067-3318_neutral_GDR" => removed successfully

==== End of Fixlog 22:12:00 ====
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top