I’m not sure exactly what happened to my son’s Dell XPS2720 All-in-One PC last week, but following the application of the Update Tuesday patches and fixes, the machine started flaking out big-time. The most obvious symptom was a set of recurring errors reporting a damaged or corrupt file named iertutil.dll, which apparently exerts a fairly profound impact on overall Windows 8 behaviors. Alas, I was unable to address the issue using the sfc /scannow command-line utility, nor did attempted registry repairs make things right, either. Even a “copy-over” of a known, good, working version of the offending dll into the WinSXS folders that underlay the C:\Windows\System32 (and other key) folders didn’t help.
Conditions quickly worsened, when the corruption problems made it impossible to revert to a pre-patch Restore Point, or indeed to even restore an image backup on the affected machine (the built-in, Control-Panel-based image backup/restore didn’t work, nor did RecImgManager). Reluctantly, I came to the conclusion that a clean reinstall was called for, and I dreaded the hours of drudgery that seemed inevitable in the wake of this decision.
I shouldn’t have worried. The rebuild process went much better than I had expected. I was able to reinstall Windows 8 in under 10 minutes, and I got the added benefit of switching from the RAID pairing of a small (32 GB) SSD and the built-in 2GB conventional HDD to booting from the larger (256 GB Samsung EVO 840) SSD I had since installed on that machine, with the HDD now serving only as extended storage for that system. Bootups and shutdowns sped up enormously, and the overall operation of the system was much snappier, too.
After re-installing Windows 8, I discovered only about 15 drivers out of date as reported by DriverAgent, over half of which were fixed by applying the proper Intel Chipset Utility to the machine. It took me less than 15 minutes to bring all drivers completely up to date, much to my surprise and delight.
I did have to apply around 90 updates from Windows Update to bring the system up to full Windows 8.1 Update 2 status, though, which took about two hours to complete, even with a fast Internet connection. I don’t know why, but downloading huge numbers of updates is slowed considerably by pauses in the download process every now and then that can stretch out for four or five minutes at a time (I had two big batches of updates to apply, each with over 40 items in the hopper, plus another dozen or so additional items here and there). I relied on my Network Meter desktop gadget and/or watching the NIC through Task Manager’s Performance tab to observe network activity while the update process was underway. I’m not sure if I fell victim to the old “watched pot never boils” phenomenon or not, but eventually, everything was up to date.
After that, I downloaded and applied my usual suite of applications. These days, that means WinDirStat, SIW Pro, FileZilla, CCleaner Slim, Start8, GadgetPack8, and a few other odds and ends. All told, this took another 40 minutes or so.
The final situation was that I took the XPS2720 from bare metal to a finished, ready-to-use system in under 5 hours. This is something of a personal record, and reflects how much simpler and easier rebuilding a Windows system has become over the years. I can remember when dealing with media (floppies or CDs/DVDs) consumed a great deal of time all by itself, and when finding and grabbing drivers was another terrible time-sucker. It’s a shame I had to rebuild this system at all but as such experiences go, this one turned out to be a relative breeze. What a relief!
Microsoft is covering its bases on the enterprise and consumer fronts.
First, the company on Sept. 30 will show a technical preview of Windows 9 highlighting its enterprise focus. Second, Microsoft said it would acquire Mojang, the popular maker of the addictive Minecraft game for $2.5 billion.
It’s no surprise Microsoft is touting Windows 9 for the enterprise. The company tried to be radically hip with a new user interface when Windows 8 first shipped and we all know how that turned out. Windows 8.1 Enterprise was an improvement, but when the industry likens Windows 8 to Vista, you know it’s all over.
Today 51.2% of the desktop operating system installed is Windows 7 with only 13.4% attributed to Windows 8 and Windows 8.1, according to last month’s figures from NetmarketShare. Even the now defunct and unsupported Windows XP commands 23.9% market share.
But as we all know, Microsoft is like a Weeble that wobbles but doesn’t fall down.
With Windows 9, its clear how the enterprise might embrace this operating system if and when their organization is ready to move beyond Windows XP and Windows 7.
The look and feel is reminiscent of the enterprise’s beloved Windows 7 with the traditional desktop user interface. And, more importantly, the Start Button returns. Now the Start Button shows how the operating system can display menus in both the traditional and modern look. There is also the ability to show virtual desktops, similar to what Apple’s Mac OS X does.
The company also worked out many of the security features enterprise IT pros expected in Windows 8.1 that should continue with Windows 9.
With some of these new snazzy features, Microsoft hopes to marry both the enterprise and consumer needs, providing an operating system enterprise IT can deploy while also bringing the more vibrant consumer flair to the table.
What Microsoft must work on, however, is improving its track record for updates. Several times the company has recalled Windows 8.1 updates. If this continues in Windows 9, who knows whether enterprise IT will seriously consider upgrading to the new operating system.
As Microsoft readies its Windows 9 debut on Sept. 30 we can only hope the software giant doesn’t move far away from its enterprise roots. Live and learn, but Microsoft needs to remember the enterprise customer is its bread and butter.
What will be interesting is whether Microsoft can get more businesses to adopt Windows Phone. Unless Minecraft is pushing BYOD with young consumers, I don’t think that’s the answer. Windows Phone is a far distant third in smart phone market share compared with iPhones and Google Android devices. Will Minecraft on Windows Phone be the next Angry Birds or Candy Crush that motivates both business users and consumers to adopt the platform? That’s an iffy proposition.
For now, let’s just hope Microsoft does it right with Windows 9 and gives what IT pros need to consider deploying the next operating system into their organization.
For those not already in the know, Sysinternals is the name of a former company that’s now part of Microsoft that’s long been a source for some of the very best Windows monitoring, management, and troubleshooting tools around. The brainchild of Microsoft Fellow Mark Russinovitch (whose praises I’ve sung many time in this blog and elsewhere in my writings) and Bryce Cogswell, the Sysinternals Suite from Microsoft contains a total of 68 Windows tools, including my personal favorite, Process Explorer, whose capabilities have been around for years, but which became part of the expanded capabilities of Task Manager in Windows 8, just to give you some idea about how much sway over MS Mr. Russinovich can occasionally exert.
A new version of the Sysinternals Suite posted to the MS pages on 9/11/2014.
Here’s a list of the utilities contained in this sterling collection, now available as a single download file, with links to the “man-page-equivalents” for each one, for those curious enough to want to read more about them.
“Fie on that!” sez I: grab and download the whole set right away and play with it on your machine instead. You won’t be sorry.
Earlier this week, Update Tuesday occurred, bringing with it anywhere from one to two dozen updates (more for machines with MS Office installed, less for those without). As is my usual practice, I updated the half-dozen plus computers here in the house, and watched them go through the update process. This time around, the usual monthly installment of the Windows Malicious Software removal tool came up in the number three spot as the process chunked through its sequence of applying those updates. I couldn’t help but notice that while this element usually takes minutes to grind to completion on most PCs, it was taking an inordinately long time on one of my PCs (the production machine, wouldn’t you know it?) — about an hour, in fact, by the time it was finished.
This is pretty much standard text for the MRT, as it’s usually abbreviated, repeated like clockwork every month.
This caused me to do a little digging to learn more about the tool, and how it works. Along the way I came across a couple of useful resources I’d like to share:
1. The Microsoft Safety & Security Center has a page (and a download link for the standalone version) on the MRT entitled “Malicious Software Removal Tool”
2. MS Support offers an informative page entitled “How to troubleshoot an error when you run the Microsoft Windows Malicious Software Removal Tool”
Among other things, I learned that the program writes to a log file each time it runs, and that log file is named mrt.log, which resides in the
%systemroot%\debug directory (that environment variable translates into “C:\Windows” on most PCs, BTW). My thinking was that the program took such a long time to complete because it found something interesting, so I hoped that a gander at the log file would show me what, if anything, the program had found. Alas, it showed only a return code of 0 which, as all long-time Windows-heads know, means successful completion and thus also, no errors found (or fixed).
I did observe something else interesting, though: despite the documentation indicating that MRT runs only when its downloaded from the Windows Update center, my MRT log shows it running several times a day, every day, for only a few seconds at a time (typically, 2 or 3). It looks like MRT must be scheduled to run on a regular basis — how else to explain the recurring, multiple-times-a-day log entries? So, although I didn’t find any problems reported from running the MRT after the last updates, I did learn something interesting about the program and its behavior.
I ran across an interesting story on Neowin this morning. Entitled “New Intel drivers give up to 30% performance boost for Surface Pro 3,” it actually covers more than just the latest Microsoft flagship tablet. In fact, any PC with a newer graphics chipset (actually, anything Haswell or newer) that’s rated as an Intel HD 4400 or better, or HD 5000 or better, can benefit from these drivers. Thus, in fact, my Fujitsu Q704 tablet is one of numerous newer Intel-chip-equipped tablets, ultrabooks, and notebooks that is able to exploit the new driver’s abilities. For a complete list of the processors affected, check out this Intel list (i7 CPUs, other lists are available for i5, i3, and so forth through the ARK home). Very conveniently also, this driver was pushed out as a part of the September 9 “Update Tuesday” elements released just yesterday through Windows Update. Here’s what the details Window for that update looks like therein:
It’s unusual for a driver update to confer double-digit performance gains, let alone 30%!
How much of a boost can these new drivers confer? According to the Neowin story, “The update is said to improve performance by up to 30% in some activities which is a solid increase for a simple driver update.” To my way of thinking this makes them unusually worth applying to those PCs that sport the requisite graphics circuitry. This means that admins whose users’ PCs qualify will probably want to fast-track this particular update. ‘Nuff said.
The IFA took place in Berlin, Germany last week, where Intel took the opportunity to share a lot more information about its latest upcoming family of mobile processors. (IFA is German, and stands for “Internationale Funkaustellung” which, literally translated, means “International Broadcast Exhibition,” and is rendered at AcronymFinder more verbosely as “International Fair of Broadcasting Services.”) This CPU family was initially introduced under the Broadwell name at CompuTex in Tapei earlier this summer in June, but is only now getting more complete disclosure from Intel as the Core M Processor line, along with disclosure of numerous Core M based tablets, convertibles and ultrabooks from a variety of OEMs as well. The image at the left below is an enhanced photo of the Broadwell die (source: Intel).
The biggest news about the Core M family is that its wattage ranges are low, low, low. At the same time that Intel is touting these chips as running up to 50 percent faster for compute-intensive loads, and up to 40 percent faster for graphics performance, as compared to Haswell models, the processor package itself is 50 percent smaller than its predecessor. This means that the rated power consumption levels for these chips– rated at 4.5 W across the board — is low enough to enable designs that don’t require fans for active cooling, and better still, mean big boosts for battery life in wafer-thin tablets, convertibles, and ultrabooks.
Several OEMs got up on stage with Intel at IFA to proffer a variety of Broadwell designs, too, most of which are slated for delivery in mid- to late-October 2014:
- Acer is preparing the Aspire Switch 11, a 2-in-1 device (a tablet with 11.6″ display and a keyboard dock) for market delivery.
- Asus is preparing its ZenBook UX305 a 13″ ultrabook with a QHD display for October delivery, and had already announced its Transformer Book T300FA 2-in-1 device at Computex last June.
- Dell is offering a business class 2-in-1 called the Latitude 13 7000 Series with a 13″ HD display.
- HP is planning two 2-in-1 ENVY x2 models, in 13.3″ and 15.6″ form factors.
- Lenovo is preparing a new ThinkPad Helix 2-in-1 model with an 11.6″ full HD display and two different keyboard docks (the Pro model features the little red rubber trackbump so beloved of many ThinkPad users).
This promises to make October an interesting month for prospective Windows tablet buyers, with a particular emphasis on more-business focused models from Dell, HP, and Lenovo in the mix. Methinks that the Surface Pro 3 is going to get a run for its money from a series of even thinner and lighter 2-in-1 models with superior battery life.
In the ongoing battle to increase system stability on my production PC, I’ve found a new point of interest and attack in the Reliability Monitor log for my primary production PC — namely, Secunia PSI. In this case, PSI stands for “Personal Software Inspector:” basically, it monitors the applications installed on an individual PC, and checks their version numbers, patches and updates applied, and so forth, against its database of what’s most current (or what needs to be applied to protect against known vulnerabilities). Now that I’ve eliminated an earlier problem as reported in my 8/22 blog entitled “Chronic OneDrive/SkyDrive Problems Widespread” which had my PC experience daily Appcrash events for OneDrive, PSI has jumped to the top of my “what’s causing problems now?” queue. This recent weekly Reliability Monitor log shows that OneDrive is no longer crashing, but that PSI is happily taking its place:
For what turns out to be API compatibility reasons, PSI stops working when it’s asked to run a scan on a Windows 8.1 PC
A little research on the PSI forums at secunia.com showed me that changing the application’s compatibility settings to Windows 7 (and also selecting the “Run this program as an administrator” checkbox) would do away with these issues. And sure enough, the foregoing monitor log shows that since making those changes on Wednesday, the problem has not recurred, despite numerous subsequent invocations of the program to try to provoke the error again. Here’s a screen cap of what’s required (and what’s apparently working):
Two quick tweaks on the Compatibility tab called up by right-clicking the psi.exe exe file, then selecting Properties, does the trick.
This is just another daily step in the relentless pursuit of supreme system stability on a modern Windows PC. Don’t we all wish such manueverings were unnecessary? But then, this is simply business as usual in my world, and the worlds of those charged with taking care of user machines.
One final note: though the license terms mean that enterprise admins are unlikely to use PSI, and will probably use the Corporate Software Inspector (CSI) version instead, they should take cheer from the lack of such stability complaints against that product. Concerted search/research and an examination of the CSI user forms at Secunia indicate that the corporate version of the program is not subject to these stability problems, nor are any contortions therefore necessary to repair or mitigate them, either.
In the wake of a series of botched Windows Updates that started on August 12 (our first “Update Tuesday” if you like the new nomenclature, or our most recent “Patch Tuesday” if you prefer the old), MS re-released another update yesterday. This one’s an optional update rollup that applies to Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2. It’s named KB2975719, and it now shows a release date of September 2, 2014. Unlike earlier re-released update 2982791 (about which I blogged on August 29), it’s not necessary nor recommended to first uninstall the August 12 version of this same update before installing the September 2 version. Nevertheless, a restart is required once the update is complete.
Another reissued August 2014 update, this time for the “functionality rollup.”
The elements included in the rollup are depicted on the KB page as follows:
Most of these changes are pretty minor, or affect only a small subset of Windows users. There’s info about when the last time Windows Update was run, and the last time updates were downloaded (item 1). The Precision Touchpad is a kind of touchpad (found primarily in the Surface Pro 3) for which some nice functionality changes are provided (users must have a “Mouse and touchpad” entry in PC Settings to take advantage of item 2). Only those who use or need the Russian currency symbol will benefit from item 3, and item 4 is primarily aimed at making Miracast receivers discoverable via Wi-Fi for multimedia use. Item 5 permits use of “Date taken” and GPS info for MP4 files for Windows Runtime and Win32 APIs, and Item 6 cuts down on message traffic for SharePoint Online site access. Mostly a ho-hum, IMHO. But there it is, so admins will want to grab and test this one for upcoming scheduled releases, and make sure to omit the August 12 version of the same KB item from their future testing and deployments.
With the introduction of Windows Server 2012 R2 in October 2013, Microsoft first introduced what it called “extended replication” for Hyper-V. This facility permits any Hyper-V VM to be directed to two different replication targets, which usually means a local target for immediate access, rebuild, and recovery; and a cloud-based target for off-site protection, disaster recovery, and so forth. In July, 2014, as an outcome of Microsoft’s acquisition of InMage Systems, the company’s Azure Site Recovery now supports a variety of hybrid cloud-based business continuity solutions that not only encompass on-premises Hyper-V clouds, and Microsoft Azure, but that also extend to enterprise private clouds, active workloads, and hosted clouds in the Azure environment. Furthermore, the company’s self-described strategy is “…to provide hybrid cloud business continuity solutions for any customer IT environment, be it Windows or Linux, physical or virtualized on Hyper-V, VMware, or others.”
Sometimes, bullet-speak is helpful when decoding complex services, such as DRaaS.
Let’s unpack these bullets so as to better understand what’s going on here:
- Automated protection and replication of VMs: users can established and control automation policies for replication and recovery; integrates with Hyper-V Replica, System Center, and SQL Server AlwaysOn.
- Remote Health Monitoring: Uses System Center Virtual Machine Manager to continuously and remotely monitor cloud health from within Azure.
- Customizable recovery plans: buyers can choose to replicate to their own private clouds at a lower price, or to replicate to Azure based private clouds at a higher price (see below for some details).
- No-impact recovery plan testing: Replication and testing imposes no impact on primary private cloud VMs and host machines; test as often as you like without worrying about impacts on users or consumers of cloud-based services and data.
- Orchestrated recovery when needed: This MS DRaaS (Disaster Recovery as a Service) offering enables orchestrated recovery for virtual machines for quick service restoration, even for complex, multi-tiered workloads. This comes courtesy of the Azure management portal, which enables creation of recovery plans, then handles their automation and implementation.
- Replicate to — and recover in — Azure: Lets the Azure cloud function as the “replication site” for recovery operations, to avoid costs associated with creating and maintaining an actual disaster recovery site. Though it’s a higher-priced option, published prices are cheap (though they’re linked to a trial period, and will obviously go up thereafter, where final rates are not so readily available).
A free trial is available on the afore-linked page for easy “try it before you buy it” use, and pricing is surprisingly affordable (though costs vary by geographic region; I used my location in the US West to produce these examples):
- $16 per VM per month for customer owned/hosted targets
- $27 per VM per month for site recovery to Azure sites, where additional monthly storage fees will also be incurred for over 100 GB per VM.
- Pricing after the trial period ends is not readily available, though you can use the Azure Calculator to make that determination given a fairly detailed inventory of your workloads, plus storage and bandwidth consumption needs.
This is a pretty interesting offering, and is bound to set the bar for other major cloud vendors and to give smaller players who first jumped into DRaaS some powerful food for thought. It’s definitely worth checking out.
On August 18, I blogged about the withdrawal of a series of updates originally released on August 12 — most notably, KB2982791. At that time, MS recommended that IT admins at least consider uninstalling any or all of KB2982791, KB297028, KB2975719, and KB2975331, especially those who might experience an 0×50 Stop error (aka “Blue Screen of Death” or BSOD).
Out with the old, in with the new: KB2982791 gives way to KB2993651.
Here’s what MS is now saying in its more detailed TechNet discussion of MS14-045 from the “Update FAQ” section about a replacement update KB2993651 pushed out of band, or OOB, on August 27 (emphasis via light-gray background in the following quote is mine, to highlight the discussion that follows it):
Why was this bulletin revised on August 27, 2014? What happened to the original 2982791 security update?
To address known issues with security update 2982791, Microsoft rereleased MS14-045 to replace the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. Microsoft expired update 2982791 on August 15, 2014. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Microsoft strongly recommends that customers who have not uninstalled the 2982791 update do so prior to applying the 2993651 update.
I already successfully installed the original 2982791 security update and am not experiencing any difficulties. Should I apply the replacement update (2993651) released on August 27, 2014?
Yes. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Customers do not need to uninstall the expired 2982791 update before applying the 2993651 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2982791 under installed updates in Control Panel.
I uninstalled the original 2982791 security update. Should I apply the August 27, 2014 rereleased update (2993651)?
Yes. To be protected from CVE-2014-0318 and CVE-2014-1819, all customers should apply the rereleased update (2993651), which replaces the expired 2982791 update.
Here are the important takeaways from this out-of-band update that should be of particular interest to Windows administrators, particularly those charged with maintaining Windows images for users in an enterprise setting:
- If you haven’t yet deployed (or tested) KB2982791, don’t bother. It is completely supplanted by KB2993651.
- Users whose PCs have KB2982791 already installed will be best served by first uninstalling that update, then installing KB2993651 instead.
- In environments where users may have BYOD notebooks, tablets, laptops, and so forth running Windows, they may need to be informed about proper handling of KB2993651 and KB2982791. Such information should include brief instructions on how to uninstall the obsolete update prior to installing its replacement.