After recent Windows Defender updates and the latest 1903 Windows 10 CU (KB4507453) Windows 10 may show interesting misbehavior. Symptom: running the sfc /scannow command produces error text rather than a clean bill of health. Reports from TenForums and Bleeping Computer confirm and describe this phenomenon. If you check the CBS.log file that the System File Checker produces, it identifies a Win10 Module named Windows-Defender-Management-Powershell as the culprit. The specific error says “Hashes for file member <filename> do not match.” In fact, what apparently causes recent Win10 updates bollix defender module hashes is proper resynchronization with the Component Store. I’ll depict the fix, then explain it further. [Note: this pathology is directly connected to Windows Defender, so Win10 PCs running some other AV/antimalware package aren’t affected. Interestingly, I did find the same error on current Insider Preview Builds, too.]
On both 1903 and 20H1 (18936.1000) systems, the symptom and the fix are the same, shown here.
[Click image for full-sized view.]
Fixing Win10 Updates Bollix Defender Module Hashes
The preceding PowerShell screen grab shows the symptom, and the multi-step fix. The symptom presents when sfc /scannow reports that “Windows Resource Protect found corrupt files but was unable to fix some of them.” Based on the nature of the actual error, this is a housekeeping problem. Microsoft’s installer clean-up apparently failed to synchronize hashes for those files as compared to the Component Store. Thus, the fix requires two steps, with a third to confirm a successful resolution:
- DISM /online /cleanup-image /restorehealth checks all the Windows files and replaces any it finds out of whack with known, good versions from the Component Store. This creates the situation where all copies of such files match.
- sfc /scannow, now able to work with matching sets of files, can now effect a proper repair because the hash values now match.
- A final iteration of sfc /scannowconfirms that all is well (“Windows Resource Protection did not find any integrity violations.”)
Problem solved. All this said, the fix may be something to entertain those with OCD tendencies rather than the general population. With issue reports abounding, MS should fix this issue soon. That means some upcoming Windows Defender update or Cumulative Update should obliterate this misbehavior. My money’s on a fix via Windows Defender updates, because this issue appears on Win 10 1903 PCs running Build 18362.239, Slow Ring Insider Preview PCs running 18362.1005, and Insider Preview PCs running Build 18936.1000. The only thing all those machines have in common is the same set of Windows Defender updates. Let’s hope it happens sooner, rather than later!
A few minutes ago, I saw word at TenForums that a new slow ring Insider Preview release was out. Until now, this version has been more or less uniformly known as 19H2 (for 2019, Second Half of year). But as the following screencap shows, it appears therein as “Windows 10 Version Next.” That’s as good a name as any, I guess. But it is a change in nomenclature, which is why I say Windows 10 19H2 now called Version Next. Check it out!
Windows 10 Version Next may be the (or a) new name for the closer-in Insider Preview release formerly known as 19H2.
[Click image for full-sized view.]
Why is Windows 10 19H2 Now Called Version Next?
As usual, there’s a blog post for this new release. It appeared earlier today in the Windows Insider Program blog. It’s entitled Announcing Windows 10 Insider Preview Build 18362.10005 (19H2). What’s interesting about this post is that it continues to make reference to the release as 19H2. It doesn’t use the “Windows 10 Version Next” nomenclature either, in any way, shape or form. Kind of makes me wonder if whoever put the update package together didn’t use a bit of creative license in labeling same.
I guess we’ll find out if this is just a one-time use label, or a new name for 19H2 as and when other updates emerge. Until the next such item appears, we can’t be sure what’s really going on here. Right now, my best guess is that the Insider Preview Slow Ring version is still called 19H2. “Version Next” will either turn out to be a one-off synonym, or a new official name. Only time will tell!
[Note: Here’s a shout-out to Shawn Brink at TenForums, whose post New Windows 10 Insider Preview Slow Build 18362.10005 (19H2) – July 15 brought this release to my attention. Thanks!]
Hello again! I’ve been quiet for almost two weeks, off on vacation. When I got back to the office yesterday, I found a plethora of Win10 updates and upgrades pending. Right now, I’m running 9 PCs in my office, so resuming work underscores routine Windows admin workload for sure. The mix of OS versions looks like this:
- 2x 20H2 Insider Preview PCs (Dell XPS 2720 and Lenovo X220 Tablet)
- 1x 19H2 Insider Preview PCs (Surface Pro 3)
- 6x 1903/May 2019 Update PCs (3 homebrew desktops, Lenovo X380, Carbon Extreme and T520 laptops)
Upon my return to the grind, I had work to do on all those PCs to catch them up with the leading (and in some cases, bleeding) edge of Windows releases. Here’s a listing from David Xanatos’ outstanding Windows Update Manager that shows new updates for my production PC, for example:
New items show red boxes around July 11, 2019. MSRT shows a typical Patch Tuesday update.
[Click image for full-sized view.]
Why Say Resuming Work Underscores Routine Windows Admin Workload?
It’s easy to stay on top of Windows updates and upkeep on a day-in, day-out basis. But when you have to step away for a while, the level of time and effort involved in such work makes itself felt. So it was for me, who left the office on June 30 and didn’t get back into harness until the afternoon of June 11. A hiatus of 12 days doesn’t seem or sound like much, but it took me a good two hours to step around or remote into the stable of machines at the office and make sure everything was up-to-date and working properly. Indeed, it’s good to be back, but I didn’t really feel like I was fully present until I’d worked through catch-up on all those PCs. And so it goes for most of us, here in Windows World!
This is the first post from me for July 2019. My contract with TechTarget specifies 12 posts a month for this blog. With 12 days gone, and 11 posts to go, that means 3-4 posts a week from me for the rest of July. Consider this fair warning that after my absence and quiet, I’ll be something of a chatterbox (bot?) for the rest of the month!
A new Win10 WU (Windows Update) regime is now underway. Yesterday, I got my second CU notification from Windows Update, informing me that KB4501375 had arrived. Instead of downloading and installing on its own, I clicked the “Download and install now” hyperlink. This (see screencap below) fired off that process manually. What’s interesting is how I notice this change from the prior routine more at a visceral than an intellectual level. It is indeed a change, one that requires accommodating WU Download and Install Now behaviorally.
The CU routine has changed: 1. Look for “Additional updates available;” 2. Click “Download and install now” when ready
[Click image for full-sized view.]
What’s Involved in Accommodating WU Download and Install Now?
The preceding image caption gets right into accommodating WU Download and Install Now. It’s a two-step process that requires direct, manual interaction with Windows Update. Step 1 is to look at the update notification, with an eye for “Additional updates available.” When that text appears, it is necessary to click the (blue) hyperlink labeled “Download and install now.” When one does that, WU commences its download and install maneuvers for the related item (CU or Feature Update, as circumstances dictate). In most cases, installing a CU or Feature Update also involves (at least one) reboot for the target PC ( and multiple reboots for a Feature Update).
I’d thought this would be a totally routine and tolerable operation. But again, I’m surprised at how much my sense of routine, commonplace Win10 behavior is discommoded with this change. It’s going to take repeated exposure before it becomes “the new normal.” This time, however, it’s me that has to change to keep up with Windows. In the meantime, I have to remember to check for and follow the two-step process outlined above. I’ll get used to it, sooner or later. So will we all, I guess!
All’s well that ends well: WinVer shows me the .207 Build suffix after a successful CU update
I’ve been a huge fan of the French device driver site Station Drivers for a decade or longer now. Ever since it appeared on the scene in 2004, it’s been my go-to source for new, preview and hard-to-find device drivers. I don’t know where or how the site operator or his many minions and collaborators obtain some of the drivers they make available. It’s not unusual to find stuff on this site 2 or 3 months earlier than the companies that publish the drivers make them generally available. In particular, I’ve observed of late that Station Drivers provides latest Realtek UAD drivers both quickly and reliably.
When I read about a new 8701 version for the Realtek UAD driver at TenForums, I knew right away where to look for it.
[Click image for full-sized view.]
Station Drivers Provides Latest Realtek UAD Drivers, Pronto!
While perusing the threads in the Sound and Audio forum at TenForums yesterday, I came across mention of a new 8701.1 driver version for the UAD Realtek drivers. The link was to a CAB file, which takes some interesting contortions to access for drive update. “Hmmm,” thought I to myself, “I bet the same driver is up and ready for download on Station Drivers.” Sure enough it was, with a special silo for Asrock (to match the motherboard on the target system, a Z170 Extreme7+ model). This came in the form of a ZIP file that I unpacked into a folder on a working drive. Once I pointed DevMgr’s update function at that folder, it found and installed the new driver with neither muss nor fuss. Here’s that driver info:
The Real Test Comes from Using The New Driver
Lots of users have reported audio issues with 1903 — especially unpleasant playback latency or spurious clicks, pops, hisses and drop-outs. So far, I’m experiencing none of those things with my new driver install. Seems like the newest UAD driver works nicely on my particular system. But, as with many device related experiences on Windows 10, YMMV. Nevertheless, Driver Station remains a great resource for obtaining drivers for most Windows 10 devices. I urge you to try it out for yourself, the next time you’re seeking drivers for your Win10 PCs. It’s a nonpareil, for sure.
OK, then. MS has changed the language around who’s eligible to upgrade from prior editions to the May 2019 Update (aka 1903). Now, a safeguard hold blocks 1903 upgrade for affected PCs. All other PCs will get 1903 if they click “Check for Updates” in Settings → Update & Security → Windows Update. This resolves long-standing confusion over who gets the upgrade, and who has to wait. The short version is: if your PC is NOT subject to a known issue that appears in the Windows 10 Health Dashboard, the upgrade goes through. Those PCs subject to one or more such issues must wait until they’re resolved. Now, if only MS would be kind enough to report which such issues apply to blocked machines! Here’s the explainer from the afore-linked Health Dashboard page:
A safeguard hold is present when you click “Check for updates” and aren’t offered 1903. This applies even if you would otherwise be eligible, or expect that upgrade.
[Source: Windows 10 Health Dashboard | Click Image for full-sized-view]
If Safeguard Hold Blocks 1903 Upgrade, Then What?
You wait until Microsoft releases a fix that addresses the safeguard hold(s) on the target PC. Once addressed, users can make manual downloads and upgrades for the May 2019 Update (feature upgrade). I’m glad to see that Microsoft has clarified and codified what many of had figured out by hook and by crook on our own. Right now, 14 items make up the list of potential issues that could lead to safeguard holds for Windows 10 PCs.
Of course, one can still apply the upgrade anyway despite the block. There are two ways to do this: one is to visit the Download Windows 10 page, then click the “Update now” button at the top of that page to run Microsoft’s Update Assistant. Another is to download and mount a Windows 10 ISO for 1903. After that, run the setup.exe file at the root of that volume.
I’ve done this for four of the 5 PCs I currently have running Windows 10 1903 at the office. I did experience a couple of minor installation glitches along the upgrade path. But all machines upgraded successfully on either the first or second try. In fact, 4 of those 5 made it on the first try, and only one required a second. So far, the 1903 installer and subsequent stability are winners in my book.
I’m in a long-running debate about Windows 10 reliability and stability right now. That’s why I’ve been using Reliability Monitor almost daily. This debate runs in a variety of threads at TenForums.com. Often, I’ll answer questions about the new Feature Upgrade (aka 1903). Here are two typical items. 1. “Should I upgrade to the Windows 10 May 2019 Update?” 2. “Is 1903 stable enough for everyday use?” Long story short, this explains why I find system errors these days soon after they appear. In so doing, I found a great example of how Reliability Monitor error info propels fixes for such problems when they occur. Here’s a screencap of what I saw yesterday:
The drop in the stability index on 6/20 (far right) points at a critical error with “Defaults.” Hmmm. Never seen this one before!
[Click image for full-sized view.]
Before Reliability Monitor Error Info Propels Fixes, More Info Needed
Naturally I had to click “View technical details” to get more info about what was going on with those defaults, whatever they might be. This proved a great deal more helpful. Turns out the event was an APPCRASH. The offending executable identifies as CyberPower’s PowerPanel Personal app. It manages the USB connection between my PC and my CyberPower 1500AVR uninterruptible power supply (UPS).
My first reactions were “I haven’t updated the software and its drivers since I bought the new unit in late 2017. Wonder if something newer is available?” I checked the website, and sure enough there was. The local Version reads 2.1.2 but the current website version is 2.1.7. So naturally, I downloaded and installed the new one. I haven’t seen any issues since then. I’m hopeful the problem is resolved.
This Is What Reliability Monitor Is SUPPOSED to Do
Reliability Monitor is a great place to go looking for clues when systems misbehave. It’s good at finding hardware or communication issues. It’s great at flagging APPCRASH events, too — like my UPS boondoggle. You probably don’t need to look at it every day. But depending on your OCD level, once a week to once a month sounds about right. And of course, when problems do manifest on a Windows 10 PC, it should be one of the first places you check (along with Event Viewer) for evidence at the scene of the crime, as it were. It won’t always tell you what you need to know right away like it did for me this time. But it should at least let you know where errors are coming from, so you can start thinking about fixes, mitigations, or replacements.
In its Release Note for KB4503288 for Windows 10 1803, MS presents a clear warning. Those who get updates from the Windows Update service should expect a forced upgrade to 1903 starting next week. Aka the “Windows 10 May 2019 Update,” this is the latest and greatest feature upgrade for that OS. Here’s how that warning appears in the afore-linked release notes:
Microsoft’s motivation in moving the installed base to 1903 is clear at the end of the preceding text snippet. It reads “. . . to help ensure that we keep these devices in a serviced, secure state.” Simply put, MS doesn’t want the installed base to fall too far behind the current branch. This reduces versions of Windows for them to support. It also present fewer disparate attack surfaces for them to monitor, manage, and patch. If it makes you feel any better, it’s a kind of enlightened self-interest. MS has decided. It’s dragging the retail users (of which about half is running 1803 or an older version) into the present day. Some kicking and screaming is inevitable. In fact, it will be fascinating to see how this unfolds, and what kinds of “war stories” emerge from the trenches as 1903 rolls out to a pretty sizable population.
What If You Don’t Want to Uprade Just Yet?
MS itself says this is a phased process that will last from June until November (at least 4 months). Thus, you can (and perhaps should) opt to get the upgrade later rather than sooner. To do that, download and install David Thanatos’ excellent Windows Update Manager (WuMgr.exe). With this tool in place on a Win10 machine, you can set its “Auto Update” to “Block Access to WU Servers” or “Disable Automatic Updates” to avoid the upgrade until you’re ready to put it work on your PC. Prudent or wary admins who get updates from WU will find this level of control pretty much absolute and unshakeable. If getting ready for the 1903/Windows 10 May 2019 Update means putting it off for a while (short or long), this will let you do just that. Enjoy!
Windows Update Manager is a great tool, worth exploring and using.
[Click image for full-sized view.]
Reading over traffic at TenForums, I came across a topic that pops up regularly. In Windows 10, the term “sleep” covers a number of states during which a PC reduces activity. In fact, according to the Windows Docs on System Power States, 7 such states are recognized. There are 6 ACPI power states and a “mechanical off” state (caused when a shutdown operation also turns off the PC’s power supply). “Why is sleep a regular TenForums topic?” you ask. “Good question!” Proper sleep on a Windows PC requires the right settings and drivers, one or both of which often get bollixed. And that, dear readers, is why Win10 Sleep issues make Sleepstudy worthwhile.
When it comes to most things sleep-related in Win10, the Powercfg command is a great source of information. This text block comes from the head of its Sleepstudy report.
Why Do Win10 Sleep Issues Make Sleepstudy Worthwhile?
It turns out that in Windows 10, sleep issues are best researched from the command line, using the powercfg (power configuration) command. It works with equal facility in an administrative command prompt or PowerShell session. This command covers a lot of capabilities and possibilities that I won’t get into here. Instead, I’ll recommend that those interested in learning more about this powerful and useful command (outside of sleep stuff) consult the Microsoft Docs page entitled “Powercfg command-line options.” It’s my go-to reference, too, so it comes highly recommended.
In reading over a recent tale of Win10 sleep woe, the original poster (OP) at TenForums indicated he’d tried two variants on powercfg that ended up not telling him much (or anything useful) about recent sleep activity. Those commands were
The /requests option simply enumerates application and driver Power Requests, usually to initiate or interrupt one or more of the Windows sleep states. The /lastwake option reports on what service of type of wake request caused the system to most recently wake up from a sleep state. The OP’s basic complaint was that neither of these commands was telling him anything useful. Nothing loath to try it myself, I ran those commands and saw nothing terribly useful from them either, to wit:
Upon running the cited commands, they didn’t tell me much of anything, either.
In my case, I knew /lastwake wouldn’t tell me much because I’d installed a new Start10 version earlier this morning. It requires a reboot to finish up its update process, so that meant there was no last wake-up to report. As far as the /requests option goes, I didn’t know what to expect, never having used it before. Good thing I had no expectations, because it enumerated “None” for all the various wake/sleep requests it tracks.
Where Does Sleepstudy Come Into Play?
But there’s more to Powercfg than just a bunch of individual query options. In fact, the Sleepstudy option generates an entire HTML-formatted report on system power state transitions, which include sleep, hybrid sleep, hibernation, and shutdowns. By default the report is named sleepstudy-report.html and it resides in the %windir%\System32 folder (on my — and most — Win10 PCs, that means it lives in C:\Windows\System32). You can double-click this file to open it in your default browser. All screen caps I show from this recently-produced file come from Edge.
Power State Transitions and Durations
Right away, I noticed a very useful table near the head of the Sleep Study file. Here’s what it looks like from my production PC:
Notice the various states shown of which “Standby (Hybrid)” represents a sleep state on my PC.
[Notes: I truncated the table to omit empty fields; Click image for full-sized view.]
The table is pretty easy to read. It shows start times (far left) and duration (left 2nd) for each state documented. The rhythm on my system is pretty simple and consists mostly of transitions from active [in use/awake] to standby (hybrid) [asleep], with a single reboot this morning after I’d installed the aforementioned Start10 update. Easy-peasey, right? That’s what the OP from the TF post could (and probably should) have used to get more info on recent sleep activity on his PC, too.
If you read down further into the file, you’ll see a set of “Analysis Results” for each state transition documented in the preceding table. This, too, provides useful information about what happened to get a PC into (and out of) some specific power state mentioned in the table. Overall, this is good and helpful information, well worth consulting when researching a PC’s power state transitions. Please think of it the next time you’re curious (or troubleshooting) Windows 10 sleep issues. Great stuff!
As a dedicated Windows Insider (MVP) I run various Windows 10 Previews on 5 test PCs in my office. Of course, OS previews can (and sometimes do) fail or encounter install hiccups. That means I’m also dedicated to backing those systems up. I tend to take a snapshot after each feature upgrade, and at least once a week using scheduled Macrium Reflect backups. After installing Build 18917 on Wednesday (June 12) I made two moves. First, I cleaned up Windows.old and other remnants of the previous install using a new fave tool mdiskclean.exe. Second, I launched Macrium Reflect to make a post-upgrade OS image for the new install. This ended abruptly in failure when the target drive reported in as MIA. As it turns out, this led directly to my discovery that stuck rocker switch means new drive dock. Let me explain . . .
When a pair of external SATA drives go missing, troubleshooting leads me to replace a failing drive dock.
[Click image for full-size view. Image source: Newegg]
Why a Stuck Rocker Switch Means New Drive Dock
When Reflect reported that my customary backup target drive (G:, a Hitachi 4GB HGST HSN 724040ALE640 SATA 3 hard disk) was missing, I started troubleshooting. Immediately, I discovered two things. First, power to the drive dock was off. Second, I attempted to cycle power on the drive dock. That’s when I discovered that the power switch — a rocker switch, in fact — wouldn’t cycle into the “off” position. Also, jiggling the switch cycles power on and off rapidly and unpredictably. For me, a stuck rocker switch means new drive dock because I can’t take the chance that future backups might fail along with the stuck switch.
Ultimately, I was able to jiggle the switch just right to get the power to stay on. It has continued to work properly since, and I’ve got a current backup image for the system now. But I’ve also ordered a replacement dual dock from Amazon, which should show up in the next few days. I can’t abide the idea of relying on questionable hardware for backups (it defeats their purpose). So I’m replacing the current dual drive dock with a different model. Let’s compare prices for what I’m replacing (about $50 when I bought it from Newegg) with what I just ordered ($39 from Amazon because Newegg’s price for the same unit was over $100!).
I’m tempted to kick myself for not checking reviews when I made the original purchase. When I did so this morning, I observed that the Inatek FD2002 model that gets high marks and editor recommendations is the same dual dock I’ve got hooked up to my primary production PC already. I don’t see anything wrong with repeating a purchase that has worked well for me so far, especially when it’s $11 cheaper than the unit it’s replacing. And so it goes, here in WindowsWorld . . .