Windows Update and Windows Search do not work

Hi,

a good friend of mine came to me last week because some services of Windows Vista on his notebook did not run as expect. In detail:

  • Windows Search service starts but terminates
    • EventID 7034: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

      Windows search terminates after start

      Windows search terminates after start

    • EventID 7024: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23)
    • EventID 1006: The Windows Search Service has failed to create the new search index. Internal error <4, 0x8004117f
    • EventID 9000: The Windows Search Service cannot open the Jet property store.
  • Windows Update service starts, but do not work, some errors are logged in C:\Windows\WindowsUpdate.log
    • 45c    DtaStor    FATAL: Failed to initialize datastore, error = 0xC8000247
    • 45c    AU    FATAL: Failed to get session from datastore, error = 0xC8000247
    • 45c    AU    FATAL: Failed to Unserialize from data store, error = 0xC8000247
  • No Windows Update File could installed by double clicking a msu File.
  • Cryptocraphic service do not run as expected:
    • Signature for Windows builtin programs cannot be verified, for example mmc.exe. Error Message:

      Do you want the following program to allow changes to this computer?

      UAC Message: builtin executables could not verified.

      UAC Message: builtin executables could not verified.

    • Cause: The folder c:\windows\system32\catroot2 is empty or/and some errors are logged in file C:\Windows\System32\catroot2\dberr.txt:
      CatalogDB: 21:39:37 28.02.2013: JetInit Corruption
      CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #747 encountered JET error -583
      CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #961 encountered JET error -583
      CatalogDB: 21:39:37 28.02.2013: catdbsvc.cpp at line #6636 encountered JET error -583
    • EventID 257: The following information was included with the event: -583 the message resource is present but the message is not found in the string/message table

It seems that all services which uses the Window Jet Database engine are affected.

Solution


My first thought was that the pc is infected by a virus. I have been run some virus scanner live CDs (Avira, F-Prot..) offline against the harddisk but no infection was detected.

I also tried the following steps to make the computer run again. But this did not resolve the problem.

So far so good. Next I looked to the eventlog to find the first time when the error occured. The point in time could exactly determined. I ask my friend whats happend there? And he could remember that at this time he replaces the harddisk with a newer, larger one.  He cloned the old harddisk by an Imagetool to the new disk.

But this is a standard procedure which I have often done successfully. Whats the difference? First I make an image of the old disk and then we cloned the new disk back to the old one. After booting the old disk all services run as expected!?!? Ok. I tooked a detail look into the disk. Something must be different. And so it was. The physical blocksize of the hard disks differs. The previous hard disk has a block size of 512Bytes and the new disk has a physical blocksize of 4096Bytes.

The following Powershell command line list the physical block size of the hard disk where the boot partition is located.

The old disk:

(Get-WmiObject -Query "Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #0'} where AssocClass=Win32_DiskDriveToDiskPartition").BytesPerSector


512

And the new disk:

(Get-WmiObject -Query "Associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #0'} where AssocClass=Win32_DiskDriveToDiskPartition").BytesPerSector

4096

Windows has some requierments to deal with a 4k physical block size. First ensure that the alignment of partition is at a 4096 Byte boundary, this means that you can divide the Startoffset  by 4096 without a rest. This powershell “one liner” checks this for all partitions at disk 0 :

Get-WmiObject -Query "select StartingOffset,DeviceID from Win32_DiskPartition where DeviceID like ""Disk #0,%"""|foreach{write-host -nonewline ("Partition "+ $_.DeviceID+": ");if(($_.StartingOffset % 4096) -eq 0){write-host "OK"}else{write-warning ("not on 4096Byte boundary")}}


Partition Disk #0, Partition #0: OK
Partition Disk #0, Partition #1: OK
Partition Disk #0, Partition #2: OK

The command list all partitions at disk 0, gets the StartingOffset of each, makes a modulo division by 4096, if the rest is zero, alignment is ok otherwise a warning is printed out.

For Windows Vista, 7, Server 2008 and 2008R2 a hotfix is available for improve compatibility with 4k physical block size. But the installation of msu files fails. I tried to install the hotfix offline(Not sure if this is absolute necessary). To do this, I dismounted the disk from the computer and connected them with a SATA <-> USB Converter to my working pc. The following steps descripes how to install a hotfix, for example the Windows Vista hotfix KB2553708,  offline (in braces the pathes that I used).

  • Get the fix, for the Hotfix KB2553708 a hotfix request is needed. Create a request and you will get an e-mail from microsoft with the download link.
  • Extract the fix, and unpack the msu file with 7-Zip
  • Locate the cab file (D:\Temp\Windows6.0-KB2553708-x86\Windows6.0-KB2553708-x86.cab)
  • At the usb disk, locate the drive letter of the Systempartition and theWindows folder Windows where Vista is located (G:\Windows)
  • Add the hotfix to the offline Windows Vista Folder by executing pkgmgr (for Windows 7 use dism), specify a logfile to see whether the installation succeeds.


pkgmgr /ip /o:G:\Windows /M:D:\Temp\Windows6.0-KB2553708-x86\Windows6.0-KB2553708-x86.cab /l:D:\Temp\Windows6.0-KB2553708-x86\install.log /norestart

the equivalent command for Windows 7 is

dism.exe" /image:"G:\\" /sysdrivedir:"G:" /norestart /logpath:"D:\Temp\Windows6.0-KB2553708-x86\install.log" /add-package /packagepath:"D:\Temp\Windows6.0-KB2553708-x86\Windows6.0-KB2553708-x86.cab" /ignorecheck
Execute the command and wait a while. After the command exits (check TaskManager) some logfiles exists in the specified path. Open the logfile D:\Temp\Windows6.0-KB2553708-x86\install.log.txt with notepad or your favorite editor. Go to the end of the file. There should be something like this:

2013-02-28 13:56:55, Info                  CBS    Dism.exe returned: 0
2013-02-28 13:56:55, Info                  CBS    pkgmgr return code: 0×0

After installing the Hotfix I placed the disk back to the computer and start them. The errors are still there.

Now, I began to update several drivers step by step. After updating the Intel RST Rapid Storage Technoloy Driver all services starts as expected. From this it follows that older versions of the driver has problems to access new Harddisks with a physical blocksize of 4096 bytes correctly. Updating the driver to the most recent version will resolve the problem.

Michael


8 × = twenty four

Original Theme by Schiy · Powered by WordPress