I try to be a responsible security professional, and practice what I preach. I know it’s important to keep operating systems and applications updated with security patches, so I have Microsoft’s Automatic Update configured on my home Vista PC to install automatically. I tell my friends to do this, since I don’t want them to get 0wned. I have my mom’s PC set for AU since I don’t have the time to deal with her computer gremlins that are a result of her unsafe surfing.
What did this bring me? A Vista Business 64-bit machine with no network connectivity. Of course it happens when I’m late for a client appointment and I need the machine so I can print out a Google map to the site. To top it off, it snowed six inches last night, and I know the roads are going to suck.
I rebooted my machine, logged in normally, and still had no network connection. I tried to release and renew my IP, but was told the network adapter was not connected.
Begrudgingly, I fired up Event Viewer and found a number of entries for Event 4375:
Windows Servicing failed to complete the process of setting package KB938371_40 (Update) into Staging(Staging) state
and Event 4385:
Windows Servicing failed to complete the process of changing update 942831-1_RTM_neutral_LDR from package KB942831(Security Update) into Staging(Staging) state
KB 938371 explains the patch contains updates to several internal components that Windows Vista requires in order to install or to remove Windows Vista Service Pack 1 more reliably. This update must be applied separately before you install Windows Vista SP1 to make sure that Windows Vista SP1 can be installed or removed from the computer. Update 938371 is necessary to install and to remove Windows Vista SP1 on all versions of Windows Vista.
Great. Looks like I won’t have to worry about Vista SP1 breaking anything on my machine, since it won’t be getting installed!
KB 942831 ended up being a fix for MS08-005, Vulnerability in Internet Information Services that could allow elevation of privileges. Microsoft considers this an important, not critical fix, so I decided I could disregard this error for the time-being. I pretty satisfied these Automatic Updates were not the root cause of my networking issues.
The final error I found was Event 1060:
\SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
I searched my system for this file, and found it located in the F:\Windows\System32 directory, which is not my operating system’s boot drive – Its an almost dead hard drive that used to run my 32-bit Windows XP machine. I’ve been trying to resurrect data off it, and had mounted it in an external USB caddy.
Interestingly enough, I’ve had this old 32-bit XP drive plugged into my Vista 64-bit system for over two months, and have never seen the Event 1060 error. I’m wondering if these two failed Microsoft updates have anything to do with it. On a whim, I renamed the GEARAspiWDM.sys file to GEARAspiWDM.sys.old and rebooted, and got my network connection back.
I did notice GEAR posted updated 64-bit drivers two weeks ago, so maybe I’ll try to install them. I also found the GEAR driver is a part of iTunes, which was not previously supported on 64-bit Vista (who knew?) If updating the drivers and/or iTunes doesn’t fix my problem I may uninstall both, then manually clear up all the GEAR registry entries, then start with fresh installs of both.
My suspicion is something new with the XP 32-bit GEARAspiWDM.sys messed with Vista’s 64-bit driver signing system, which threw the network card offline. I’ll do some more investigation tonight and post an update if I find anything.
On a semi-related note, the GEAR wiki states:
There appears to be an incompatibility between older versions of the GEAR Software drivers and the Intel Application Accelerator with certain combinations of Intel chipsets and operating systems.
To determine which Intel chipset is being used on the motherboard, download the Intel Chipset Identification Utility from Intel’s website.
To date the problem has been detected on systems with the following combinations of chipsets and operating systems:
– Intel 815E chipset and Windows 2000
– Intel 845E chipset and Windows 2000
– Intel 850 chipset and Windows 2000
– Intel 860 chipset and Windows 2000
This issue can be corrected by completing either of the following:
1) Download and install the latest GEAR driver set.
2) Uninstall the Intel Application Accelerator.
I’m using an AMD CPU so this isn’t my issue, but hopefully it will help someone with a similar problem.