Vista x86 patch to address 4GB+ of RAM


Remko Weijnen has released a kernel patch that allows x86 versions of Windows Vista to address more that 4GB of RAM.  I’m going to try it on my home Vista PC tonight.  The patch has been tested with SP1 and SP2.

Remko explains how his patch works, and states that the reason why Vista x86 can’t address more than 4GB of RAM isn’t a hardware limitation… it’s a Microsoft licensing limitation.

Free Microsoft eBook: Windows Vista Resource Kit, Second Edition


Microsoft Press is making the Windows Vista Resource Kit, Second Edition a free download for one month only.

The catch is you have to sign up for the Microsoft Press Book Connection Newsletter, which will give you notification of offers, register, and download the free eBook selection of the month.

The book is written by Mitch Tulloch, Tony Northrup, and Jerry Honeycutt with the Windows Vista Team. If you’d like to purchase the print copy of the book, you can pick it up for $44.09 on amazon.com, a savings of $25.00.

Fix for Windows Vista Black Screen of Death, aka KSOD


Found this solution on the LogBlog after another failed Vista boot up. This issue is being referred to as the blacK Screen Of Death (KSOD), and is described as:

“KSOD Defined: Where after a reboot the Windows Vista PC boots up to a black screen with a white mouse cursor and nothing else ever loads (no logon screen, etc). Safe mode does the same thing. Last Known Good configuration and System Restore do not fix it except in rare cases where performing a System Restore to 1 month ago or earlier does (thanks Mike Katz for figuring that out).”

Their solution:

Here is how to recover from the KSOD (blacK Screen Of Death):

There apparently this a problem related to the Remote Procedure Call service (RPC) running under LocalSystem account instead of NT Authority\NetworkService account.

1. On the affected machine, boot using the Vista Media and Select “Next” and then in the bottom left you will see “Repair your Computer”; select Next and then Select Command Prompt.

2. At the command prompt, launch regedit.exe and load the SYSTEM hive, follow the below steps.

a. Select HKEY_LOCAL_MACHINE

b. On the File menu, select Load Hive.

c. Browse to %WINDIR%\System32\Config Folder and select “SYSTEM”

d. Select Open.

e. In the Load Hive dialog box, type in “MySYSTEM” box for the registry hive that you want to edit.

3. After the hive is loaded, modify the following key value per the instructions below: You will need to know what ControlSet the machine is currently running on, this can be determined by going to HKEY_LOCAL_MACHINE\MySYSTEM\Select and find the “Current” value in the Right hand side. (Example: Current value is 1 then the ControlSet will be ControlSet001)

Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00X\Services\RpcSs (X is the Number from the Current Key from above)

Value Name: ObjectName

Old Value: LocalSystem

New Value: NT AUTHORITY\NetworkService

4. Unload the SYSTEM hive by selecting the key “MySYSTEM” and then select File -> Unload Hive… menu item.

5. Exit regedit.exe

6. Reboot the system normally

Thanks to Ira for posting this information. I was ready to throw my monitor across the room the most recent time this happened to me.

Fix: Windows Vista and Windows Server 2008 losing drivers


My Windows Vista PC has experienced all sorts of weirdness, but the most frustrating thing it has done is lose drivers.  These aren’t OEM drivers, but drivers included with Windows. 

To address this problem, Microsoft has released hotfixes for the following operating systems:

Update for Windows Vista (KB953631)
Download the Update for Windows Vista (KB953631) package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=C783E6C7-7BE7-4521-A4C1-D3C416988F87)

Update for Windows Vista for x64-based Systems (KB953631)
Download the Update for Windows Vista for x64-based Systems (KB953631) package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=68F8A960-64FA-4A45-89BC-E4FCD78B779F)

Update for Windows Server 2008 (KB953631)
Download the Update for Windows Server 2008 (KB953631) package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=B66C7F33-DEBF-4F5E-B045-431A46297682)

Update for Windows Server 2008 x64 Edition (KB953631)
Download the Update for Windows Server 2008 x64 Edition (KB953631) package now. (http://www.microsoft.com/downloads/details.aspx?FamilyId=A223C692-0316-4588-A9EF-9FC829A93A0F)

Update for Windows Server 2008 for Itanium-based Systems (KB953631)
Download the Update for Windows Server 2008 for Itanium-based Systems (KB953631) package now.

KB 953631 explains the problem:

“After you use the Last Known Good Configuration feature to start a computer that is running Windows Vista or Windows Server 2008, some .inf files that have been serviced may be deleted from the %windir%\inf folder.

Note These .inf files correspond to the drivers that are included with Windows.

If you try to install a new device that uses an .inf file that has been deleted, you may receive an error message that resembles the following:

Driver not found

If you try to reinstall the same version of driver that was originally serviced, the devices that use that .inf file may not work correctly”

Exchange System Manager 2003 for Windows Vista now available


At my previous job one of my resonsibilities was to maintain several Exchange 2003 installations.  One of the reasons I chose not to run Windows Vista on my laptop was because there was no Exchange System Manager (ESM) 2003 administrative tools that ran on Vista.

The Microsoft Exchange Team Blog just announced a version of ESM 2003 for Vista is now available for download.

IMPORTANT: Installing Exchange System Manager on the same computer as Microsoft Office Outlook is not supported, because MAPI CDO cannot be installed

Prerequisites

You can install Exchange System Manager for Exchange Server 2003 on a Windows Vista-based computer using the following requirements:

• Must be run on a computer in a domain that has Microsoft Exchange Server 2003 (SP2) installed.
• Must be installed on Windows Vista or Windows Vista Service Pack 1 (SP1).
• The following must be installed by a user who has Administrative rights. Windows Server 2003 Service Pack 1 Administration Tools Pack or Windows Server 2003 R2 Administration Tools Pack (x86). We recommend installing R2.
• Windows Server 2008 is not supported.

Howto: Restore the Recycle Bin icon to a Windows Vista Desktop


One of my co-workers somehow deleted his Recycle Bin icon from his Windows Vista desktop this morning.  This is what I had him do to restore it back to the desktop:

  1. Right click on the Desktop and select Personalize
  2. On the left hand side select Change Desktop Icons
  3. Select the Recycle Bin icon and click OK

Your Recycle Bin icon should now be visible on the Vista desktop.

Posted in Windows. Tags: , . 1 Comment »

It’s the day after Patch Tuesday, and my Vista Business machine has lost ALL network connectivty


I try to be a responsible security professional, and practice what I preach. I know it’s important to keep operating systems and applications updated with security patches, so I have Microsoft’s Automatic Update configured on my home Vista PC to install automatically. I tell my friends to do this, since I don’t want them to get 0wned. I have my mom’s PC set for AU since I don’t have the time to deal with her computer gremlins that are a result of her unsafe surfing.

What did this bring me? A Vista Business 64-bit machine with no network connectivity. Of course it happens when I’m late for a client appointment and I need the machine so I can print out a Google map to the site. To top it off, it snowed six inches last night, and I know the roads are going to suck.

I rebooted my machine, logged in normally, and still had no network connection. I tried to release and renew my IP, but was told the network adapter was not connected.

Begrudgingly, I fired up Event Viewer and found a number of entries for Event 4375:

Windows Servicing failed to complete the process of setting package KB938371_40 (Update) into Staging(Staging) state

and Event 4385:

Windows Servicing failed to complete the process of changing update 942831-1_RTM_neutral_LDR from package KB942831(Security Update) into Staging(Staging) state

KB 938371 explains the patch contains updates to several internal components that Windows Vista requires in order to install or to remove Windows Vista Service Pack 1 more reliably. This update must be applied separately before you install Windows Vista SP1 to make sure that Windows Vista SP1 can be installed or removed from the computer. Update 938371 is necessary to install and to remove Windows Vista SP1 on all versions of Windows Vista.

Great. Looks like I won’t have to worry about Vista SP1 breaking anything on my machine, since it won’t be getting installed!

KB 942831 ended up being a fix for MS08-005, Vulnerability in Internet Information Services that could allow elevation of privileges. Microsoft considers this an important, not critical fix, so I decided I could disregard this error for the time-being. I pretty satisfied these Automatic Updates were not the root cause of my networking issues.

The final error I found was Event 1060:

\SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

I searched my system for this file, and found it located in the F:\Windows\System32 directory, which is not my operating system’s boot drive – Its an almost dead hard drive that used to run my 32-bit Windows XP machine. I’ve been trying to resurrect data off it, and had mounted it in an external USB caddy.

Interestingly enough, I’ve had this old 32-bit XP drive plugged into my Vista 64-bit system for over two months, and have never seen the Event 1060 error. I’m wondering if these two failed Microsoft updates have anything to do with it. On a whim, I renamed the GEARAspiWDM.sys file to GEARAspiWDM.sys.old and rebooted, and got my network connection back.

I did notice GEAR posted updated 64-bit drivers two weeks ago, so maybe I’ll try to install them. I also found the GEAR driver is a part of iTunes, which was not previously supported on 64-bit Vista (who knew?) If updating the drivers and/or iTunes doesn’t fix my problem I may uninstall both, then manually clear up all the GEAR registry entries, then start with fresh installs of both.

My suspicion is something new with the XP 32-bit GEARAspiWDM.sys messed with Vista’s 64-bit driver signing system, which threw the network card offline. I’ll do some more investigation tonight and post an update if I find anything.

On a semi-related note, the GEAR wiki states:

There appears to be an incompatibility between older versions of the GEAR Software drivers and the Intel Application Accelerator with certain combinations of Intel chipsets and operating systems.

To determine which Intel chipset is being used on the motherboard, download the Intel Chipset Identification Utility from Intel’s website.

To date the problem has been detected on systems with the following combinations of chipsets and operating systems:
– Intel 815E chipset and Windows 2000
– Intel 845E chipset and Windows 2000
– Intel 850 chipset and Windows 2000
– Intel 860 chipset and Windows 2000

This issue can be corrected by completing either of the following:

1) Download and install the latest GEAR driver set.
2) Uninstall the Intel Application Accelerator.

I’m using an AMD CPU so this isn’t my issue, but hopefully it will help someone with a similar problem.