Repair.IT – The saga of a Gigabyte GA-Z97X-Gaming 3 computer system

My younger son recently built a new gaming PC for himself. He wanted to play some newer games that his older PC could not do at the framerates that he wanted. Another reason was that occasionally, the old PC would not boot up – and he would have to try numerous times. During the Covid lockdown, computer parts were ordered from various suppliers and eventually arrived. He was able to build his new PC. A brand new custom built PC powered by the latest 12th generation Intel Core i7-12700K. The build was completed eventually and he took it home and has been using it quite happily except for other problems.

A couple of weeks ago, he was having trouble with his Superloop NBN service – his router wasn’t functioning, as he could connect via wireless, but could not access the internet. We had a spare Asus RT-AC68U router, so I went over to help swap over his old TP-Link AC1750 to this Asus router. It went well, and I also plugged in a network switch in the study so that both computers would have an ethernet conenction. I asked about the old computer and was told that it stopped working some weeks earlier. I had a quick look at it while I was there and it just would not boot – power would come on, but nothing on either display was visible.

I took the old PC back home with me together with the TP-Link router. The TP-Link router turned out to not pick up an IP address from the NBN modem, as I had plugged it into my Telstra Smart Modem and could see that it was not connecting. Then I set a static IP on the TP-Link and it worked. When I set the TP-Link back to dhcp, it picked up an IP address and was working – something must have gone wrong with the configuration as it wasn’t working before and now it did. Anyway, this article is not about that router but about the old PC.

This particular PC was comprised of a Corsair case, with a Gigabyte GA-Z97X-Gaming 3 motherboard. It had an Intel Core i5-4690K processor and 8GB of ram. It also had a Radeon RX-570 graphics card in it. The processor cooling was a Corsair H100i liquid cooling kit, which I had previously written about in 2014 – https://j0hn88.wordpress.com/2014/12/16/repair-it-of-course-corsair-h100i-liquid-cooling-standoff/

During that build, a standoff had been broken which I repaired. Now, back to the PC. I plugged in my diagnostics card – a Debug King card into the PCI slot. It was awkward to view the display as it was facing towards the power supply, but I had enough of a view to see what was going on. When I powered up the PC, I could see that the debug card was show that voltages were available, but didn’t seem to change status. This was almost as if the main bios wasn’t running. I tried various things, like pressing keys on the keyboard, but nothing appeared to work.

There was no PC speaker plugged into the motherboard, so I scrummaged around in my parts boxes and found a speaker with the right plug to fit the motherboard. Powering on again – effective silence. A beep would have be good, to show that it would try to boot, but nothing. A search of the internet showed that a lot of people had been having this issue since 2016 or so, but no real resolution to this problem.

I removed the Radeon RX-570 graphics card and connected the monitor to the motherboard DVI port. Still no display. I decided to verify that the Bios was doing something, by removing the memory. By powering up the computer without memory, I should get some error beeps. Sure enough, I get a constant beeping – so that was good, as it means that the CPU is most likely fine.

I plugged the memory back in, but in the other slots – I had a bit of trouble inserting the memory as it just didn’t click in as it should but was definitely locked in place. Powering on again, I saw that the behaviour had changed. The debug card was showing memory check then eventually display check, and then i felt that it should work. About half a minute later, there was a short beep from the speaker, and the bios screen was displayed on the monitor – ok, some success.

I didn’t have the hard disks connected, so powered off, connected the disks and powered on again. Success, I could see Windows had started up and then a login screen – great. I didn’t have the password, but was able to shutdown. Now let’s try the Radeon RX-570 graphics card. It was installed, then powered up – and … the original problem happened – there would be a period click from the speaker as the computer reset itself. Could the graphics card be faulty – I didn’t think so, but all I could do is to power off, and remove it. On power up, there was no change in its behaviour – constant reset was happening.

This is very strange – it worked a moment ago, before I put in the graphics card. Let me try removing the memory again so did this and then install the memory, power on, and the computer would boot up. Some success at least – removing the memory somehow forces it to work again, when the memory is installed again. I had some spare memory and tried that as well – works with my memory, but if I put the graphics card back in, then it caused the computer to fail and stay like that, until I do the memory trick.

So what is happening and why does the memory trick seem to work. Removing the memory must change the cmos settings, such that installing memory causes an update to the cmos which then works. This seems particularly like a bios problem. Once it was working again, I checked and found that the bios was version F5 which was the latest at the time of the build. I saw on Gigabyte’s website that there was an updated F8d bios in 2016 – with improved memory compatibility. I also replaced the cmos battery – which was a CR2032 lithium cell. That didn’t seem to change anything, but at least it was a new battery.

On Tuesday evening, my son popped over for a visit and I showed him what I had found – once the PC was working, he logged on and we could see that it was functioning, but putting a graphics card in, would definitely kill it. I downloaded the F8d bios, then once I did the memory trick and it was working again, I plugged in the USB and restarted into the Q-Flash mode by pressing the End key during the BIOS startup.

The BIOS firmware update to F8d proceeded smoothly and the system was still working afterwards. I shutdown and installed the graphics card, and powered on. Well, what do you know? The graphics card was working this time. I connected a network cable, and let the computer do its Windows updates, and restarted it a few times – still working, so then shut it down. I told my son that I wasn’t sure if it was fixed, so he can leave it a few more days.

The liquid cooling system was full of dust – that is the heat exchanger – so it was a matter of taking the fans off and vacuuming the heat exchanger carefully. I could see that there was still dust in it but this would have to do for the time being. I disconnected the power and will come back to this PC in a couple of days. I wouldn’t be confident that is is fixed, until the computer consistently boots up, no matter what I do to it, like remove graphics card, install graphics card, swap memory etc.

On the Anzac Day long weekend, I had a chance to do further testing. Put the original memory back in, still ok. Remove the Radeon RX-570 – still ok. Put it back in, still booting fine. I left the power off, switched off at the power supply. Various combinations of the above and still booting ok. So it looks like the computer is behaving properly, and I am now confident that the original problem has been resolved.

What would have been the root cause? Possibly, the Bios might have been corrupted – but maybe unlikely. The Bios Cmos settings could be another cause. By removing the memory and installing the memory causes the Bios Cmos settings to be updated. Updating the Bios firmware will also update the Cmos settings. I also feel that this motherboard did not have sufficient support under the memory slots.

Usually the ATX boards are a bit deeper, but this one is not as deep, so the memory slots overhang past the last screw fitting. My other boards will be deeper, allowing an extra screw to go into the highlighted support port. Originally, the memory was in the grey memory slots, but now I have left them in the black slots. Memory inserted in the last grey slot might not have been making consistent contact. I usually try to support the board when inserting memory.

Anyway, it looks fine now – hasn’t missed a beat with booting up – so will let my son take it back next time he comes over.

Rectify.IT or did I – Samsung T5 SSD not recognized in Dell Inspiron 15 7580 after Windows 11 upgrade

My Dell Inspiron 15 7580 laptop has been working well since I bought it 3 years ago with Windows 10. The only real issue that I had with it was that it would be getting hot. The fan would go on under mild workloads. A search of the internet seems to show that this is quite a normal behaviour, except that I didn’t think it did this when it was new. A few months ago, it did its Windows 11 upgrade successfuly Last week, I was given a new work laptop to use. I wanted to copy files from my Dell and have them available on the new laptop.

I had a new Samsung Portable SSD T5 500GB sitting in its unopened box on my shelf, and I thought I would use that to do the file transfer. The problem is that when I plug in the Samsung T5 – it doesn’t come up with a drive letter, so I can’t use it. Could it be faulty – not likely since it was brand new, so tried it in my new Asus laptop. It works with the Asus – so what is going on? I had things to do, so left it for the time being until today.

How do I troubleshoot this issue? First of all, I checked Device Manager. I found the USB Attached SCSI (UAS) Mass Storage Device in Storage controllers, then looked at its properties. It seemed normal, then checked Events, and there I could see when I had tried the Samsung T5 SSD last week.

Device settings not migrated – that is weird, so decided to check the Windows Registry to look for this.

That was interesting. I suppose that I could delete this particular entry, but I will come back to this. Next, I opened the Event Viewer to see if any events were logged when I plugged in the Samsung T5 SSD.

I found Windows events from hcmon that was happening each second, since I plugged in the Samsung T5 SSD. I restarted my laptop, but ended up with a blue screen, so after it restarted, I checked the Event viewer again. The hcmon warning I could see was on bootup, and would occur when I plugged something into the USB ports.

The event was about an unrecognized driver, hhdusbh64.sys – which apparently is made by HHD Software as part of the Device Monitoring Studio. I don’t remember ever installing this, and found the file in my C:\Windows\System32\Drivers folder. I decided to rename the file to hhdusbh64.bak and then restarted my laptop.

After the restart, my USB mouse wasn’t recognized. In fact – removing the USB mouse cable didn’t make the beep that it should do, and inserting the mouse cable back in, no response. Maybe I should put that file extension back in, so did that and restarted the laptop. After restart, the mouse worked again – so I was back to checking the Samsung T5. I plugged it in, and lo and behold – Windows Explorer popped up showing the Samsung T5. Wow – so what did I do? I had previously tried plugging in the Samsung T5 many times with both the USB-C cable and the standard USB cable – with no success.

But now it is working. I ran usbdeview from nirsoft.net to view the USB devices. I did this earlier before the blue screen happened, and it had shown the USB Attached SCSI device connected as an unknown device type. This time, it was showing up as a Mass Storage Device which is correct.

After removing the Samsung T5 SSD, I rebooted the laptop. I connected the Samsung T5 SSD, and there was the familiar beep-beep and then Windows Explorer opened up. Well – I can’t complain – it seems to be fixed by either some action on my part, or by the blue sceeen. All I really did was to rename the hhdusbh64.sys driver, but had to put it back so that my mouse worked again. Could that have caused the USB’s to somehow reset – I don’t know, but if it happens again, I will update this article.

I also have no idea why this driver should be there – but will do further research on this. Bye for now.

[P.S. I do remember, a couple of years ago, using a friend’s Samsung Portable SSD T5 on this laptop – could that have been a factor?]

Repurpose.IT – Dell Latitude E6410 laptop as Kali Linux laptop

Most of the time, we use Kali Linux in a virtual machine environment as we are running vulnerability scans and trying out exploits on other virtual machines. Recently I was doing some work with analysing some older physical machines running a combination of Windows 7 and Windows Vista. I decided that it would be very handy to have a Kali Linux laptop that I could then connect into the test network instead of having to use a virtual machine.

I browsed a number of supplier websites looking for a suitable laptop. My requirements are actually quite simple. A minimum of 4GB ram – but expandable to 8GB, and the storage should be 500GB SSD, and most important of all, a physical ethernet port. At the same time, I didn’t want to spend a lot of money on this, so any reasonably cheap laptop would most likely be suitable.

Little did I realize that with the current (last few years) trend of making lighter, slimmer laptops that the manufacturers decided to remove the physical ethernet port as it is was big. I was able to find laptops that had an ethernet port, but those were business laptops, with pricing at $1500 and above. I could use my Dell Inspiron 15 which is now almost 3 years old and it has an ethernet port – but this is my daily workhorse when I have to go to the office.

So I decided to see what laptops I already have that might be suitable. Thus, I started a process of cataloging the older laptops that had an ethernet port. After a long process, I ended up with a Dell Latitude E6410 that I had obtained from somewhere. It had an Intel Core i5 Mobile 560 processor, 5GB of ram, a 160GB hard disk, and a dead battery. Most important was that it had an ethernet port.

The Intel Core i5 Mobile 560 processor has a Passmark benchmark rating of 1838. Compare this with my Dell Inspiron with a Core i7-8565U which has a Passmark of 6364, and my desktop with a Core i5-9600KF with a Passmark of 10835. In any case, the Dell Latitude E6410 should be able to do what I need and would give me a portable Kali Linux machine.

The Dell Latitude had a 2.5″ Sata disk in it. I checked online to find the cheapest 2.5″ SSD with capacity around 500GB and was able to get a Silicon Power A55 SSD with 512GB for only $65 from Umart. Then looking for replacement batteries, I was able to get a battery from BetterBatt for $39.66 – they have free shipping if you buy a minimum of two batteries, so also got a battery for a HP Elitebook 2530p at the same time and price. The battery should arrive sometime soon, so in the meantime, I will install Kali Linux.

I have installed Kali Linux numerous times on virtual machines, so thought that I shouldn’t have any issues with doing the same on bare metal, i.e. a physical machine. I downloaded the latest Kali Linux – version 2022.1 for amd64 – which is 64-bit. Then used Rufus to write the iso to a Sandisk USB. Plugged in the USB to the Dell Latitude and turn on the power pack.

I get a Bios message saying that the time and date are not set – ok, that probably means that the CMOS battery is also dead – I will have to replace that afterwards. Press F1 to continue, then press F12 to go to Boot options. Choose to boot from USB – then away it goes. Or does it?

I choose to install, then English language, then Australia as the locale, then US English keyboard and it runs then ends up with an error saying that it cannot find the installation media. I didn’t get a screenshot, but went to run a shell, and entered the command:

mount /dev/sdb1 /cdrom

Then exit the shell, and choose to repeat that last step – away it goes. Partition the disk, ok – done. Choose user name and password, ok – done. Continuing on, it starts installing the base system and then…

Ok, that’s not good – retried this step, but it just won’t go. I just can’t get past this step. I thought that maybe the version is too new, and found an older version I had already on USB. Tried to install that one, and the same thing happened. I tried a different installation like Ubuntu desktop, which seemed to install but I ended up with a nonbootable laptop.

After some time spent on all this, I realized what might be the problem – and a Google search also suggested the same thing. When I wrote the downloaded Kali Linux iso to the USB, Rufus suggests to write in iso format instead of dd format. Writing in iso format has been working for me, but then I realized that I had only used those with Live CD’s, i.e. everything runs from the USB – I had never tried installing with iso format – except when the iso was written to an actual DVD. That would explain why the iso works in virtual machines, since the iso is mounted as a CD/DVD device – but this iso is on a USB.

I figured that the installation program sees that it has booted from an iso, and looks for the /cdrom – that explains the first error that I had encountered. Anyway, to cut a long story short, I wrote the iso to the USB again, but this I told Rufus to write it in dd mode. By going to dd mode, it sees the USB as an external disk drive, and not a CD/DVD. Then the installation goes through properly because it never has to try to find the /cdrom device. So, make a mental note – iso mode is fine for running Live CD’s, but for installation, must use dd mode.

The next step was to search for a replacement cmos battery. I removed the laptop bottom cover, and saw that the battery had a three pin plug on it. A search on ebay found most of them were two pin and even when it was for this particular laptop. I found some from the UK, but this would cost $12 or more when shipping was included, so forget that.

I decided to jury rig a replacement one as I had plenty of the CR2032 batteries in my spare battery box. I removed the heatshrink cover of the failed battery, then carefully peeled the tabs off from the battery.

Then it was a matter of bending the tabs a bit so that when I wrapped it with insulation tape, the compression would help to keep the tabs in contact with the battery. You might ask, why didn’t I solder the tags onto the battery?

It is because lithium batteries don’t like a lot of heat. I did attempt it with a low temperature solder (such as that supplied with ChipQuik), but it just wouldn’t stick to the battery even after using some flux, so the next best option was to do what I did. Alternatively, I could have gone to my local Jaycar store and bought a PCB mounting CR2032 battery for $3.25 then just solder the wires onto the tags. Maybe I might have to do that if this jury rig battery stops working – but that is for the future.

In the meantime, the replacement main battery arrived and was installed and charging up. I had a look at the support website for this laptop and found that there was a more recent bios update from 2017 – the original was 2010, so I should update the bios while I am at this.

I downloaded the latest A17 bios – which was an exe file – it needs to be run from Windows or DOS. The old hard drive had a Windows on it, but would stop with a blue screen. I put that 160GB disk back inside and had a look at repairing it. Eventually I could see that it was just a standard Windows 10 installation with not much in it, so decided to perform a reset from the advanced options in the troubleshooting assistant that comes up when Windows doesn’t boot too many times.

The reset went on for maybe an hour as I had left it to do its thing. After the reset completed, I came back and tried to log in. The user account was dell and the password hint was “asset tag”. I tried asset tag, but no go – and there was no stickers on it to show what the asset tag was. Now I need to hack the Windows password. Boot from my Win10pese usb disk, then run the nt password changer – and changed the dell user account password to “asset tag”, lol.

Reboot and login – successfully now. Copy the A17 bios exe file to the Temp folder and run it. It says it needs A09 to be installed first. Ok, download A09 Bios, and run that – which completed after a couple of reboots, then run A17 and eventually – bios updated.

Put the SSD back in, and I have a Kali Linux laptop, with 8gb ram (yes, I added more ram), a working main battery, a replacement cmos battery – and all is done! Not bad for a couple of days work spread over a week or two.

I was watching some Youtube channels talking about wireless penetration testing and it turns out that some of the popular USB wifi adapters have trouble working in Kali Linux, but are working fine in Parrot OS. Maybe I need a Parrot OS laptop as well. I do have a HP Elitebook 2530p that I got the battery for, but it doesn’t have a replaceable disk drive, and now it seems to have a bad screen as the image is shifted on the display. I do have another SSD since I bought two at the same time, I could put Parrot OS onto that, and have both. Let’s leave that for another day and you readers, have a good day!

Rectify.IT – Windows Terminal not working after Windows 11 upgrade

In my part-time job, one of my tasks is to build Windows 10 SOEs (Standard Operating Environments) for a client. The SOE includes the standard applications and settings which are required to provide some uniformity in the way that Windows is seen and used. This was to be able to replace older machines, or machines with outdated operating systems. The first SOE I built was based on Windows 10 build 20H2 and was for an Intel NUC7i5DNKE. This was done in due course, and perhaps later, I might elaborate further on that. For now, those NUCs were no longer available and we were looking at newer models.

The Intel NUC11TNHv5 was one that we chose to investigate. In due course, I built the SOE for that, which generally just involved adding the appropriate drivers for the hardware that was different to the NUC7i5DNKE. Testing involved performing the MDT build and then doing some performance benchmarks. As this was available to me, I thought I would try the Windows 11 upgrade on it and at the same time do some performance comparisons.

I didn’t want to wait for the Windows 11 upgrade to appear in the Windows Update, so I chose to do this manually. In order to upgrade, I download two files – these are Windows11InstallationAssistant.exe and WindowsPCHealthCheckSetup.msi. I get these from https://www.microsoft.com/software-download/windows11 and from https://www.microsoft.com/en-au/windows/windows-11#pchealthcheck .

The way to go about it, is to run the WindowsPCHealthCheckSetup first which goes and checks the hardware on the machine, then run the Windows11InstallationAssistant. If you run the Windows11InstallationAssistant first, it will prompt you to do the PC Health Check, so I find it easier to run the PC Health Check first.

The problem I am about to describe is happening each time I build the Windows 10 on the NUC11 and then upgrade to Windows 11. When it happened the first time, I though that it was just a fluke occurrence, but I have done this 3 times, and it has happened each time.

After the Windows 11 upgrade, if I right click on the Start button, and choose Windows Terminal or Windows Terminal (Admin) – I get an error message that Windows cannot find ‘wt.exe’:

That is weird, right? The Windows 11 upgrade has completed, but this happens. As I know that Windows Terminal is an Appx package, I did my usuall check to see if there is a problem with it – like I did with the Photos and Microsoft Store app, but my search came up empty. Windows Terminal was just not installed.

One way to rectify this, is to go to the Microsoft Store, then search for Windows Terminal like this:

I can see that it isn’t installed because it shows the Get button, then I can click on the Get button, to install it. I want to show the alternative method, which I used for my previous fixes because I hadn’t shown how I was able to download the appx packages previously.

I go to this website https://store.rg-adguard.net/ – that I found in a number of articles on downloading appx packages, and I choose as follows:

How do I know the PackageFamilyName? I get this from another working Windows 11 machine, where wt.exe does work, like this:

Once I have entered the PackageFamilyName and set the channel to Retail, I click the check box and then get the links returned, like this:

I could then click on the msxibundle to download it, then install the bundle using the Add-AppxPackage command in PowerShell – just like in my previous article. After doing this, the Windows Terminal will open successfully.

Problem solved. If you don’t have a working Windows 11 machine, you can just get the Windows Terminal from the Microsoft Store, and this will rectify the problem.

At least this was fairly easy to rectify – but it was reproducible – at least for me. Build a machine with Windows 10 build 20H2, then upgrade to Windows 11 manually. I suppose I could try this same process but with building on Windows 10 build 21H2 – which I am currently looking at. Anyway, that’s it for today.

Resolve.IT – Microsoft Photos and Microsoft Store not opening after Windows 11 upgrade reversal

I was quite happy to have my gaming computer working again with Windows 10 after the drastic failed Windows 11 upgrade. I could play my games, but then I noticed a strange thing. I could view my photos using Picasa (yes – a very old Google application), but when I try to just view screenshots and other pictures, I get a strange error.

That was strange, I could open this before, since I had added that to one of my previous posts successfully. The file does exist – I could see it in Windows Explorer, why can’t Windows find it. I could just ignore it and go on with my life, but I don’t like things that are broken, if it could possibly be fixed. I opened the Event Viewer to see if there were any logs on this. This is what I found in the System Event Log.

It seemed also that the Microsoft Store would not open either.

When I do a Google search of this topic, it appears that this is quite a common problem, and most of the time, the only resolution was to reinstall Windows 10. After I had recovered my gaming computer from the failed Windows 11 upgrade, and working again – the last thing I want to do is to reinstall it just to fix this Microsoft Store problem.

One clue is that the error “2147942402” means that something wasn’t found. I tried wsreset and all the usual suggestions but still ended up with the same issue. I also cannot even uninstall it

Well, maybe it isn’t meant to be uninstalled that way – but why is the Uninstall greyed out. After a bit of further research, I came across another post that seemed to suggest that the problem might not be with Photos and the Store but with other dependent runtimes.

https://social.technet.microsoft.com/Forums/ie/en-US/c2d986eb-ed7b-415d-82e3-b58e96225b02/windows-store-broken?forum=win10itprogeneral

In that particular case, he was getting a different error, access denied most likely, so his permissions fix was quite appropriate. In this case I should check whether I have something missing in my runtimes.

I wrote a short Powershell script to enumerate my Appx packages and look for anything that has Runtime in it and display the name, full package name, and the install location.

And this is the output I get – interesting!

The x64 version of the Microsoft.NET.Native.Runtime.2.2 is missing an install location. If I view the full details of that, I get this.

If I look at the x86 version of it, I get this.

Let me see if I can either remove that version and install it again.

Now check if it is still there

Ok, great, it is gone. I had downloaded the package already so – let me install it.

Ok, no errors on execution – let me check again on the packages.

Ok, looking good – it is now 136 in the list. I do notice that Runtime.2.1 only has the x64 version installed – would that matter, I wonder? I try opening that same arachni-error.png screenshot again, and still I get the same error. Attempting to open the Microsoft Store gives the same error – my update of the runtime had no apparent effect on the issue.

I found that the Microsoft.NET.Native.Framework.2.2 was also missing its install location, so removing it and reinstalling it.

So Framework is now good.

I ran procmon.exe to see what it captures for the location of the WindowsApps folder – and I see this as a result of trying to open Photos. UI.Xaml is Name not found, meaning the folder isn’t there, and ScreenSketch is Path not found, meaning that the files are not found.

Checking to see which Appx’s don’t have an install location beginning with C: I get the following:

I couldn’t find the right VCLibs package, but did have Microsoft.VCLibs.140.00_14.0.30704.0_x64__8wekyb3d8bbwe which is a later version – anyway, wouldn’t hurt to try installing it.

Well that didn’t work out, maybe that VCLibs is too new for my Windows 10 build. Let me try with a version of ScreenSketch.

That was successful, but still Photos doesn’t start up. I then saw that procmon now shows that UI.Xaml is not found, so let me install that one (which I should have remembered).

And … drum roll, I can open that png that I was trying earlier:

That png was a screenshot of the Arachni error message – so this is great, exactly what I expected.

And the Microsoft Store opens as well – fantastic!

Should I leave it at this, I ask? Umm, what about VCLibs? What about it? That’s right, it also doesn’t have an install location. Let me check what is installed relating to VCLibs.

It seems like a newer version of VCLibs.140.0 is already installed – the 14.0.30035 one. Also the UWPDesktop is the same, a newer version is already installed. Maybe to clean up, I should just remove those obsolete packages, since I can’t find the downloads for them anyway.

That should do it. A double check for any package without an install location shows:

Great – no more inconsistent Appx packages. After a bit of review, I realize that I should have just paid more attention to the procmon (Process Monitor) capture that I had running at times. Towards the end, it finally pointed to the UI.Xaml package and all I really needed was the particular version or a later version. In summary, here are the files that I had downloaded, that needed to be installed to fix my particular problem.

I should say that ScreenSketch is probably specific to being required by Photos and that the others were necessary for the Microsoft Store. This fix has taken most of my Saturday morning and a bit of the afternoon, but I think that it is well worth the time spent at least for my own education.

I think I also found a clue as to what happened to some of these files during the rollback. The FolderMoveLog.TXT file located in my C:\$WINDOWS.~BT\Sources\Rollback folder contains information about what folders were moved during the rollback, and when I look for some of the missing ones, I see these interesting entries:

Those packages that the Microsoft Store uses, somehow got restored to the SharedLimitedTime folder within WindowsApps, and not to WindowsApps itself. That would explain why the Microsoft Store failed after the roll back. But why did it do this? Maybe that is a question for another day – I am going to take a break. Have a good day!

Restore.IT – #$@!% Windows 11 Upgrade bricked my gaming computer

My gaming computer is comprised of an Asus Tuf Z390-Plus Gaming motherboard with an Intel Core i5-9600KF processor and a nVidia GeForce GTX 1080 Ti graphics card. It has been running Windows 10 for some time and been quite reliable. A couple of months ago, I did try the Windows 11 Upgrade for it, but each time the Windows 11 was being installed, it would get to around 70%, then hit some sort of snag and then it would roll back.

You might think that having failed with the upgrade twice, I should learn not to try it again. What is the saying “Once bitten, twice shy!” – what about “Twice bitten”. Anyway, a recent Windows 10 Feature release went on, and I was running on build 21H2 and the Windows 11 Upgrade popped up again. So, yesterday afternoon – about 4 PM or thereabouts, I decided to let it do the upgrade. After some period of time, maybe 30 minutes or so, I came back to the PC and saw it sitting at the login screen. It was a Windows 11 login screen. I logged on accordingly and then found something strange. I click on the magnifying glass icon, but can’t type anything for it to search. My keyboard is working, since I could type my password to login, so what is going on.

I then chose to run Admin Terminal in admin mode, then the terminal told me that some Touch Keyboard and Handwriting service (aka tabletinputservice) was not running. I check in Computer Management and find it was stopped. I started it and then found that I could now type – ok, make a note of that in case it happens again.

Next thing I noticed was that I couldn’t access my Qnap network storage shares – again, very weird. My other Dell laptop running Windows 11 had no such problem. Then I was either trying to download something and I get a blue screen – Stop code INVALID_DATA_ACCESS_TRAP.

It got to 100% and sat there. Hey – didn’t the message say that it would restart for me? I left it for a short while, and still no activity, so I hit the Reset button.

I could see the computer start up, then after the Bios screen, it would blank briefly, then the power goes off, and it powers on again – regularly, every 12-15 seconds or so, like a very very slow metronome. That isn’t good. This Windows 11 Upgrade should be smooth, like my Dell laptop. After several minutes, it didn’t show any signs of coming up so I powered it off. After disconnecting the cables, got the PC out from beside the desk, and opened it up. Before doing anything else, I will make a backup image of the boot disk, which is a WD 240GB M.2 SSD.

Off to my data recovery machine, installed the M.2 SSD into a 2.5″ M.2 adapter, and plug it into my hotplug 2.5″ disk bay. Then booting up to Linux, I made an image of my SSD onto one of the hard drives. I do this in case I really screw up and destroy some data, so can always copy the image back onto the SSD and try again. Then I needed a Windows preinstallation environment to inspect the contents of the SSD.

On another machine, I downloaded the ADK for Windows 11, then installed the WinPE Addon for the ADK. Once that was done, I went and located the winpe.wim and used Rufus to create a bootable USB disk with the WinPE.

Having the WinPE USB in my hot hands, I went and reinstalled my SSD into the PC, put everything back together, then reconnected all the cables. Finally inserted the USB into one of the front slots, I powered on and pressed F8 when the Bios screen came up. Then chose to boot from the USB.

After a short time (time is relative when waiting for something to happen), I got a blue screen with a command prompt in the middle. I ran diskpart so that I could check the disk structure.

It looked good, pretty much what I expected. Next I decided to run bcdedit – to examine the Boot Configuration Data store.

So the commands I ran, was to make a copy of the BCD and to allow the boot manager to display for up to 30 seconds, so that I can choose what to do.

bcdedit /export C:\Temp\BCDBackup

bcdedit /set {bootmgr} timeout 30

bcdedit /set {default} bootmenupolicy legacy

bcdedit /set {bootmgr} displaybootmenu yes

I then ran bcdedit to verify that those settings were done – good. Next was to reboot, then I got the boot manager screen – and noticed that the default was wanting to go to a boot entry called Windows Setup. I should have seen it in the bcdedit but it comes up with so much stuff, that it can be missed. I let it go to Windows Setup, and then it powered off and powered back on. Ok, this was the problem – something wrong with the Windows Setup boot entries.

This time, when the boot manager prompt came up, I chose Windows 11 and to my surprise it booted into Windows 11. I logged on and found a few things wrong. I couldn’t access any of my network storage drives. Strange, and then I couldn’t type in anything again – so had to start the tabletinputservice again before I could type into the search bars.

Now, I ran the command prompt as Administrator, then ran bcdedit to check the BCD settings. Sure enough, Windows Setup was the {default}

I checked on the C: drive and cannot find that path. C:\$WINDOWS.~BT\Sources is an empty directory. No wonder Windows Setup was rebooting over and over again. I then ran the following bcdedit commands to have Windows 11 be the default.

bcdedit /set {default} bootmenupolicy Standard

bcdedit /set {bootmgr} default {current}

bcdedit /set {bootmgr} timeout 10

This made the current boot entry (Windows 11) as the default, and reduced the timeout to 10 seconds. Also set the bootmenupolicy back to Standard on the Windows Setup boot entry.

Rebooted and sure enough Windows 11 booted up after a timeout, great. Now it was after midnight, so I would have to continue later.

Today was badminton day, so after playing 2 hours of badminton, doing a bit of shopping, buying petrol since my car was nearly empty, then back home – have lunch. What to do after lunch – is to continue with this problem. I should try to find out why my network drives are not working, and also the tabletinputservice just would not stay running after each reboot. I was copying the bcdedit data and I got the blue screen again. After rebooting, it would happen each time I either tried to download something or write a file in my documents folder – not good, this is not workable.

I checked on Google and found that I should have an option to roll back, somewhere in Settings, Windows Update, there should be a Go Back button – but of course in my case, it just wasn’t there. After doing a search, I found the winre.wim file in C:\Windows.old\$WINDOWS.~BT\Sources\SafeOS. Also I noticed that there was roll back data files in the Sources folder so decided to take a stab in the dark. Assuming that this is really the rollback data, and it looked like it was, I then decided to copy this Sources folder to C:\$WINDOWS.~BT\Sources.

After doing this, I rebooted and this time, I chose the Windows Setup boot option. Then I see this on the screen.

Oh good, this is promising – and after a period of time (again relative), I can now tell you that my computer has successfully rolled back the Windows 11 upgrade and returned my computer back to Windows 10 – hooray. Now the time is after 4 PM as I write this – so effectively spent 8 hrs of my time fixing something that shouldn’t have needed to be fixed. That explains why a lot of people have been reporting problems with the Windows 11 upgrade.

I did do other things during this time, but there is too much to write about. I checked the mini dump files to find out that each time the blue screen happened, it was involved with WinSetupMon.sys and then a check on Google found other people having the same problem after a Windows 11 upgrade. That is what prompted me to look at ways to restore back to Windows 10.

It seems that Windows was trying to roll back – which is why the Windows Setup boot entry was there – just that the files it needed weren’t there. If I hadn’t of found the files and put them there – I may have had to either persist with resolving the blue screen issue or maybe having to reinstall Windows 10 back on the PC. I hate to think of this happening to other non-technical people out there.

Now, in summary, I was able to roll back but cannot say that this would work for everyone. I was fortunate in the sense that I had been required to use bcdedit to fix the Windows boot process in a previous job where we were deploying Windows 10 and perform remote rebuilds, so had a good familiarity with bcdedit. Most IT engineers would probably not have this experience. That’s it for now – another successful Restore.IT. Now back to gaming, which is what this computer was meant for – Destiny 2, here I come.

Repair.IT – Temporary fix of rusted letterbox post

While doing the lawn mowing yesterday, I noticed that as my mower brushed next to the letterbox – the letterbox shook. I then had a closer look and it was staying upright, but it could be pushed backwards with a little force. It was still attached at the back mainly, away from the street, but the steel post has most likely rusted almost through.

Once I brushed away the dirt and removed the grass that was covering the concrete block, I could see that there was a rusted hole in the post. The concrete pad used to be at the same level as the grass but the grass has grown up, and the dirt had migrated, causing the steel post to be covered with dirt and allowing moisture to attack it.

I decided to make a temporary repair – to remove the post, then insert a piece of timber that would fit inside the post and in the hole left in the concrete. First step was to remove the post – I was able to bend the post down and could see that the hole was also full of water.

I used a universal tool with a metal cutting blade, and cut the post off at the level of the concrete.

Next step is to cut off as much of the rusted section as I could, and then to clean out and empty the hole or water and dirt. I was able to soak up much of the water with a small rag, then scraped around the bottom of the hole, then used a vacuum cleaner, to remove the dirt and debris.

I needed a section of timber that would be 35mm square. I didn’t have anything to hand that would suit but could join two thinner pieces together. I remembered that I had some small pieces of Blackbutt decking board leftover from building my deck. Blackbutt is an Australian hardwood and is suited to outdoor conditions but I would need to do something to protect it from moisture eventually.

I cut a piece of Blackbutt to 150mm in length, then cut a section of it to about 35mm thickness. As the decking board is 19mm in thickness, I glued two of these pieces together, then after it was dry, cut the side to be a total of 35mm thick. It had a firm fit on the steel post, so next thing to do was to try and hammer it into the hole. It wasn’t easy to do, and only managed to get it in partially, so that might have to do. I could see the concrete pad moving as I was hammering it in.

Then finally to put the post back on – I had taken the actual letterbox off the post, and was able to hammer it onto the Blackbutt section. It seemed to be very firm – and didn’t seem likely that I could easily take it off again. When I push on the post, I could see that the concrete pad was shifting.

Anyway, it seemed to do the job – although as I mentioned, it is a temporary fix. The best option, would be to buy a replacement post, then dig up the concrete, and install the new post in new concrete, but this time, make the concrete higher that the ground level and slope it so that water doesn’t stay at the bottom of the post. In any case, concrete is alkaline and would cause corrosion anyway of the steel post. Maybe I should think of another way to install the new post.

For now, it is quite serviceable, and definitely will not fall over when the postman next puts a few letters of parcel into the letterbox. To help the timber last, I should most likely fill the gaps and seal it maybe with a waterproof paint – let me see what I have sitting around. That’s it for today. I know that this won’t last long, but who knows – it could well last a year. That should give me plenty of time to arrange a replacement post.

Repair.IT – Repair of smoky Amtex HSC40-20 Switched Mode Power Supply

Just recently, the Segway Ninebot One S2 that I had repaired previously came back for me to look at – a battery problem again. I removed the covers and took the battery pack out. Sure enough, the battery pack had failed, so I opened the battery pack and was setting up to check and charge each lithium cell.

I have a modular Amtex HSC40-20 switched mode power supply that had 12V and 5V outputs. This power supply was housed in a plastic box with banana sockets on the front. I have used this power supply from time to time to power up and check IDE disk drives using the attached Molex cable. I decided that the 12V output would just be ideal to power the Swallow battery charger for charging the lithium cells.

Once everything was cabled up, I commenced charging the lithium cells. Cells #1 and #2 were fine, still with a full charge, but when I went to charge #3, I heard a slight pop/hissing sound – then looking around, I noticed a wisp of smoke coming from the power supply – so I hurried switched it off.

I disconnected the power supply and took it over to the screen door in order to open it up (in case of a lot of smoke). After removing two screws, the top cover was removed and this acrid smoke came out. The box was full of this smoke. I put the box outside on the deck to let the smoke dissipate. After a number of hours, I brought it back inside, but the smell was still there – so after a brief inspection, put the top cover back on for the time being.

This power supply was one of two that I had purchased many years ago – and the date code on the label shows 8432. Translating this date code using the legacy notation indicates that the power supply was manufactured in Week 32 of the year 1984. Not bad for a power supply that was 37 years old.

What had failed was a 0.1uF MP X2 capacitor right next to the bridge rectifier. This metallized paper capacitor is part of the EMI/RFI suppression filter that is meant to remove electromagnetic noise and interference from the incoming mains.

I got my other unused power supply out of storage to examine and to do some comparisons. It was easier to take photos of this one without the attached wiring.

A photo of my unused power supply (Serial number 1839).

I could see that there were very fine cracks in the same capacitor and in two other MP X2 capacitors which was part of the same filter.

A closer look showing the position of the MP X2 capacitors in the other power supply.

On further examination of the failed power supply, I found two capacitors on the DC outputs that I appear to have replaced previously. I must have been in a hurry back then, as I had replaced them with axial capacitors instead of radial capacitors. I should replace those as well, while I do this repair. I forgot to take a photo of the actual failed power supply but here are the MP X2 capacitors after removal.

The failed capacitor is a 0.1uF 250VAC MP X2 capacitor. It is made from metallized paper folded and encapsulated in plastic. The age cracks in the plastic must have allowed moisture to enter via the humidity in the air, and this must have degraded the paper insulation, causing the capacitor to fail. The X2 rating means that it is mains rated and would fail in a shorted configuration which would normally blow the power supply fuse. I was able to switch it off before it shorted completely.

On Thursday, I ordered the replacement parts from the local Jaycar in Rydalmere, and picked them up as they had all of the parts in stock. The replacements are all polypropylene so should never need replacement due to age. The repair was straight forward, first installing the DC output capacitors, then installing the replacement X2 capacitors which were yellow in colour now, instead of grey.

Note the serial number 1847!

After this repair, I switched on this power supply, and was able to measure the right output voltages from the terminals – and no more smoke, although the odour is still present. I then proceeded to replace the MP X2 capacitors in my other power supply and then stored that one away in its foam wrapping.

This should remind me to be wary of old power supplies that had been sitting around unused for long periods of time. Don’t leave them running unattended or inspect these parts before using the power supply, if possible. Anyway, another repair (or two) completed.

Repair.IT – Sharp CD-BP1200 Mini Component System

Some time ago, this Sharp CD-BP1200 Mini Component System was brought to me by my sister. It was just the main unit, which comprised of a 3 CD player and dual cassette. It was originally from one of my cousins. At the time, it was inspected and found that some screws had been removed from it, maybe to see if something could be fixed in it.

Anyway, it looked like quite a nice unit, with a digital volume control. When I powered it on, all I could hear was a very loud hum from the speakers, even with the volume set to zero. This meant that it was likely to be ripple in the power supply that was getting into everything.

After removing two screws, the side panels can be taken off which then gave a view of the interior. I was able to spot a bad capacitor in the corner, which to replace would need moving the main board out of the case. There were five screws holding the rear speaker and other connectors to the back board, then seven screws holding the board down. Another screw was holding the front headphone socket, then removing another five cables allowed the board to move out.

It is often amazing how dust can still accumulate in a fairly closed box. After a bit of vacuuming was done, I can then get to the offending part.

This capacitor, which is a 2200uF 35V electrolytic capacitor had failed, as can be seen by the slight bulge and dark discolouration on the top. The other one nearby is a 3300uF 25V which appears to be fine, but since both of these are used in the DC power supply, it would be best to replace both.

I checked the local Jaycar website for replacements, but they didn’t have the 2200uF 35V capacitor listed. The one that I needed would have to be a high temperature one, rated to 105^oC. It also needed to have a pin spacing of 7.5mm so that it would fit in easily.

If it wasn’t for us living in the Parramatta LGA which is subject to a max 5km limit, I could have just gone for a drive to Wagner Electronics in Summer Hill who should have these available. Anyway, online shopping is the way to go, so I was able to find these on Element14’s website. I added this and the 3300uF 25V capacitor to my shopping list. Element14 has free delivery if the order is over $50 otherwise it costs $15 for delivery. For parts totalling $3.30 I generally add to the list, then eventually once I accumulate sufficient items, I place the order.

In due course, I had enough on the shopping list, but then I had to choose alternate parts due to availability. Most of the stock that I wanted was either in the UK or in Singapore. Eventually I was able to order parts that would come from the UK and take 5-8 days, give or take, since delivery times have been extended due to the Covid pandemic.

Over the past couple of weeks, I got some deliveries, then the ones I wanted finally arrived last week. I was able to replace the capacitors with a slight hiccup. The 3300uF capacitor had some much glue that removing it also damaged one of the pads. I was able to get the replacement soldered in with a wire bridge to fix the damage.

After reassembling everything back into the case, it was time to test it out. It works, no more hum from the speakers – dead silence when the volume is set to zero. Currently it is playing Celine Dion as I write this. Another successful repair completed. Great use of time for another Covid lockdown afternoon.

Recover.IT – Access to a Linux laptop with a forgotten password

How many of you have had this happen to you? Rarely, I suppose for a linux laptop, but a Windows laptop? More often than not – it happens with an old laptop that has been put away because the new one has arrived. Sometime later, you are looking for some photos and you remember that they are on the old laptop. But you can’t remember the password. Most options would be to take it to a computer shop – and they do their magic and you get a new password.

What about a Linux laptop? Try that with the local computer shop, and they will be scratching their heads and offering to install a new OS onto it. Get the message?

Actually it isn’t very hard at all, but you do need to know something about the Linux operating system. I mentioned some of this in a previous post – https://j0hn88.wordpress.com/2021/03/16/restore-it-access-to-netgear-readynas-pro/

Let me explain the not-so-hypothetical scenario. One of my nephews lived in an apartment nearby then got a job in the UK and moved there. We helped to clean out the clutter, repair things that had been broken – like this https://j0hn88.wordpress.com/2019/12/31/repair-it-vertical-blinds-broken-cord/

One of the things he left behind was an Asus Eee PC model 701. I remember that he had bought this ages ago, and at the time, he got it with Linux. Anyway, we brought this back with us along with many discarded electronics, numerous USB power packs, android tablets and the like – and these were stored for future sorting out. One of these discarded items was an Acer monitor that didn’t a stand, so I put a stand on it and used it as my second desk monitor.

This Covid pandemic lockdown has caused most of us to be home-bound, and it has given us an opportunity to spend more time bonding together, or stressing out because we can’t get away from each other, but I digress. We can also use the time to sort out the clutter that accumulates. I came across this Asus Eee PC and tried to turn it on, but of course the battery was flat and would not turn on. I found the power adapter and after charging it, was then able to turn it on.

This Asus laptop has a 7-inch screen and runs Ubuntu Linux. I was faced with a login prompt – ok, I can use this to write an article about how to get into this and either crack or replace the password.

Ok – the process is as follows!

1. Get access to the disk
   • I opened up the bottom of the Asus but all I can see is a memory module.
   • This means that the disk is likely not removable – ok, I will have to boot from USB then.
   • I checked my bag of USB drives and found a Knoppix 8.2 Live USB disk – this is a sufficiently old version that should run on the older hardware.
   • Plugged it into the Asus
   • Powered on, and pressed Esc to get to the Boot Menu
   • Chose my Toshiba USB drive and pressed Enter
   • Knoppix booted up and by using “dmesg | grep sd” I can see an internal disk “/dev/sda”
2. To find out the partitions on the disk
   • sudo fdisk -l /dev/sda
   • shows me that /dev/sda1 is the Linux partition
3. Mount the disk /dev/sda1
   • Issue command “sudo mount /dev/sda1 /media/sda1”
4. Now check for the password hash file – /etc/shadow, and make a copy of it
   • sudo cp /media/sda1/etc/shadow ./shadow
   • sudo chmod 0666 ./shadow
   • now I should have access to a copy of the file
5. Look at the file
   • cat shadow
   • I can see a user and a hash, michael – just happens that my nephew is Michael
   • The hash has a 5 character salt, so I should do the same when I generate a new password hash, or even just use the same salt
6. Generate a replacement hash for the michael account and for the root account
   • openssl passwd -1 -salt gw7Wo 12345
     • $1$gw7Wo$yzpjpfOFABNrfPr9zMiyd1
   • openssl passwd -1 -salt miPee admin
     • $1$miPee$OxQLmiJqepYIujU0V0z5h0
   • ok, so now I have a new hash for the michael account and a new hash for the root account
7. Modify the shadow file with these two hashes and copy it back
   • nano shadow
     • modify the first line for root, then the last line for michael, replacing the original hashes with the ones that I generated in the previous step
     • save the file
   • sudo chmod 0640 ./shadow
     • this changes the permissions back to what the file originally had
   • sudo cp ./shadow /media/sda1/etc/shadow
     • copy the modified file back to the internal disk
8. This is now done except to unmount the disk

Some screenshots of the above steps:

Step 2. Fdisk output

Step 5. Found the password hash for michael, and has a 5 character salt

Step 6. Generate the new password hashes using the original salt

So, does it work? Yes, I rebooted and was able to login to the Asus laptop with michael and 12345 as the password. Now the steps noted above are not stealthy, since my modification of the shadow file will have today’s timestamp, but since this laptop is for me to play around with, it doesn’t really matter. If I wanted to be more stealthy, I would write directly to the disk, bypassing the file system – such as how I did this with the NAS.

This shows that if we have physical access to a laptop or even a desktop or server, we could accomplish the same thing. Give ourselves credentials to use or access the device, modify operating system files, install rootkits, malware etc. So it is best to restrict physical and remote access to our protected devices, don’t leave them sitting accessible in the cafe, when we queue up to order or go to the restroom – make sure they are secured.

What else can we do? Enable boot protection to only boot from the internal disk, not from USB. Enable tamper protection software that will detect if the contents of important files have changed. Enable full disk encryption, if the system supports it – most modern systems are capable of this. Anyway, this was just to illustrate one particular use case where we may want to replace a Linux password or two, in order to recover access to the device. It is preferable for us to do this ourselves, than to have a hacker do this without our knowledge.