Printer driver problem

Recently I was asked to fix printer driver installation. In this case, it was HP Officejet Pro 8620, but it is not important and later on, you will see why.

I downloaded fresh drivers full and compact versions from HP site. Actual error message was saying

Call to DriverPackageInstall returned error 1726 for package C:\Program FIles\HP\HP Officeject Pro 8620\DriverStore\Yeti\hpvyt13.inf

Error code 1726 is “The remote procedure call failed”. But which one and how this is related to printer drivers?

Google was not helpful on troubleshooting of this exact error message so I took some basic steps, that are usually done when you have troubles with software installation.

  1. Uninstall all previous driver installation
  2. Cleaned driver folders
  3. Cleaned registry
  4. Restarted computer

 

Unfortunately all these steps were not successful. So I decided to look for some older versions of the same driver. However HP do not provide them and I’m bit scarred to install drivers from unknown web sites.

Then I tried to install driver manually, without installer with PnPUtil, which is a part of windows operating system.

PnPUtil -i -a C:\OJ\hpvyt13.inf

Where C:\OJ\hpvyt13.inf is a path to driver file, which I extracted from setup.

Here I got exactly the same error. Remote procedure call failed. I start to suspect it is something wrong with windows system files and run

sfc/scannow

Log for it is located here: %WinDir%\Logs\CBS\CBS.log

It was able to find some faults, but most of them were about wrong file or folder owner so I skipped that.

For now it was not enough information to think about the root cause so I decided to search for more logs. And I found them. Windows have some logs for device installation located here C:\Windows\INF\setupapi.dev.log

Error message there was saying

“Failed to install catalog ‘hpvyt13.cat’ as ‘oem2.cat’. Error = 0x000006BE”

Catalog oem2.cat is located in C:\Windows\System32\CatRoot

I was able to open it and seemed it was working fine. Tried to place hpvyt13.cat to catroot folder, but that made no changes.

Then I tried to do repair of catroot database, which is located in C:\Windows\System32\CatRoot as described here

I remember old trick with HP dirvers, when installation was possible only with local computer administrator account. I created new account and tried to log in with it. Got error message:

The user Profile service failed the sign in user profile cannot be loaded

I recreated hidden “Default” folder in C:\Users and then I was able to login. However it was working very slow and I had to log off. Afterwards I was able to log in, but a lot of things were not working there, like press “Start” button and so on.

Here I started to suspect that there might be some problems with physical disk. Checked that with command

chkdsk C: /f /r /x

And restart. Checkdisk found some minor errors, but installation of printer still was not working

It was still not working to install driver. I checked windows application/system logs and found there some interesting events:

Windows cannot access the file C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_864_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.

 

Program: Host Process for Windows Services

File: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_864_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat

Faulting application name: svchost.exe_CryptSvc, version: 10.0.14393.0, time stamp: 0x57899b1c

Faulting module name: bcryptPrimitives.dll, version: 10.0.14393.0, time stamp: 0x57899aef

Exception code: 0xc0000006

Fault offset: 0x0000000000005707

Faulting process id: 0x1340

Faulting application start time: 0x01d2d7070b3da4a9

Faulting application path: C:\WINDOWS\system32\svchost.exe

Faulting module path: C:\WINDOWS\System32\bcryptPrimitives.dll

Report Id: 99e8b755-375f-4984-bf1d-060d42364687

Faulting package full name:

Faulting package-relative application ID:

 

Cryptographic Service was starting and crashing all the time.

Since Package_864_for_KB3200970 should be somehow related to KB3200970 I decided to reinstall this update. Guess what? It failed as well.

I tried to open C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_864_for_KB3200970~31bf3856ad364e35~amd64~~10.0.1.5.cat, but got an error that this file is not valid cat file. I tried to open it with notepad, but it was saying that file cannot be found.

Then I deleted file above and restarted Cryptograpic Services. After few minutes I got the same error message as above, but for another file. So I had to delete like 15 files to get Cryptographic Services working stable.

Afterwards printer installation was smooth.

Windows 10 does not allow installation of unsigned drivers. Cryptographic services are required to sign drivers on windows with digital signature. Installer was trying to connect this service, but failed since it was stopped all the time, so alarmed about PRC call failed. Hope this will help someone and you will not spend so much time like I did.

Advertisements

Terminal license troubles

Heya!

Today I will tell you about issue I discovered recently with terminal license server. It was windows 2012R2 with 100 per user licenses installed. I configured license usage report for it which was described here. For about 1 year it was showing usage of about 10 from 100 licenses. That was confusing so I started investigation. First I checked license usage report from RD Licensing Manager and noticed there:

Failed Per User License Issuance Detail

User,CAL Version,CAL Type,Tried Issuance On

ddc.com\m_okla,Windows Server 2012,RDS Per User CAL,”den 7 april 2017 14:00:10″

ddc.com\m_dvbl,Windows Server 2012,RDS Per User CAL,”den 7 april 2017 14:00:20″

ddc.com\m_lpdn,Windows Server 2012,RDS Per User CAL,”den 7 april 2017 16:06:33″

ddc.com\m_opda,Windows Server 2012,RDS Per User CAL,”den 10 april 2017 09:44:58″

ddc.com\d_elam,Windows Server 2012,RDS Per User CAL,”den 10 april 2017 09:48:33″

Failed Per User License Issuance Summary

DomainName,FailedPerUserLicenseIssuanceCount

ddc.com,5

First I checked logs on server and there were no any recent events regarding terminal licenses. So I asked a question on MS support forums and got reply to search for event 4105 in windows application log.

I searched and found a lot of such events. So this issue is about permissions for RD License server on user accounts in AD. You can check this permissions on security tab of user account in AD, but before you need to enable “Advanced Features” in AD Users and Computers

Untitled

In our case “Terminal Server License Servers” group was added as Allow entry in users ACL, but did not had any permissions on user account at all.

Untitled

It should be “Read/Write Terminal Server license server”

First I was planning to write some script to update permissions for each user object, but then I found this article from MS. It is not stated there that it applies for windows 2012 and windows 2012R2, but it does 🙂

I used both methods from scenario #2 and each of them worked.

1 warning here. Permissions for “Terminal Server License Servers” group will not be updates, new ACL entry will be added for each user object instead. So keep it in mind when checking results, just look at all ACL entries to make sure it worked.

After correct permissions were applied license usage increased twice during 1 day only!

 

Windows Time Problem

Hi there! Sorry for all my typos and style, I’m trying to write briefly and do not check anything since do not have time for that. But technically it is all written right and it is all real life experience where I spent many hours to fix the problem. And give it to you for free 🙂

Recently I got one server where was not possible to start windows time service.  Error message was:

The Windows Time service terminated with the following error:

The system cannot find the file specified.

Windows time service depends on three files located at C:\Windows\System32

W32time.dll

W32tm.exe

W32topl.dll

When I checked them, on the server, all of them were in place and they were original.

So I decided to re-register windows time service:

On the elevated command prompt:

W32tm /unregister

W32tm /unregister

W32tm /register

I know that I mentioned /unregister twice; it is because sometimes it cannot unregister at the first time.

But when I tried to register I got exactly the same error

The following error occurred: The system cannot find the path specified. (0x80070003)

Later on, I tried to check which files it is trying to find with a procmon filtering by w32tm.exe process name. I got no information from there.

w32tm

So I decided to copy whole registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\ including sub keys from another working machine. In general, it is exactly the same on any windows version.

Now I started to get an error message

The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied.

 

Then I configured logging for Windows Time Service, since it was not clear for me where it comes from

Since windows time service executable is “C:\Windows\system32\svchost.exe -k LocalService” it was not possible to check its activity in procmon.

From elevated command prompt run:

w32tm /debug /enable /file:c:\windows\temp\w32time.log /size:10000000 /entries:0-116

 

Error message from the log file was:

151991 12:30:27.1064599s – ———- Log File Opened —————–

151991 12:30:27.1064599s – CurSpc:15625100ns  BaseSpc:15625000ns  SyncToCmos:No

151991 12:30:27.1064599s – PerfFreq:3579545c/s

151991 12:30:27.1064599s – Logging error: The time service encountered an error while refreshing its configuration in the registry and cannot start. The error was: Access is denied. (0x80070005)

151991 12:30:27.1064599s – Failed in initialization, w/o restart service151991 12:30:27.1064599s – Service shutdown initiated with exit code: -2147024891.

151991 12:30:27.1064599s – Exiting ServiceShutdown

151991 12:30:27.1064599s – ———- Log File Closed —————–

 

Based on this error description I found the article from MS.

In general, it is about giving permissions for account NT Service\W32Time to different sub keys of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\

I never could imagine there is such account exists!

But when I granted permissions for NT Service\W32Time to whole key and its subkeys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\

I was able to start service successfully

During investigation I also disabled this key, dunno if this is important or not:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider]

“Enabled”=dword:00000001

For those of you who do not have an empty windows machine where to copy registry settings from I publish them here

#0x80070003, #0x80070005, #w32time, #debug, #register


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Config]

“FrequencyCorrectRate”=dword:00000004

“PollAdjustFactor”=dword:00000005

“LargePhaseOffset”=dword:02faf080

“SpikeWatchPeriod”=dword:00000384

“LocalClockDispersion”=dword:0000000a

“HoldPeriod”=dword:00000005

“PhaseCorrectRate”=dword:00000001

“UpdateInterval”=dword:00057e40

“EventLogFlags”=dword:00000002

“AnnounceFlags”=dword:0000000a

“TimeJumpAuditOffset”=dword:00007080

“MinPollInterval”=dword:0000000a

“MaxPollInterval”=dword:0000000f

“MaxNegPhaseCorrection”=dword:0000d2f0

“MaxPosPhaseCorrection”=dword:0000d2f0

“MaxAllowedPhaseOffset”=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Parameters]

“ServiceDll”=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\

00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\

77,00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00

“ServiceMain”=”SvchostEntry_W32Time”

“ServiceDllUnloadOnStop”=dword:00000001

“Type”=”NTP”

“NtpServer”=”time.windows.com,0x9”

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\Security]

“Security”=hex:01,00,04,80,84,00,00,00,90,00,00,00,00,00,00,00,14,00,00,00,02,\

00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\

00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\

00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,\

8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,9d,01,02,00,01,\

01,00,00,00,00,00,05,13,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\

00,00,00,00,00,05,12,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpClient]

“DllName”=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,\

00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00

“Enabled”=dword:00000001

“InputProvider”=dword:00000001

“AllowNonstandardModeCombinations”=dword:00000001

“CrossSiteSyncFlags”=dword:00000002

“ResolvePeerBackoffMinutes”=dword:0000000f

“ResolvePeerBackoffMaxTimes”=dword:00000007

“CompatibilityFlags”=dword:80000000

“EventLogFlags”=dword:00000001

“LargeSampleSkew”=dword:00000003

“SpecialPollInterval”=dword:00093a80

“SpecialPollTimeRemaining”=hex(7):74,00,69,00,6d,00,65,00,2e,00,77,00,69,00,6e,\

00,64,00,6f,00,77,00,73,00,2e,00,63,00,6f,00,6d,00,2c,00,30,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\NtpServer]

“DllName”=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,\

00,33,00,32,00,74,00,69,00,6d,00,65,00,2e,00,64,00,6c,00,6c,00,00,00

“Enabled”=dword:00000000

“InputProvider”=dword:00000000

“AllowNonstandardModeCombinations”=dword:00000001

“EventLogFlags”=dword:00000000

“ChainEntryTimeout”=dword:00000010

“ChainMaxEntries”=dword:00000080

“ChainMaxHostEntries”=dword:00000004

“ChainDisable”=dword:00000000

“ChainLoggingRate”=dword:0000001e

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider]

“Enabled”=dword:00000001

“InputProvider”=dword:00000001

“DllName”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,76,\

00,6d,00,69,00,63,00,74,00,69,00,6d,00,65,00,70,00,72,00,6f,00,76,00,69,00,\

64,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider\Parameters]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC]

“UniqueId”=”f3932585-19e8-40cc-922f-673073cbc0d7”

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TriggerInfo]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TriggerInfo\0]

“Type”=dword:00000003

“Action”=dword:00000001

“GUID”=hex:ba,0a,e2,1c,51,98,21,44,94,30,1d,de,b7,66,e8,09

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\W32Time\TriggerInfo\1]

“Type”=dword:00000003

“Action”=dword:00000002

“GUID”=hex:6e,51,af,dd,c2,58,66,48,95,74,c3,b6,15,d4,2e,a1

Ipswitch WS_FTP ftp logs export

Hi everybody, hope you enjoy reading our blog! This time I will write about Ipswitch WS_FTP ftp server and how did we extract logs from it.

One of our customer has very old ws_ftp setup (ver 7.1) and they decided to perform migration to another FTP server solution. As I told before, it is very old setup with 200+ users, who are not documented. Ftp is extensively used, so customer decided to analyze logs for last year and maybe clean some of the users and inform others about future changes in FTP setup. There are 2 ways to get a logs:

  • From PostgreSQL database
  • From log viewer built into WS_FTP

Unfortunately, the password from PostgreSQL was unknown so the only possible way for us was to use log viewer. The only export format for log viewer is xml. It is not user-friendly and does not allow regular user to make any filtering. In addition exported xml was about 4.5Gb. So not possible to open with excel. Ms Access with some stupid errors, even when I split file to parts

Untitled_0

So I decided to export data to MS SQL Server table and convert it to flat format from xml. Here is an example on how xml looked

<?xml version=”1.0″ encoding=”utf-8″ ?>
<log>
<entry>
<log_time>20150311-12:45:02</log_time>
<description><![CDATA[Timeout session:  605,109375 secs inactivity, Login state]]></description>
<service>S1</service>
<sessionid>16278752</sessionid>
<type>0</type>    <severity>1</severity>
<user>user1</user>
<host>ftps.srv.com</host>
<lstnconnaddr>12.28.27.13:990</lstnconnaddr>
<cliconnaddr>39.16.77.36:36738</cliconnaddr>
<cmd>timeout</cmd>
<params><![CDATA[MLSD ]]>
<sguid>B4CFC212-7C36-438F-EEA7-188BD3EACAA3</sguid>
</entry>
</log>

Therefore, I made an empty database and a table inside


create table ftplog (

[log_time] nvarchar (17),

[description] nvarchar (100),

[user] nvarchar (30),

[host] nvarchar (20),

[lstnconnaddr] nvarchar (30),

[cliconnaddr] nvarchar (30),

[cmd] nvarchar (30))

GO


The length of the fields can be different, especially for “description”, however I used max values to cover every possible case

I also made a query to import a data from xml file to table so it is written as table, but not xml


use FTPdatabase

GO

DECLARE @messagebody XML

 

SELECT @messagebody = BulkColumn

FROM OPENROWSET(BULK ‘C:\year.xml’, SINGLE_CLOB) AS X –change to your path

 

INSERT INTO [ftplog]

select  a.value(N'(./log_time)[1]’, N’nvarchar (17)’) as [log_time],

a.value(N'(./description[1])’, N’nvarchar (30)’)) as [description],

a.value(N'(./user[1])’, N’nvarchar (30)’) as [user],

a.value(N'(./host[1])’, N’nvarchar (30)’) as [host],

a.value(N'(./lstnconnaddr[1])’, N’nvarchar(30)’) as [lstnconnaddr],

a.value(N'(./cliconnaddr[1])’, N’nvarchar (30)’) as [cliconnaddr],

a.value(N'(./cmd[1])’, N’nvarchar (30)’) as [command]

from @messagebody.nodes(‘/log/entry’) as r(a);


This query is designed for this specific xml structure, so for different xml it need to be changed. As you can see I skip some unnecessary fields from xml, like sessionid, host, sguid and so on.

After the first run, I got an error message that it cannot read some symbols, sure, it cannot! FTP was installed on Swedish, and I had different settings on my laptop, so I had to change language for non Unicode programs to be Swedish and restart laptop. By the way, before laptop I was trying to import data to SQL Server installed on virtual machine, which is used quite a lot by different people. Query was running for years, so I decided to use my laptop with SSD and 12gigs of RAM.

Untitled_1

On the small files import query was running fine, but when I started it against xml with data for the last year it gave me an error message

Msg 9420, Level 16, State 1, Line 5

XML parsing: line 42131402, character 49, illegal xml character

 

It is not possible to view 4Gb file in notepad. First I tried to use powershell, but it took whole memory and was running for years. Therefore I made a vbs script to read a line with specific number


Set objFSO=CreateObject(“Scripting.FileSystemObject”)

‘ Put your path to xml here

filename = “C:\Desktop\FTP\year.xml”

 

Set fso = CreateObject(“Scripting.FileSystemObject”)

Set f = fso.OpenTextFile(filename)

 

for k = 1 to 42131400   ‘ In my case error happened on line 42131400 and I was not sure how vbs count the ‘strings so I did output for 2 strings prior to 42131402

strline = f.ReadLine

Next

 

wscript.echo “String with number: ” & k & “has value” & “strline”

strline = f.ReadLine

wscript.echo “String with number: ” & k+1 & “has value” & “strline”

strline = f.ReadLine

wscript.echo “String with number: ” & k+2 & “has value” & “strline”

 

f.Close


Unfortunately, even with this tool I was not able to identify the problem. I was able to read a string, but not to identify what is wrong with it. Here is what I got reading the string. Yeah, there are some Unicode symbols, but anyway it should be possible to read them. Here is example of string output from script:

<description><![CDATA[Unknown command : ŸÔŸÝ]]></description>

After googling a bit I found out that it might be a problem with unreadable Unicode table characters (1-32). So I made another vbs script to remove such characters from my source file.


Set objFSO=CreateObject(“Scripting.FileSystemObject”)

‘ How to write file

outFile=”C:\FTP\fixed1.xml”   ‘ Keep results in this file

Set objFile = objFSO.OpenTextFile(outFile,2)

filename = “C:\Desktop\FTP\year.xml” ‘ Source file

 

Set fso = CreateObject(“Scripting.FileSystemObject”)

Set f = fso.OpenTextFile(filename)

i = 0

Do Until f.AtEndOfStream

 

strline = f.ReadLine ‘ Read each string of the source file

for j=1 to 32              ‘ Change 32 to be 31, so you do not loose spaces

strline=Replace(strline,Chr(j),””) ‘Remove unreadable characters

Next

objFile.WriteLine strLine  ‘ Write fixed string to output file

i = i+1

Loop

wscript.echo “Number of strings is: ” & i

f.Close

objFile.Close


After cleaning a file I got error message from SQL

Msg 9421, Level 16, State 1, Line 5

XML parsing: line 1, character 13, illegal name character

 

Using the first vbs script I red first 3 lines and they looked exactly fine

<?xmlversion=”1.0″encoding=”utf-8″?>

<log>

<entry>

However, after bit more research I discovered that the first string is missing spaces (unreadable character with code 32 that was removed by vbs script. I was not worried about spaces anywhere so just added them to the first string

<?xml version=”1.0″ encoding=”utf-8″ ?>

 

I tried running SQL import batch again and it still was not working with error message

Msg 9420, Level 16, State 1, Line 5

XML parsing: line 1461998912, character 29, illegal xml character

Did not feel comfortable with reading strings with vbs script and spending so much time on that, so I did some research and it appeared that there are quite a lot of nice tools who can read huge text files.

One of them is EmEditor was fit for my needs with fully functional 30 days trial. So now I was able to open and browse huge xml file using nice GUI interface!!!

During file opening got an error message that some characters cannot be converted using the specified encoding.

Untitled_3

Wow, this tool saved hours for me and I was able to identify problematic symbol, it appeared to be �

Using EmEditor I replaced this symbol with nothing and saved changes

 

Finally, I was able to run SQL import query and after 30 minutes I got a table containing 6+ million records ready for queries and sorting!

For customer I exported same xml file to MS Access database table. Compressed it consumed just 60Mb

Hope you enjoyed this long story. I do not think that someone will need to reproduce all of my steps, but some of them might be useful for different purpose. Looking forward for your feedbacks and do not forget to follow our blog. Promise, soon it will update more often and it will be a lot of interesting content!