2008-08-10

MS05-051 "broke" Vista: HRESULT was 8007043c eventsystemobj.cpp

I pride myself on keeping my most critical Vista box well patched and happy (from a Microsoft point of view). I plan to use Vista for many years -- I even bought the "retail" version.

Imagine my surprise when I noticed that it was no longer accepting peer to peer network connections. "Hmm, I guess I'll try rebooting," I frowned. But Mr. Ultimate Vista refused to start up. It displayed the Vista logo, then, without any message or notice, rebooted itself again. This would have gone on indefinitely if I had not intervened.

I booted into safe mode, (luckily that worked!) looked at the System log (not a minor accomplishment, since some of the other log flavors were not viewable due to "could not connect" errors). The error that got my attention was "The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\rtm\com\complus\src\events\tier1\eventsystemobj.cpp." And a probably related message, "System log:The following boot-start or system-start driver(s) failed to load: ACPIaswSPspldrWanarpv6." Deeper frown.

I looked at the Reliability Monitor, and it showed nothing unusual for the past couple of months.

A TechNet forum post suggested a closer look at the Microsoft KB entry that is the title of this post. In short, the problem is with permissions policies -- apparently some critical Windows applications were locked out from the Registration directory.

This is an understandable "bug." What is less understandable is how this problem escaped the automated test tool sniffers one imagines that Microsoft has at its disposal. After all, the easiest problem for a test script to detect is a boot failure.

Before the era of web- or email-enabled newsgroup / forum posts, my system could have been down for days as I sorted this out.

One other thing: the Microsoft warrantee for Vista is 90 days after it's activated.

6 comments:

phelanmt said...

How did you do this in Vista? It only explains for Windows 2000 and server editions. Thanks!

mark underwood said...

Just follow the server edition instructions. Windows 2003 server and Vista have much in common.

Celox said...

i had the same problem! but mine didnt loop it was even more complicated to trace down u can read it here :)

http://www.clunk.org.uk/forums/hardware/10492-freezes-after-cold-startup.html

but if u hadn't used your topic for this problem like u did i would never have found the kb articel! thanks :-)!!

oh and M$ shame on you!!!

ps:i also used the wink2k3 instructions

Andrew said...

Thanks - this saved my Vista Desktop after 24 hours of no results.

From Microsoft :
For a computer that is running Windows 2000 or Windows Server 2003 and is not running as a domain controller, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contents”) on all parent directories, including %systemdrive%, %windir%, and %windir%\registration

...I found that the 'Everyone' group was not available as a setting for the %windir%, or %systemdrive% (windows, c drive) directories - but it worked anyway.

Seeemed to have something to do with sharing a folder also being used by a P2P service, in my case.

Thanks Again,
HC

Andrew said...

Thanks - this saved my Vista Desktop after 24 hours of no results.

From Microsoft :
For a computer that is running Windows 2000 or Windows Server 2003 and is not running as a domain controller, follow these steps:
1. In the %windir%/registration folder, make sure that the Everyone group has Read permissions.
2. In the %windir%/registration folder, make sure that the SYSTEM account has Full Control permissions.
3. In the %windir%/registration folder, make sure that the Administrators group has Full Control permissions.
4. In the advanced security properties of the .clb files in the %windir%/registration folder, make sure that the Allow inheritable auditing entries from the parent to propagate to this object and all objects. Include these with entries explicitly defined here option is selected.
5. Make sure that the Everyone group has one of the following permissions:
• Traverse permissions (“List Folder Contents”) on all parent directories, including %systemdrive%, %windir%, and %windir%\registration

...I found that the 'Everyone' group was not available as a setting for the %windir%, or %systemdrive% (windows, c drive) directories - but it worked anyway.

Seeemed to have something to do with sharing a folder also being used by a P2P service, in my case.

Thanks Again,
HC

lvh said...

wow - thanks for this information - saved me time this morning trying to figure out why my computer was flaking out.