2022-01-31

Windows Event ID 7043 AsusUpdateCheck Service did not shutdown properly

Windows Event ID 7043  AsusUpdateCheck
The AsusUpdateCheck service did not shut down properly after receiving a preshutdown control

Discussion:
This message only happens on workstations running an Asus-brand motherboard (in my case, a PRIME Z390-A).  The AsusUpdateChecker runs as a Windows service and cannot be disabled via normal techniques.

No matter how hard you try to disable this service, it re-appears, and is active.
It generates frequent errors in the Event Logs, especially at startup.

These attempts all failed:
a.  Start, Run, "SERVICES.msc".  Disable the AsusUpdateCheck service
b.  In MSConfig, unchecking in Services
c.  In Task Manager, Services
d.  Delete/rename C:\Windows\system32\AsusUpdatecheck.exe  (cannot be renamed/deleted)
e.  Delete this Registry key:  HKLM\Software\Microsoft\Shared Tools\MSConfig\Services\(asus)
f.  Booting in Safe Mode and deleting or replacing the file.


It appears the motherboard/hardware can reach inside the disk and re-enable.  The file is re-installed if missing.  If I were a virus, this is where I would want to live.  This service is tenacious.

Solution:

1.  Cold-boot the computer, press F2 at hardware banner to enter into BIOS setup

2.  Open "Advanced" settings
     Tools
     Look for "ASUS Q-Installer".  Disable

On older ASUS motherboards, disable in BIOS "Armory Crate", or "ASUS Grid Install Service"  These may also be in Add-remove-programs; I do not have these boards and could not test.

3.  Boot into Windows normally

4.  Start, type/search "services.msc".  Run as administrator
5.  Locate the AsusUpdateChecker Service.  Set to Disabled.


Possible Drawback:

By disabling, you will have to manually retrieve and install BIOS updates from the Vendor's website.  Honestly, you want to do it this way because after (a year), the vendor is unlikely to have a BIOS update ever again.  No sense checking for updates 15 times per day.

As of 2022.01, ASUS PRIME Z390-A BIOS is at version:  2021/05/11  12.0.81.1753v4

Related articles:

For other Windows 11 Tuning tips, see
https://keyliner.blogspot.com/2021/11/windows-11-tuning.html

Windows Event ID 2505 - Could not bind to transport
Windows Event ID 2 - Windows.Remediation
Windows Event ID 137 - System firmware has changed the processors...
Windows Event ID 10010 - Did not register with DCOM
Windows Event ID 10016 - permission settings do not grant, could not bind


Windows Event ID 2505 Server could not bind to transport

Windows Event ID 2505
Error: The server could not bind to the transport \Device\NetBT-TCP__{6AEB50ED-EF84-41C9-A39C-DC1103A7C569} because another computer on the network has the same name.  The server could not start.

Windows 11

Comments:
The event mentions "Another computer on the network has the same name".  This is spurious, Nonsensical.

As of 2022.01, Microsoft is aware of this error, with a fix pending.

Workaround Solution:  Disable NetBios

On a home network, disabling NetBios is safe. This will not affect your Internet, internal printers, or SAN drives.  For example, disabling this protocol does not hurt my remote Synology SAN drive from being mounted.  However, this will hurt old-style SMB drives (such as a remote Linux Drive mount).  If you have one of these, you have other problems because SMB is unsecure.  It is easily re-enabled if a problem is found.

Steps to Disable NetBIOS:


1.  Click Start, type/search "View Network Connections"

2.  Right-mouse-click the Ethernet network icon, select "Properties"

Presumably, you only have one network adapter in this list.  If multiple (e.g. some desktops have both wired and wireless connections), choose the one you are using.

3.  Highlight "Internet Protocol Version 4(TCP/IPv4),
     Select "Properties" (again)


4.  On the Internet Protocol Version 3 (TCP/IPv4) Properties panel,
     Click "Advanced" (illustrated, lower-right)

5.  In the "[WINS]" tab:  "(*) Disable NetBIOS over TCP/IP"

Notes:  NetBIOS over TCP/IP is an obsolete and unneeded protocol and should be disabled on all workstations.  By default, this is on for backwards compatibility.  In a Home network, it is almost guaranteed to be safe to remove.  In a large corporate environment, check with the Infrastructure team.

A reboot is required for the change to take affect.

Related articles:

For other Windows 11 Tuning tips, see
https://keyliner.blogspot.com/2021/11/windows-11-tuning.html

Windows Event ID 2505 - Could not bind to transport
Windows Event ID 2 - Windows.Remediation
Windows Event ID 137 - System firmware has changed the processors...
Windows Event ID 10010 - Did not register with DCOM
Windows Event ID 10016 - permission settings do not grant, could not bind



 

2022-01-30

Windows 11 Event ID 2 Session Microsoft.Windows.Remediation failed to start

Windows 11 Event ID 2 Session Microsoft.Windows.Remediation failed to start with the following error: 0xC0000035

Kernel-EventTracing

Diagnostics:

A.  Start, type/search "Event Viewer"
B.  On left-nav tree-side, open "Summary page events"
     (You may not have this report and I do not know how to force it to appear.)
C.  See Errors for Event ID 2 Microsoft Windows Remediation failed to start

Solution:

1.  Start, type/search "Control Panel"
2.  Programs and Features
3.  Uninstall program "Microsoft Update Health Tools"

This program is only needed when upgrading from one version of Windows to another, and if needed, Microsoft will re-prompt to download and install.  This is safe to remove.

Recommendation:
Uninstall "Microsoft Update Health Tools" regardless if you see this error or not.


Related articles:

For other Windows 11 Tuning tips, see
https://keyliner.blogspot.com/2021/11/windows-11-tuning.html

Windows Event ID 2505 - Could not bind to transport
Windows Event ID 2 - Windows.Remediation
Windows Event ID 137 - System firmware has changed the processors...
Windows Event ID 10010 - Did not register with DCOM
Windows Event ID 10016 - permission settings do not grant, could not bind




Windows 11 Event ID 10010 Did not Register with DCOM

Windows 11 Event ID 10010 Error
The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Solution:

Four relatively easy steps.

1.  Click Start, type/search  for:
    Windows 11:  "Windows Update Settings"
    (Windows 10:  "control update")

2.  In Windows Update Settings, click "Advanced Options"
     Delivery Optimization
     Allow downloads from other PCs:  set to Off  (forcing download from Internet)

3)  Start, type/search "SERVICES.msc", Run as Administrator

4)  Locate "Functional Discovery Resource Publication"
     Right-mouse-click, Properties

Note: It may be already running, even if startup type is manual

     Change Startup Type from (Manual)/(Automatic)  to "Delayed Start"

This takes effect on next reboot.  The delayed start does not harm the service; it just waits a few seconds before it tries.  This resolves the event error.
 

Related articles:

For other Windows 11 Tuning tips, see
https://keyliner.blogspot.com/2021/11/windows-11-tuning.html

Windows Event ID 2505 - Could not bind to transport
Windows Event ID 2 - Windows.Remediation
Windows Event ID 137 - System firmware has changed the processors...
Windows Event ID 10010 - Did not register with DCOM
Windows Event ID 10016 - permission settings do not grant, could not bind



Windows 11 Event ID 10016 Warning

Windows 11 Event ID 10016 Warning
Windows 10 Event viewer Warning ID 10016

This article is a work in-progress, with a partial solution.
This seems to clean up some of the warnings, but not all. This is a frustrating message.

Issue:

Windows System Event:  10016
"The application-specific permission settings do not grant Local Activation permission for the COM server application with CLSID {guid} and APPID {guid}"

"The application-specific permission settings do not grant Local Activation permission for the COM server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402}"

Partial Solution:

1.  Launch the Windows Event Viewer  (Start, type/search "event viewer").
2.  Expand "Windows Logs", "System".  Locate the DistributedCOM warning 10016, illustrated

Click for larger view
3.  Copy into Notepad the two {guid}s.

Your numbers will be different than illustrated and you may need to search through multiple 10016 messages before you find these CSLID:

  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}


4.  Start, type/search "RegEdit".  Run as Administrator.

     In RegEdit, scroll to the top of the tree. 
     Highlight the first folder, "Computer", to anchor the cursor.

     Ctrl-F (find), search for the first {guid};
yours will be probably different.  Search minus the {braces}:

  2593F8B9-4EAF-457C-B68A-50F6B8EA6B54

5a.Set Permissions:

     On the tree-side, highlight the found key.
     Right-mouse-click, "Permissions"
     Click "Advanced"

     On top-line, click "Owner: 'trusted installer' - Change
     In the names list, type "Administrators"  (with an 's')
     Click OK to accept.|  This returns you to the original Advanced panel.
     Near the top of the panel, click the newly exposed '[x] Replace Owner on subcontainer and objects'

     Click OK to return to the original Permissions/Security Panel
     Continue with Step 5b.

 If "Unable to save permission changes Access Denied", you did not properly change "from trusted installer to "Administrators".

5b. On the Permissions panel, highlight "Users (your computer\Users)"

      Highlight "Users" and again click Advanced
      Re-highlight "Users" (a second time)
      Edit
      [x] Full Control, Click OK, returning to the original Advanced panel.

Near the bottom of the panel, click [x] "Replace all child object permissions with inheritable permission entries..."


      Click Apply, and confirm the setting.

      Click OK, returning to the Permissions panel.
      Close the Permissions panel, returning to the RegEdit Tree.          

6.  In RegEdit, tree-side, re-anchor the top-level folder and search for the second {guid}, your number may be different.
    {15C20B67-12E7-4BB6-92BB-7AFF07997402}

     Ctrl-F (find).   Paste the second {guid}.

Warning: You may find this GUID within the first GUID.  Ignore the first and press F3 to repeat the find.

     You will arrive in the WOW6432Nod/AppID tree

     Highlight the found key {15C20B67-12E7-4BB6-92BB-7AFF07997402}
     Repeat steps 5a, and 5b

Setting a new Owner
Setting [x] Full Control

(Close RegEdit)


Continue with these steps:

7a. Windows 11: Start, Search "Component Services.  Run as administrator.

     In Windows 10:  Start, type/search "Windows Tools"
     (In Windows Start Menu, type/search "Administrative Tools")

     Right-mouse-click "Component Services", Run as Administrator.
     On the tree-side, expand: Computers.
     Double-click "Computers"
     Right-mouse-click "My Computer", "Properties"
     Select the [COM Security] tab

7b. In the first box:  "Access Permissions", click "Edit Default"

You will see:
SELF
SYSTEM
Administrators

    Click "Add",
    Add "Local Service"
    Confirm [x] Local Access is checked
    Confirm [  ] Remote Access is unchecked

7c. In the second section: "Launch and Activation Permissions"
     Click "Edit Default"

You will see:
SYSTEM
Administrators
Interactive


    Again add "Local Service"
    Grant [x] Launch Local
    Grant [x] Local Activation

    Add a second user, Add "(your local user name.  For example, mine is trayw")*
    Grant [x] Launch Local
    Grant [x] Local Activation

*Find your local account by Start, Run, CMD.  Note the username:  C:\Users\trayw or by typing 'whomai" at the same DOS Prompt.

Your comments welcome.

Related articles:
Windows 11 Tuneup
https://keyliner.blogspot.com/2021/11/windows-11-tuning.html