Karmona Pragmatic Blog

Don't get overconfident… Tiny minds also think alike

Karmona Pragmatic Blog

Vista Services Corruption Saga

December 12th, 2008 by Moti Karmona | מוטי קרמונה · 2 Comments

PlaceboWarning: This post could be an interesting reading material only if you have windows system-files corruptions and as a real alternative to the expert exchange conspiracy ;)

This small vista saga started when I found myself unable to access domain assets (exchange, domain servers, shared storage etc.)

Browsing quickly throughout Event Viewer System logs I found out that Workstation, Netlogon and Computer Browser services were down due to rather long and frustrating service dependencies failures:

  • The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. (Event ID 7001)
  • The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start. (Event ID 7001)
  • The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start. (Event ID 7001)
  • The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. (Event ID 7001)
  • The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. (Event ID 7001)
  • The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: SMB MiniRedirector Wrapper and Engine is not a valid Win32 application. (Event ID 7001)
  • The Redirected Buffering Sub Sysytem service failed to start due to the following error:  Redirected Buffering Sub Sysytem is not a valid Win32 application. (Event ID 7000)
  • The following boot-start or system-start driver(s) failed to load: CSC rdbss  (Event ID 7026)

As a real IT expert, I tried 5 restarts before trying anything else ;)

So… to resolve this unfortunate issue, I had to use the notorious System File Checker tool (SFC.exe) .

This poorly documented windows  utility will scan all protected system files and replaces incorrect (corrupted, changed or missing) versions with correct Microsoft versions and running this from the command prompt is much easier than booting off the DVD into repair mode.

Once you have an administrator command prompt open (click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator), you can run the utility by using the following syntax:

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]

[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>]

The most useful command is just to scan immediately, which will scan and attempt to repair any files that are changed or corrupted using this command:

sfc /scannow

The scanning replaced the corrupted system file rdbss.sys and I was back to domain browsing business right after :)

Note: If SFC shouts he can’t repair the corrupted files, than you will have to drill down to the CBS.log to find what is corrupted and replace it yourself

 

 

____________________________

By the way, Marissa Mayer promised that Chrome Browser will be leaving Beta (while GMail is still in Beta…) and it just did yesterday and that Google Search Wiki would soon have a toggle button that allow people to turn it off (“early Q1.”) – I can’t wait… :)

Tags: Conspiracy · Tools

2 responses so far ↓

  • 1  macado // Feb 18, 2009 at 1:53 pm

    I’ve run into the same issue which seems to be happening to 2 of my Vista Ultimate machines and 1 Vista business machines. All three PCs are running SP1..

    SFC /scannow doesnt seem to resolve the issue and no corrupt files are found in logs.

  • 2  Moti Karmona // Apr 6, 2009 at 11:53 am

    Hi Macado,

    Sorry for the late response + I saw you already identified the cause as a nasty ServU-FP trojan variant.

    Good Luck :)

Leave a Comment

Allowed tags <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

septuor-complexional