Ctrl+Alt+Del -> Failure - security options

rstaveley
rstaveley used Ask the Experts™
on
Two or three times a day, while running no more than (say) Word and Outlook (Office 2007), my system goes extremely slow and erratic and I get the spinning circle that Vista has as its hourglass and all applications showing up with "(Not Responding)" in their title bars. While it is in this state, I naturally want to see what process is eating up the CPU (though the CPU gadget shows nothing amazing). However, when I press Ctrl+Alt+Del, all I get after a delay is a black screen and a dialogue box saying:

    Login process has failed to create the security options dialog.

    Failure - security options.

                            [OK]

Clicking OK leaves me with a black screen for a long time and I get returned to the frozen applications. I then have to reboot by holding down the reset for a few seconds (because gets its knickers in a twist resetting the soft way).

I have had this problem with Windows Vista Business and then installed Windows Vista Ultimate and have continued to have exactly the same problem.

My system is an Intel Core 2 Duo, 2GB, 2.66GHz, DELL XPS bought in January with XP. The soundcard (Soundblaster X-Fi) is on a beta driver, because the driver will only be available at the end of March and my two previous questions at http:Q_22407028.html and http:Q_22411870.html should be read in this context.

Should I be looking at SpinRite (suggested in the second previous question), which I didn't persevere with after my corruption was sorted out by chkdsk... or is my problem more likely to be something else?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Go into the reliability and performance monitor - take a look at the reliability monitor, it will give you a nice graph of all your system problems since installed. Have a look at the last instance and post back here what errorr messages are displayed.
To start reliability monitor:

http://technet2.microsoft.com/WindowsVista/en/library/53582ab0-24a0-411c-9c7a-7b24667416991033.mspx?mfr=true



Top Expert 2013

Commented:
unless you are running many applications at the same time, your system should be fine.  i would contact Dell for a warranty replacement, obviously something is wrong with it.
Im guessing they wont be forth-coming with support, as;

>>My system is an Intel Core 2 Duo, 2GB, 2.66GHz, DELL XPS bought in January with XP.

and;

>>then installed Windows Vista Ultimate

They will probably tell you to use the system restore disk, but that will restore it to XP.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
I doubt if I've got a leg to stand on with DELL. I got the PC in the first place (at the end of January) to run Vista, but I guess I should have waited. Having said that, it was sold as Vista-ready - to the extent that it shipped with a quick Vista upgrade option, which I didn't use, because I'm installing from MSDN disks.

5t34lth_G33k,

I can't see how to generate a text report from the reliability monitor.

The reliablity monitor starts with an index of 6.89 on 31st January. It has dipped successively down to a minimum of 1.80 on the 28th February and is currently up a little bit at 2.19.

The first dip was with an "OS stopped working" on 3rd Feb, which came at the same time as some updates for Windows Vista and Windows Defender and a "Generic volume shadow copy". It dipped again 4th Feb with another "OS stopped working" with nothing other than a "Generic volume shadow copy" listed. It has kept dipping ever since.

There are lots of application stopped working events for all sorts of applications. avp.exe (Kaspersky) appears a fair bit, but I wager that's just because it gets used a lot... otherwise it is iexplore.exe, outlook.exe, explorer.exe, devenv.exe (Visual Studio), navicate.exe or pretty much whatever I'm running.

Yesterday's problems are interesting because of the lack of noise. The only two events were listed in the reliablity monitor:
 (a) A successful Generic volume shadow copy
 (b) My disruptive shutdown (when I had to hold down the hard reset, because it was unusable)
My system was frozen and yet nothing else appeared. These freezes are happening often and I suspect aren't making an impact on the performance monitor, because sometime a non disruptive restart does work (albeit slowly).
very strange - I have a similar setup (Vista Ultimate and Office 2007), and dont get those errors with outlook.

Try doing a diganostic startup by using msconfig from the run prompt (windows key + r). Then see if the problem happens again. Have you tried reinstalling office? I am also suspecting Kaspersky, since you say it crashes a fair amount and perhaps its real time scan engine is interfering with the other processes. Try disabling it on startup, again from msconfig

Author

Commented:
BTW... I ought to have highlighted the fact that in all of that reliability monitoring there isn't a single hardware event.

I'll try disabling Kaspersky in the msconfig as you suggest and hopfully not report back for a couple of days, because of back of problems.

I'll leave out doing an office re-install until I've eliminated Kaspersky from the list of suspects.

Thanks for your suggestions, 5t34lth_G33k, I had forgotten about the existence of msconfig and I was unaware of the reliability monitor. It doesn't help that you can't access it from MMC and that you need to use the alterntive suggestion at http://technet2.microsoft.com/WindowsVista/en/library/53582ab0-24a0-411c-9c7a-7b24667416991033.mspx?mfr=true (i.e. using Advanced Tools menu in the Performance Rating and Tools Control Panel).
Top Expert 2013

Commented:
i would restore it with the restore cd's, just to check if it is a hardware problem or not.
i realise that can bring other problems on, since vista allows only 1 hardware change
agreed, if all else fails, restore back to XP from the restore CD
Top Expert 2013

Commented:

Author

Commented:
I hear you, robus, but I don't really fancy rolling it all back to XP, if I can help it.

I've got Office 2007 on trial basis and I expect that I'd force the end the trial if I rolled back and forth the OS. If Office 2007 proves to be the cause of my problems, I'll go back to Office 2003, which is already purchased. If I roll back to XP, I'll be in a mess appraising Office 2007 and will have to make a snap decision.

I'll shell out $89 for SpinRite (as suggested in http:Q_22411870.html) and see if the HDD is faulty (it does that by booting up with FreeDOS)... that's if Kasperky's real time scanning doesn't prove to be the culprit.

Upgrading can be a seriously expensive, eh? :-(

Author

Commented:
Serious lag on my comment I was rebooting that XP machine - groan.

Ref using a Linux CD (knoppix), are yuo proposing that as an alternative to chkdsk? I'm back to not being able to run chkdsk because of the "cannot check volume for direct access" problem again.
Top Expert 2013

Commented:
no- just as a means of determining if there is some hardware failing (the reason to contact Dell)

Author

Commented:
Last night, while it was idling, it blue screened again. I see no events flagged in the Reliability and Performance Monitor, which suggests that the monitor should not be depended upon to determine whether the problems are hardware or software related.

I had Kasperky disabled at the time, which, assuming the blue-screening is caused by the same thing as the freeze-ups, suggests that Kaspersky isn't holding the smoking gun.

I shelled out for SpinRite, which was fruitless. It appears that SpinRite can't run on SATAs in a RAID-0 (striped) configuration, so I can't use that as a way to check the HDDs.

I'd very much like to be able to run chkdsk on the disks, but that's being thwarted because it says "cannot open volume for direct access" when I attempt to run it as indicated at http:Q_22411870.html.

I am reconsidering nobus' suggestion to boot up knoppix. Are there any diagnostic tools in knoppix, which can help me identify if my problem is HDD-related? SpinRite boots on FreeDOS and the non-multitasking nature of DOS ought to make it a good environment for running tests on disk drives, but SpinRite can't cope with SATAs. If (say) I run knoppix on runlevel 1 (assuming that's what it calls single user mode), is there a diagnostic tool I can run to check the health of NTFS partitions... when they are in a RAID-0 stripe?

Author

Commented:
Looks like I spoke too soon about the Reliability and Performance Monitor, the blue screen has appeared in the log now like all of the other blue screens as:

OS Stopped Working Failure... Detail: 0x00000124 (0x00000000, 0x843d7440, 0xb2000040, 0x00000800)

Those are the same numbers that showed up in the blue screen itself. According to http://msdn2.microsoft.com/en-us/library/ms789516.aspx I have to install the DDK to find out what bug code 0x124 corresponds to. Hey ho...

Author

Commented:
Should have read that link properly, I mean Microsoft Windows Driver Kit (WDK).

Author

Commented:
I have an MSDN subscription, but I can't believe that I have to do a 2.4G download of an ISO for a simple look-up in bugcodes.h!

Author

Commented:
Googling suggests that 0x00000124 may be NVIDIA-related. My SATA RAID-0 is on an NVIDIA controller and my display adapter is NVIDIA GeForce 7950 GX2. Could it possibly be that the RAID is being controlled by the same card as the video and that's the seat of all my problems??

[I'm pretty ignorant about PC hardware, but it seems mighty weird to me having a RAID controller combined with a video card. Is NVIDIA more likely to be manufacturing two different cards that Dell is using?!]
Top Expert 2013

Commented:
why not try the knoppix route?

Author

Commented:
OK...

knoppix booted up on my Vista box and everything looked healthy up to the point if running X and then it all went black.

I didn't experiment with different video modes, but to tell the truth I'm not sure what's to be gained here. Were you proposing running a diagnostic tool from knoppix in text mode?

On another PC, which I have successfully booted knoppix on, I see that...

   fsck -y /media/hda1

...works on a FAT32 partition, but...

   fsck -y /media/hda2

...gets...

   fsck 1.40-WIP (14-Nov-2006)
   fsck: fsck.ntfs: not found
   fsck: Error 2 while executing fsck.ntfs for /dev/hda2

I guess that means that fsck doesn't support NTFS. Is there some other tool I should use to check NTFS?
Top Expert 2013
Commented:
>>   looked healthy up to the point if running X and then it all went black.   <<  this points to failing hardware, which was the whole idea of trying knoppix.
At this point i suggest :
- testing devices on other PC's, or
-test on this PC.
you can use ubcd, which contains a lot of tests and diags :
http://www.majorgeeks.com/Ultimate_Boot_CD_Full_d4981.html

Author

Commented:
I can get knoppix and the UBCD to boot but not with X (despite setting it down to 640x480). Looking at dmesg, I see lots of attempts to read beyond the end of the device and a message saying that there is no nForce chipset. However the NTFS partition does mount OK, when I mount it explicitly. Time to open the box up I guess.

can you post the minidumps? They are usually in C:\Windows\minidump

If you could attach them online somewhere, I think you can use EE stuff:

http://www.ee-stuff.com

I can analyse them and let you know what the culprit is

Author

Commented:
I wasn't aware of those! Alas, the minidump folder is empty. Is there something I need to enable to get them?
ah if its empty, its either because Windows hasnt been able to 'catch' the crashes (usually when something major goes wrong), or you have write debugging disabled. Check in control panel -> system -> Advanced -> startup and recovery and check the write debugging is set to small memory dump

Author

Commented:
...Found it the default is in %SystemRoot%\MEMORY.DMP in Vista

Author

Commented:
It was set to do a kernel dump, but that's enormous (> 200 MB - 50MB when bzip2 compressed). I'll not abuse your kind offer by subjecting you to that, but I've set it up for 64K small memory dumps now and take you up on it for the next crash, if that's OK with you, 5t34lth_G33k?
50MB is not a problem, if you can post it somewhere, then I'll take a look.

Author

Commented:
I really ought to set up an anonyous FTP, but you'll find that you can access http://seseit.com/~rob/ee/ to get the bzip2 compressed dump if you use username 5t34lth_G33k and p/w password. This is really appreciated, 5t34lth_G33k.
Hi rstavely, sorry for not getting back sooner, I havent forgotten you! - I need to debug on my vista machine and am currently in the middle of moving house, so will do it asap

Author

Commented:
Good luck with your move, 5t34lth_G33k! :-)

Author

Commented:
I'm still getting the same BSODs, 5t34lth_G33k, and have collected some minidumps since that big one. Would these be easier to look at?

C:\Windows\system32>dir \Windows\Minidump
 Volume in drive C has no label.
 Volume Serial Number is CC7E-A0E7

 Directory of C:\Windows\Minidump

12/03/2007  22:25    <DIR>          .
12/03/2007  22:25    <DIR>          ..
07/03/2007  12:57           142,974 Mini030707-01.dmp
11/03/2007  10:31           142,974 Mini031107-01.dmp
12/03/2007  21:15           142,974 Mini031207-01.dmp
12/03/2007  22:25           142,974 Mini031207-02.dmp
               4 File(s)        571,896 bytes
               2 Dir(s)  315,605,024,768 bytes free
Hi

No, the problem I am having at the moment is that I use an Xp machine at work with the debug tools installed, but the symbols installed do not match the ones in Vista. I need to install the debugging tools onto my Vista machine at home (I got it working yesterday!) and then I can analyse those dumps. Bit of a busy time for me at the moment, was moving house over the weekend and now have found out I will need to look for a job! Have 2 interviews this week, so I will get around to it at some point, just bear with me!

Author

Commented:
When it rains, it pours! Good luck with it all!

Author

Commented:
Hmm, just had a crack at this myself with WinDbg with one of the minidumps, using symbol search path SRV*DownstreamStore*http://msdl.microsoft.com/download/symbols.

I got the following:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 124, {0, 843d8028, b2000040, 800}

Probably caused by : ntkrpamp.exe ( nt!WheaReportHwError+10c )

Followup: MachineOwner


1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error
source that reported the error. Parameter 2 holds the address of the
WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 00000000, MCA_ASSERT
Arg2: 843d8028, Address of WHEA_ERROR_RECORD structure
Arg3: b2000040, High 32 bits of MCi_STATUS MSR for the MCA bank that had
      the error
Arg4: 00000800, Low  32 bits of MCi_STATUS MSR for the MCA bank that had
      the error

Debugging Details:
------------------


WHEA_ERROR_RECORD: !errrec ffffffff843d8028

CUSTOMER_CRASH_COUNT:  2

DEFAULT_BUCKET_ID:  VISTA_RC

BUGCHECK_STR:  0x124

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  1b

LAST_CONTROL_TRANSFER:  from 81fa6e93 to 81cd85c9

STACK_TEXT:  
878d2464 81fa6e93 00000124 00000000 843d8028 nt!KeBugCheckEx+0x1e
878d2480 81ccecb6 843d8028 843d9de8 00000001 hal!HalBugCheckSystem+0x37
878d24a0 81fa6e52 843d9de8 843d9f00 878d24d4 nt!WheaReportHwError+0x10c
878d24b0 81fa6f73 00000003 843d9de8 00000000 hal!HalpReportMachineCheck+0x28
878d24d4 81fa389f 878cd0c0 00000000 00000000 hal!HalpMcaExceptionHandler+0xc3
878d24d4 00000000 878cd0c0 00000000 00000000 hal!HalpMcaExceptionHandlerWrapper+0x77


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!WheaReportHwError+10c
81ccecb6 eb35            jmp     nt!WheaReportHwError+0x143 (81cceced)

SYMBOL_STACK_INDEX:  2

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  4549ae00

SYMBOL_NAME:  nt!WheaReportHwError+10c

FAILURE_BUCKET_ID:  0x124_nt!WheaReportHwError+10c

BUCKET_ID:  0x124_nt!WheaReportHwError+10c

Followup: MachineOwner
---------

Not sure what to make of this, though!
Well, its a hardware error, problem is which piece of hardware...

try updating your Vista drivers for all your hardware and see if it happens again. If it does, remove every non essential piece of hardware and replace them one by one until the error appears.

Author

Commented:
It's a little bit disappointing that there's nothing in all this to point to the offending hardware.
Top Expert 2013

Commented:
that is how MS designed its system . . .
I know, I was hoping for more from the dump file, but sadly with hardware errors its a case of 'suck it and see'.

Author

Commented:
I've coughed up £11 now for the Vista business upgrade in the hope that the Soundblaster drivers mentioned at http://direct2dell.com/one2one/archive/category/1024.aspx sort the problem out. Seems silly, when I'm running a separately purchased Ultimate edition, but it may be different from the drivers on the Creative site (long shot!).

I'm holding off opening up the box and swapping hardware if I can possibly help it because I can see Dell closing that door on me... and I'll need to invest in some parts to swap.

I'll try working a bit more with nobus' suggested UBCD. I can get it to boot in text mode. It would be great if I could get DOS or Linux to find out what's wrong with my Windows system hardware, since Windows isn't being very helpful.
just try removing your soundcard first - creative labs drivers have been causing all sorts of problems!

Author

Commented:
I've disabled audio and haven't BSOD'ed for a little while. When Dell provides me with the upgrade, I'll see if the Soundblaster drivers work. If not, I'll source a soundcard that's Vista-compatible. Many thanks, chaps.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial