We help IT Professionals succeed at work.

ESENT, Corrupt Database, Event ID 474

BooSTid
BooSTid asked
on
So, I've ran into an issue on a new PC build that I'm helping with.

Hardware is:
Phenom 2 x6 1055t
ASUS Crosshair IV
G.SKILL Ripjaws Series 4GB DDR3 SDRAM DDR3 1600 F3-12800CL7D-4GBRH
2x 640 WD Black HD's in Raid0
ATI Radeon Sapphire HD 5850
Windows 7 x64 Pro

Upon fresh install of the OS on the raid0 array, the OS immediately has issues. The event log is full of ESENT errors, event ID 474, and a few others, all seemingly related to cryptographic services and this corrupt database.

I've followed microsoft articles regarding correcting this issue, mainly using the Esentutl to try to repair it, and then to check integrity. The tool successfully repairs, integrity check succeeds. I restart crypto services, and it errors out again, corrupting again.

http://technet.microsoft.com/en-us/library/cc734109%28WS.10%29.aspx

I've tried deleating catroot2 and emptying all files tmp and oem files, but when it rebuilds, it's corrupted again.

I've tried unregistering the .dll's listed, but some of them are not present. I'm not sure if the list is accurate for windows 7.

Keep in mind, all of this happens on fresh hardware, clean OS install.

Considering hardware options, the following has been done to try to isolate or identify hardware culprits:

No Raid array, single hdd install, tried on both hdd's individually
Changed ram, ram slot/channel, ram timings
Changed hdd cable, sata slot.
Changed Mobo (RMA'd. Don't ask.)
Changed GPU (issue at first seemed to be a graphics issue)
Changed install disk/version of windows 7. Started with win7pro x64, now using win7ultimate x64.

This issue is preventing windows updates, windows defender, programs to be installed, and it also causes drivers to appear to be unsigned when they are in fact signed.

Thoughts?
Comment
Watch Question

Author

Commented:
Event 474 description:

wuaueng.dll (880) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 2228224 (0x0000000000220000) (database page 67 (0x43)) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [87f3780c0d38184d:8e7e8e7ed42c8a70:80c37f3c33520e66:6f136f13f662dec3] and the actual checksum was [75ee75ee36b823c9:5b235adcd42c8a74:4a434bbc33520e66:4b4eb4b1f662dec7].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

I also see warning Event ID 399:

Catalog Database (628) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 12288 (0x0000000000003000) (database page 2 (0x2)) for 4096 (0x00001000) bytes failed verification. Bit 6818 was corrupted and has been corrected.  This problem is likely due to faulty hardware and may continue. Transient failures such as these can be a precursor to a catastrophic failure in the storage subsystem containing this file.  Please contact your hardware vendor for further assistance diagnosing the problem.

As well as error Event ID 257:

The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1305.

The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1018.

Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
Hi,

Refer this:
http://blogs.technet.com/b/brad_rutkowski/archive/2008/07/03/windows-update-fails-with-8000ffff-e-unexpected.aspx

Also run chkdsk on the drives to check for file system corruption.

Hope this helps,
Shree

Author

Commented:
Not seeing 491 errors, nor any permissions issues. Keep in mind, this is a completely fresh install.

chkdsk passed with no issues.
Did you start the "fresh install" because of malware?
If you did, boot the install DVD, delete all partitions, exit and shutdown the system, then reboot to the DVD and install to the unallocated space.  Mebroot and some other MBR nasties will stay ram resident and reinfect you if you don't turn the system off after deleting all partitions.
Yuch, huh?
Commented:
No, it was just a fresh built pc.

Anyway, we found the problem; it was a faulty CPU. As soon as we swapped it out, the database rebuilt itself fine, no checksum errors, etc etc.

Figured it had to be something retarded like that as there was almost zero info on the web about these specific problems. There was stuff that was pretty close, but didn't cover all of the symptoms/descriptions.