Windows 10 1903 – BSOD (WDF_VIOLATION)

After updating an iMac Late 2010 to Windows 10 1903 I got a blue screen “WDF_VIOLATION”. After checking the minidump, I could see that the MacHALDriver.sys (Macintosh Hardware Application Layer Driver) is involved. After renaming the file (c:\windows\system32\drivers\MacHALDriver.sys) over the network (works because the system crashes after user login) or in safe mode and rebooting, I was able to log back in. Since I don’t use an Apple keyboard I can do without the driver.

While researching I found out that other users also have problems with a similar keyboard driver for HP. In this case it is called HpqKbFiltr.sys. Is also responsible for the hotkeys (screen brightness and co.).

Write zeros to a hard drive – Wipe/Erase unused or free space

Windows: Format and write zeros to every sector of the drive.
format <Driveletter> /fs:NTFS /p:0

Windows: Format and write zeros to every sector of the drive. After the first pass write random numbers.
format <Driveletter> /fs:NTFS /p:2

Windows: Fill free space.
cipher /w:<Driveletter>[:\foldername]</span>

Unix: Wipe full drive.
dd if=/dev/zero of=/dev/<block device> bs=<block size 1M, 32M, etc.> status=progress

Unix: Fill free space.
dd if=/dev/zero of=/path/to/drive/zeros.file status=progress

Unix: Fill free space on FAT32 drive (4GB limit per file).
cat /dev/zero | split -b 2000m - zero -d --additional-suffix=.file

To run the process in background see Run command in background on a Synology NAS with nohup

How to configure RPC dynamic port allocation to work with firewalls

Windows XP use per default a dynamic port range from 1024 to 5000 for RPC/WMI/DCOM. To set up a fixed Port or Range use this settings:

  1. regedit: HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  2. Add key “Internet”
  3. Add this three values:

Ports: REG_MULTI_SZ: 5000-5100
PortsInternetAvailable: REG_SZ: Y
UseInternetPorts: REG_SZ: Y

  1. run winmgmt -standalonehost
  2. net stop winmgmt
  3. net start winmgmt
  4. Reboot


Windows Update failed with error code 0x80004005

Since weeks one windows machine wasn’t able to install the latest “Monthly Rollups”, but other updates work. After reboot the installer starts until 86% and undone the update. Internet search did not bring much, except some users with an alternative bootloader who have the same problem. But this machine has no other bootloader. The Windows Update log did not have any helpful details, which also makes sense since it had to give for the installation of the update its own log. I remembered the CBS.log, which I used in another problem and what should I say … there was the error code 80004005 – with helpfull details.

[...]
Error      [0x018009] CSI    00000052 (F) Done with generic command 5; CreateProcess returned 0, CPAW returned S_OK
    Process exit code 112 (0x00000070) resulted in success? FALSE
    Process output: [l:8995 [4096]"BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\HarddiskVolume1\Boot\bootmgr) failed! (Attempt 1 of 60) Last Error = 0x70
BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\HarddiskVolume1\Boot\bootmgr) failed! (Attempt 2 of 60) Last Error = 0x70
[...]
BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\HarddiskVolume1\Boot\bootmgr) failed! (Attempt 10 of 60) Last Error = 0x70
BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\HarddiskVolume1\Boot\bootmgr) failed! (Attempt 11 of 60) Last Error = 0x70
BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\HarddiskVolume1\Boot\bootmgr) failed! (Attempt 12 of 60) Last Error = 0x70
BFSVC: BfspCopyFile(C:\Windows\boot\PCAT\bootmgr, \\?\GLOBALROOT\Device\Harddis[gle=0x80004005]
[...]

It was not possible to write parts of the bootloader. I assign a drive letter to \HarddiskVolume1 with diskpart and i see the problem. The drive was out of space. Only 12Kb free, but lots of garbage. The drive is also used for Recovery (WinRE). Then I recognized the cause. The disk was cloned from a HDD to a SSD with lower capacity. After resize the HarddiskVolume1 to original size, the update works without any problem.

Hardlink, Symlink and Junctions

To create a softlink, which should work through a network share, a junction should be created with mklink:

[...]mklink
Creates a symbolic link.

MKLINK [[/D] | [/H] | [/J]] Link Target

        /D      Creates a directory symbolic link.  Default is a file
                symbolic link.
        /H      Creates a hard link instead of a symbolic link.
        /J      Creates a Directory Junction.
        Link    specifies the new symbolic link name.
        Target  specifies the path (relative or absolute) that the new link
                refers to.

Allow Remote Desktop login with saved credentials

When trying to use saved credentials in Remote Desktop Connection you might receive this message:

Your credentials did not work. Your system administrator does not allow the use of saved credentials to log on to the remote computer because its identity is not fully verified. Please enter new credentials.

To be able to use saved credentials in this situation you need to do the following:

  1. Open Group Policy Editor (gpedit.msc)
  2. Navigate to Local Computer Policy\Computer Configuration\Administrative Templates\System\Credentials Delegation\
  3. Open Setting Allow Delegating Saved Credentials with NTLM-only Server Authentication, set it to Enabled click on button Show… and in Show Contents window add Value TERMSRV/*
  4. Run gpupdate command to update your policy.

Now you should be able to use your saved credentials.