Tags: troubleshooting

How to install the smart card service on Windows 7 and Vista

The smart card service is a standard Windows component and it should be present on every system. However, in certain circumstances that is not the case - as a result, programs that depend on this service will fail.

I've previously discussed how to install the smart card service on Windows XP, and I've covered this procedure on Windows 2000. However, I had no solution for Windows Vista and Windows 7.

Fortunately, that is not the case anymore, a solution that works on 32-bit and 64-bit platforms was found, here is how it works.

Sometimes the smart card service is not in the list of services at all, but if you look for the files related to this service (ex: SCardSSP.dll) - they are present in the file system. So the problem is not in the fact that the modules are not there; they are - but they are not loaded.

Having had the opportunity to tinker with a problematic system, I was able to determine that the service is absent because some entries in the registry are different from their "normal system" counterparts.

In other words, the difference is only in the contents of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCardSvr.

If the service is not listed, open regedit and view that key, it will most likely be absent. If it is present - it means that some of its sub-entries are incorrect.

  1. Backup the key (right-click\Export) to a REG file
  2. Delete the key
  3. Download and import this REG file: http://dl.dropbox.com/u/3258602/scard-vistax86x64.reg
  4. Reboot the system

If the planets are aligned properly - the service will be back, and it will be running after the restart. Give your software a try, everything should work. The registry file above works with Vista x86 and Vista x64.

For Windows 7, use this one: http://dl.dropbox.com/u/3258602/scardsvr-win7x64.reg (it should work on both types of platforms).

For Windows Server 2008, use the same file as for Windows 7; I tested it on x64 - it works.

I hope you'll find this helpful and that you will save all the time I've lost. Feel free to share your experience or ask any questions.

If the sky falls down and Dropbox doesn't work, here is the contents of the files.

Full story »

Share/Save/Bookmark

The anatomy of the restart=shutdown problem

It has been reported that in certain circumstances the system will shutdown instead of rebooting itself when the user restarts it while Private Disk is running and an encrypted disk is mounted.

This was a problem difficult to trace; while it repeats itself 10/10 times on a "problematic" machine, on "non-problematic" ones everything is working correctly and it is impossible to simulate the problem.

This is what makes it of reason to make an educated guess that this is caused by a third-party component present on the system, which somehow alters the standard behaviour of Windows. The tough part is that even when you think you have disabled all the non-standard programs, there is a myriad of low-level components that one can't see with the naked eye.

Full story »

Share/Save/Bookmark

How to find out which files are open on my disk?

I am on Private Disk v 2.09. I close my files and every time I try to disconnect a drive letter I get the message:

There are files currently opened on disk Z:\

I feel that my data is not closing correctly. My question is how do I find out what file(s) are still open and how do I close them?

Quite often a volume can be used by a service, or another process that is running in the background - which makes it difficult to detect. In such cases, the best approach is to use a tool that monitors all the file activity that goes on in the system, and examine the list of processes that interfere with files located on the specific volume.

One such tool is Process Monitor; among many things, it can show which programs are working with data on a specific volume.

  • Start Process Monitor and make sure the File System Activity monitor is enabled
  • To simplify the task, create a new filter that will only show the activity that involves the volume you are interested in. The screenshot below illustrates how to add a rule that will only show which files are open on disk D:\
  • As you can see, in this example the non-system programs that are using files on disk D:\ are TheBat, Trillian.

proc-mon-add-filter

All you have to do is close these programs, and try to dismount the volume again.

If you see an unknown program accessing the volume, and you don't know how to close it (or you are not sure whether "killing the process" will have any serious consequences or not), look up the name of the program in a search engine and that will give you enough details to make a correct decision.

Share/Save/Bookmark

What do I do if my password is wrong? But I'm sure it is not!

Sometimes it happens that you type a password, the system tells you it's wrong, but you are absolutely sure it is not, and that you know what you're doing.

The problem is that what you think you type is not always what gets typed.

Here is a checklist you should go through, to make sure you've got everything covered; some items may sound trivial, but you should take them seriously:

  • CapsLock is pressed
    • or the LED of the keyboard is broken and you can't see that the button is pressed
    • or maybe there is a program that artificially changes the state of the LED
  • Keyboard layout - you think you're typing Latin characters, but are you?
    • check if another language is currently set as the default one
    • don't be fooled by languages that use the same character sets - the German "qwertz" and the English "qwerty" will appear identical, until you press 'y' or 'z'
    • what if you're using the same language but with a different layout? (ex: "English - Dvorak" and "English - Qwerty" will both look as "EN" in the language bar)
  • Keyboard mechanics
    • the Shift button sometimes presses itself
    • someone changed the buttons on the keyboard so it appears that you press on 'A' but a 'D' is typed instead

The optimal solution

If everything fails, or you are not skilled enough to check the system settings and the keyboard's internals, open up Notepad, and type your password.

Once you see that what you typed is what you thought you typed, use copy/paste to transfer the password into the entry box.

This will allow you to deal with every single item in the checklist.

What if it is still not accepted?

If you've made sure that the password is typed correctly, but the system still won't accept it, it is possible that the administrator changed it (so it's an issue on their end, not on your's).

Contact the person who controls the system you are logging on to, and ask them whether the password was changed, reset, or de-activated.

Share/Save/Bookmark

Blue screen troubleshooting tips for beginners, continued

Earlier I explained how blue screens of death can be countered, today I will describe an alternative approach, which achieves the same result using different means.

Normally, the blue screen of death contains a driver name, and some addresses; if you're lucky, removing that driver will do the trick. But what if there is no driver name on the BSoD? And what if you don't have all the skills to play with crashdumps and debuggers?

In this case, Autoruns comes to the rescue. This is a graphical tool that allows you to disable/enable drivers in a very easy way.

Autoruns drivers

The strategy:

  1. Boot into safe mode (since the system is crashing when you attempt to boot normally);
  2. Start Autoruns, and switch to the Drivers tab;
  3. Go through the list, and uncheck the drivers that are suspicious;
  4. Close the program, restart and boot normally

The steps above will be repeated until the system is able to boot correctly.

When that happens, remember what were the last changes you applied, and try to enable some drivers back - until you figure out which one of them was causing the issue.

The advantage of this method is that you can keep unchecking drivers without knowing what they do, because undoing any change is as easy as checking an item back (this is one of the coolest things about Autoruns).

What makes a driver suspicious?

When temporarily disabling a driver, you are not yet sure whether the driver in question is the culprit, so an educated guess is your best option. Start by unchecking:

  • Non-Microsoft drivers (see the info in the Publisher column);
  • Drivers that have a description that sounds like something you don't need;
  • Drivers that don't have a publisher name, nor a description;
  • Drivers the path to which points to an unknown location.

In the example above, I highlighted Private Disk's drivers, you can see the description and the vendor name - this illustrates how one can easily spot the modules related to an application.

Note: if you have a driver from 'Micr0soft' or "MlCROSOFT" (i.e. something that mimics the name of a well-known vendor), it is most likely a piece of malware, so you should not only disable it, but also figure out how it got in your system in the first place.

How to find the blue screening driver faster?

Usually one's technical knowledge provides sufficient data for a good guesstimate, but what if you have no clue where to start, and there are a lot of suspect items? In this case, try the binary search:

  • Disable half of the items in the list of suspects;
  • Reboot; if the problem persists - it is caused by an item in the other half;
  • Go back, undo the previous changes and uncheck the items in the other half instead;
  • Reboot; if the problem is gone - one of the disabled items was the problematic one;
  • Go back, enable half of the half back;
  • Reboot... repeat the previous steps.

The trick is in narrowing down the problem to as few items as possible. At each step the list of suspects is cut in two, so eventually you are left with one single item.

How to tune my Windows performance with Autoruns?

If you switch to the other tabs, you'll see a lot of other stuff that loads automatically when the system boots (drivers, services, applications in the registry, various shell extensions, etc). You can go ahead and uncheck the items that look suspicious - this will cut boot times, and make the system faster once it is loaded (since less stuff is loaded into RAM).

Beware of the fact that if you uncheck the wrong stuff, certain functionality will be lost, and the system may become partially unusable. Therefore be careful with the changes you apply:

  • If not sure what an item means, look it up on the Internet;
  • If something went wrong and you cannot boot, boot into Safe Mode and use Autoruns to check the item back.
Share/Save/Bookmark

How to reinstall the Smart Card service on Windows XP

If you're looking for a way to re-install the smart card service on Windows XP, this story is your new best friend!

Summary

  1. Prepare a Windows XP installation disc
  2. Read the included readme.txt
  3. Examine install.bat in order to see what it does
  4. Run the BAT file

Steps 3 and 4 are optional, but if you're someone who tinkers with the service, I'm sure you want to know what's in there.

Explanations

  • First of all you should make sure the service is completely removed. sc delete scardsvr is the standard and official way to remove the service (it is interesting that Microsoft provides a way to remove a service, but there is no known mechanism to re-install one).
  • Copy scardsvr.inf to %windir%\inf
  • Run sysocmgr.exe /i:caller.inf, this will invoke a wizard that will use the data inside scardsvr.inf to perform various actions (such as modifying registry keys, and copying files)

Smart Card service installation wizard

  • Uncheck Smart card service and press Next to remove the files and registry entries
  • Run the command again, the same window will be shown, check Smart card service and press Next (you will be asked to insert the Windows XP installation CD)
  • Perform a system restart, after checking the service manager (by running services.msc) and making sure the Smart card service startup is set to Automatic

If you examine scardsvr.inf you will see that it contains references to a list of files and registry keys. These actions could be performed manually, the effect would be the same; but using an .inf file is much easier.

Share/Save/Bookmark

Blue screen of death troubleshooting tips

Sometimes things go wrong, Windows crashes with a blue screen of death (also known as a BSoD), resetting the computer.

The blue screen contains some information about the cause of the error, often that information can help you solve the problem almost immediately. However, most systems are configured to restart automatically when a blue screen occurs, thus there is not enough time to actually read the text on the blue screen.

You're missing a great deal of data - the name of the faulty driver, the code of the error itself, and some addresses which might be useful later.

To prevent that from happening, Windows can be configured not to restart the system automatically when such a crash occurs. This gives you enough time to analyze the data on the blue screen and figure out whether something can be done about it.

To do that:

  1. Open the System properties dialog (you can get there by pressing Win+Pause)
  2. Go to Advanced\Startup and recovery
  3. Press Settings
  4. Uncheck Automatically restart

From now on, you'll have plenty of time to enjoy the view of the blue screen, it will be displayed until you press the reset button (laptop owners beware: if you don't have a reset button, you'll have to turn the system off, then turn it back on).

Basic troubleshooting steps

  • If you're lucky, the blue screen will contain the name of the faulty driver, the one that caused the problem. Usually it is a *.sys file. Copy the name of that file and see if you can find any info on it on the Internet. Usually the first results will point you to pages which explain which program the driver belongs to, so now you know that you can boot into Safe Mode and remove the offending application.
  • Alternatively, you may figure out that the blue screen started to occur after you've installed a particular program or a device driver - so obviously the first thing to do is try to remove that program and install a newer version.
  • Microsoft provides a list of errors shown on the blue screen, as well as their detailed descriptions. It's a good idea to take a look at that list and find out the meaning of PAGE_FAULT_IN_NONPAGED_AREA or IRQL_NOT_LESS_OR_EQUAL

Minidump - what do I do with it?
By default Windows will create a minidump, and store it to %windir%\minidump. The minidump contains information about the state of the system before the crash; these data can be used to understand what caused the error, and how to fix it (once you find the offending driver, it's a good idea to contact the authors of that module and give them the minidump as well).

Note that interpreting a minidump is not easy if you are not an experienced developer. You are more likely to have a positive result if you try the tips described above. If nothing helps, get hold of the created minidump and send it to someone who knows what to do with it.

If you want to give it a try yourself, use Microsoft's Debugging tools for Windows. Once you run the debugger, go to File\Open crash dump, and then you're on your own.

How to enable minidumps
Some may choose to disable the creation of minidumps (to save space perhaps?), but they are very important when troubleshooting a problem. To enable the minidumps:

  1. Press Win+Pause to start the System Properties dialog;
  2. Go to Advanced\Startup and recovery;
  3. Ensure that Write debugging information is set to Small memory dump (64 kb).

Happy troubleshooting!

Share/Save/Bookmark

1 2 >>