IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Hey, IT Pros! Chris Harrod here. I'm a Senior Premier Field Engineer here at Microsoft and would like to introduce you to a pretty slick tool written by Julien Clauzel in his spare time called SilverSeekKB. It was previously an internal tool exclusive to Microsoft, and has recently been made available to the public, which I think is pretty awesome. I've been taking advantage of this tool for quite some time to quickly assist in performing root cause analysis on a wide range of problems I encounter in my customers' environments.
SilverSeekKB helps in determining the latest version of nearly any Microsoft binary, to include SQL, Exchange and a myriad of other products we've released. You’re probably wondering “That’s great, why is that so important?” As most IT administrators can attest, it takes a lot of effort to keep up with all the changes our products undergo with hotfixes and updates. SilverSeekKB allows you to identify possible hotfix solutions attributed to files or executables found in your troubleshooting process. Quite frequently I found I wasn’t aware there was a hotfix for the issue. I’m hoping you’ll add this to your troubleshooting toolbox before jumping into your favorite search engine and typing in a bunch of symptoms. It’s important to note that this tool only provides openly available information and it is ultimately up to the end-user in determining what hotfixes are applied. Please review the EULA for more information.
First, let's take a look at the SilverSeekKB UI and then we’ll go over a case study to illustrate its benefits. Generally, you'll start in the Main tab and you can place all of the binaries you want to search for in a space delimited format. From the pull-down menu, select the product you're looking for.
Clicking on "Search all latest builds" will kick you over to the summary tab where you can find the latest version of each file
To find granular detail on the files of all previous versions, and list hotfix information for each release, move over to the Details tab. Here you'll see every General Distribution Release and Limited Distribution Release version of the files. Notice the different file versions in the image below. If you're unfamiliar with the difference between GDR and LDR you can brush up at this blog. We highly suggest understanding the difference between the release branches and the implications from deviating from the GDR branch before applying LDR hotfixes to your baseline.
Scenario: A customer brings you a laptop that has been continuously experiencing a bug check, or as you may frequently hear it described as a BSOD. In this case we’re lucky enough to have a minidump of the crash, so let’s dig in and figure out what happened.
We won't go over debugging in this blog, but we'll skim the surface so you can get a good start.
Using WinDBG, open the minidump and run the command vertarget. You’re going to want this information so you’re looking for the right updates in SilverSeekKB rather than searching every OS.
Conducting a !analyze –v will tell us what the debugger thinks it may know about what was going on at the time. The debugger’s conclusion of why we had a bug check can be seen at the top. This is important to remember, which I’ll demonstrate shortly. Before we go any further, note that there is a LOT more that goes into true debugging beyond opening a crash dump and firing off !analyze –v.
It looks like we may have had a problem with a driver called usbvideo.sys, so let’s start there. Let's find out what version this machine was using with the lmvm command.
At this point, we're not sure if there are any updates to the driver. Let's consult SilverSeekKB to see if there any hotfixes that may relate to our problem. We can see that there are newer versions, but the latest version is a security update that was available on Windows Update.
We're probably going to want to apply that update, but let's dig down a little deeper to see if there was a hotfix for this specific issue. On the Details tab, we can see all of the updates.
Looks like there were some updates for this specific problem (SYSTEM_THREAD_EXCEPTION_NOT_HANDLED). Because there are security updates for this video driver, my suggestion would be to apply the latest GDR version, knowing that the modifications for the earlier hotfix are in the latest version.
Usually, when I encounter an odd problem and I don’t have a minidump or process dump, I’ll go ahead and look for hotfixes by researching the components of whatever particular technology is involved.
Hopefully everyone will find this tool as useful as I do! Feel free to reach out in the comments section below if you have additional questions. Good luck!