Windows 11

Integrity and Updating Troubleshooting in windows 11 and windows 10

Integrity and Updating Troubleshooting

How many times had you had or heard of a Windows Update causing problems on a PC, from instabilities to causing the system to completely fail to boot? To be honest, if I had a dollar for each time I’d heard this, I’d be enjoying a fair few more nights in fancy restaurants than I currently do.
If you look at the system holistically though, it’s a wonder that Microsoft manage to keep Windows PCs stable at all. I’ve been to Microsoft’s Redmond campus outside Seattle many times (see Figure 9-1), and I’ve met many times with engineers and senior figures in the Windows team. These are just ordinary people with ordinary lives. They go to the gym, struggle to find a home they can afford, raise families, and play Xbox games.

Figure 9-1. The large Microsoft sign is on the corner of NE 40th St and 156th Ave NE in Redmond and is popular for photos

So when you consider the somewhat superhuman effort required in making sure that billions of different combinations of hardware, software, services, and drivers all work happily with each other in a stable and reliable way, it’s a wonder they’re able to achieve this at all. Certainly, my own PC is unique. I can guarantee there’s not a single other computer anywhere on the planet with its own combination of hardware, peripherals, and installed software. Unless you’re using a laptop with no peripherals, configured the same as other laptops in your business or organization, your own PC will likely be unique too.
That said, these people and Windows itself are fallible, and occasionally a borked update does get delivered, or an update is delivered that then goes on to bork something else. This is complicated further when you consider that not everything that comes through Windows Update comes direct from Microsoft. There are a great many driver updates that are written by third-party companies, such as Nvidia, Intel, and AMD, and firmware updates for UEFI systems provided by Dell, Lenovo, HP, and so on. So when something does go wrong, how can you troubleshoot and repair the problem quickly and simply? Fortunately, this is actually fairly straightforward, and there are different approaches you can use.

Built-In System Repair Utilities

Windows 11 includes several built-in repair utilities, some of which you might have heard of and some of which you might not. These are very good at repairing problems with a corrupt version of the operating system, and one or more should likely be your first port of call when a corruption occurs.

ChkDsk

Microsoft’s ChkDsk (Check Disk) utility can be traced all the way back to Seattle Computer Products’ 86-DOS, the product that was bought by a fledgling Microsoft for $50,000 and that became MS-DOS; it’s been around since the very first days of the personal computer. However, just as you wouldn’t tell an aging Oscar-winning actor that they’re no longer useful because of their age, ChkDsk can still perform useful tasks on a modern PC.
You run ChkDsk from an Administrator-elevated Command Prompt in the format CHKDSK C:, and there are plenty of switches you can use with it:

  • /F is used to tell ChkDsk to attempt to fix any disk errors it finds.
  • /V uses verbose logging, where the name of every file and folder checked is displayed.
  • /R locates bad sectors on a hard disk and attempts to recover unreadable information.
  • /X forces the volume to dismount first, which can be useful if the disk is locked by an application, preventing ChkDsk from working.
  • /I performs a less vigorous check only of data index entries and reduces the time taken to perform the check.
  • /C does not check cycles in the folder structure and reduces the time taken to perform a check.
  • /L[:<size>] changes the log file size to that size you specify; if you omit [:<size>], then /L displays the size of the log file.
  • /B clears the list of bad clusters on a disk and then rescans the disk for errors; this also includes the functionality of /R.
  • /Scan runs an online scan of the volume.
  • /Forceofflinefix must be used with /Scan and bypasses all online repairs; all defects found are then queued for offline repair, which we will cover shortly.
  • /Perf must be used with /Scan and uses more system resources to complete the scan as quickly as possible.
  • /Spotfix repairs the volume at the next reboot.
  • /Sdcleanup runs a memory cleanup for unwanted security descriptor data.
  • /Offlinescanandfix runs an offline scan and fix on the volume.
  • /Freeorphanedchains frees any orphaned cluster chains instead of recovering their contents.
  • /Markclean marks the volume as clean if no problems are detected.

SFC

There are a few hidden gems in Windows, such as the Problem Steps Recorder I detailed in Next, and the System File Checker (SFC) certainly ranks highly in the useful hidden tools list. This tool was first introduced with Windows 98 as a GUI (Graphical User Interface) utility, but was moved to the Command Line with Windows 2000.
Again, it is run from an Administrator-elevated Command Prompt, and it checks all the files that make up the core operating system to try and find any that are missing or corrupt. If it does find them, it can attempt to repair the problem. You use the System File Checker in the format SFC with the following switches:

  • /SCANNOW scans all protected OS files and repairs problems when possible.
  • /VERIFYONLY scans all the OS files but does not attempt repairs if it finds a problem; instead, it will report any problems found.
  • /SCANFILE=<file> can be used to verify the integrity of a specific OS file and repair it if possible.
  • /VERIFYFILE=<file> scans a specific file but does not attempt to repair it.
  • /OFFBOOTDIR=<offline boot directory> will attempt to scan and repair an offline boot directory; this is useful if you are running SFC from the Recovery Console where you will likely find the Windows installation on drive X:.
  • /OFFWINDIR=<offline Windows directory> will scan an offline Windows directory, again useful if you are running SFC from the
  • Recovery Console where you will likely find the Windows installation on drive X:.
  • /OFFLOGFILE=<log file path> will create a log file for offline scanning and repair.

DISM

The Deployment Image Servicing and Management (DISM) tool is also run from an Administrator-elevated Command Prompt. It was first introduced with Windows Vista as part of the Windows Assessment and Deployment Toolkit. DISM is a tool for querying, configuring, installing, and uninstalling Windows features for enterprise installations.
Now being built into Windows however, it can also be used to repair corruptions with the installed OS files. You use it in the format DISM /Online /Cleanup-Image / RestoreHealth to launch its ScanHealth feature which will scan the core OS files and attempt to repair any problems it finds.
DISM uses the Reset image that Windows 11 keeps, which I will detail later in this chapter, as its backup file repository, but occasionally you might receive a cannot find source files message. This happens because DISM has found a file or files to repair, but cannot find the correct file or the correct version of the file in the backup repository.
When this happens, use DISM with the additional switches /source:WIM:[X:]\ Sources\Install.wim /LimitAccess where X: is the location of a mounted disk image file (.ISO) for the currently installed version of Windows; note that the versions have to match.
I am going to assume at this point that your Windows 11 PC is up to date with the latest feature update. You will be able to download an up-to-date Windows image (or an older one if that’s what’s required) from your Volume Licensing Service Center or from the Visual Studio Subscriptions portal. If you don’t have access to these however, you can download an up-to-date ISO disk image file of the Windows installer from www.microsoft.com/en-us/software-download/windows11.
With the ISO file downloaded, you can right-click it and select Mount from the options that appear. It will then appear as a normal drive in File Explorer (see Figure 9-2).

Figure 9-2. You need to mount a disk image file for DISM to access its contents

A useful time-saving tip, as you might not know immediately what drive letter Windows has assigned to the mounted image, when you have located the install.wim file in the Sources folder, click the file icon to the left of the File Explorer address bar, and the folder address on your PC will be revealed (see Figure 9-3).

Figure 9-3. There is an easy way to find the folder location of a file on your PC

Windows Update

At the beginning of this chapter, I talked about how Windows Update can cause problems on a PC, especially when updates are delivered that, either because they’ve not undergone enough testing or just because of unforeseeable incompatibilities with other software, services, or drivers, bork a perfectly good and well running PC.
There are other problems that can come with Windows Update however that I want to tackle, including how difficult it can be to manage and control Windows Update in the first instance and what happens when Windows Update itself becomes corrupt and stops working.

Managing Windows Update and Update Channels

There are different “channels” for delivering Windows Updates. They are known to change these from time to time and to vary the deferment periods you can choose from, and indeed throughout the life of Windows 10, these channels did change quite a bit, even beginning with a different name of “branches.” For now, at least we just have the three.

General Availability Channel

The General Availability (GA) Channel is what all Windows 11 Home and Pro machines running in a stand-alone environment will be part of. In this channel, all updates are downloaded to a PC as Microsoft releases them through Windows Update.
In this channel, updates can be paused for a period of up to five weeks (see Figure 9-4), but doing so requires the user to open Settings, click Windows Update, and manually select the period for pausing updates from a drop-down menu.

Figure 9-4. Updates can be paused for up to five weeks in the General Availability Channel

The reason for pausing updates in this way is because some people might be working on an important project, such as writing a book about Windows Update, and not want to be disturbed by the PC needing to restart the PC. This is especially true if the PC really can’t be restarted such as when it’s performing a complex video or graphical rendering process.

Note:The month before writing this chapter, I was invited to Microsoft’s Redmond (WA) headquarters as part of a small delegation to meet and feed back directly to senior Windows engineers about future builds of the operating system. One of the many suggestions I made was that deferring updates on a PC for a week or two should be an option you can lock in place. The reason is that it would give end users much more peace of mind when it came to problem drivers and updates, but that it would not appreciably make their system any less secure.

Windows Update for Business

If you are using Windows 10 Pro, Enterprise, or Education in a business environment managed by Intune or WSUS (Windows Server Update Services), then you will have the additional option of selecting the Windows Update for Business channel. This works identically to the General Availability Channel except that you can choose from the management console to defer updates for a period of three months from the day of first release.
This gives IT departments and system administrators time to test updates in a controlled environment and ensure there are no bugs or incompatibilities with their software and systems that might result in downtime.

Long-Term Servicing Channel

Back in 2015, I had a bit of an argument with one of the world’s largest weapons manufacturers. I know, you laugh, it can never be a good idea to upset a company that (A) makes battlefield missiles and (B) knows where you live. Anyway, this company was getting ready to roll out Windows 10 across their PCs and wanted each desktop PC to be running the Long-Term Servicing Branch (LTSB), as it was called then, version of the operating system.
On the face of things, this seemed perfectly sensible. The long-term servicing version of Windows only needed to receive updates once every year and a half, and each individual installation would still be supported with security and stability updates (these still were pushed out in the same way as they are for business PCs).
The company said they had some older custom software that might not work properly under Windows 10 as it changed and evolved, and they needed stability for the business. Thus, the LTSB version of Windows 10 was the perfect fit for them. I politely explained that this is not what the LTSB edition of Windows 10 was for.
It had been designed to run on static machines such as ATMs, hospital scanners, and factory robots. Not only was it unsuitable for desktop PCs, and potentially much more
vulnerable as it wouldn’t be getting the twice-yearly update roll-up, Microsoft had configured it in such a way as to prevent people installing Microsoft Office on it as a deterrent against this very behavior.
This went back forth for a few days until I eventually had enough of them and told them in no uncertain terms to “Suck it up!” They had to update their old custom software, it’s not as though they couldn’t afford it, and as a weapons manufacturer, they ought to understand a thing or two about security anyway.
Suffice to say, I won the argument, and there were no news stories in the intervening years about this company having a major security breach or any productivity downtime, so we can assume they got on fine with Windows 10 Enterprise. It is a good lesson though about what the long-term servicing versions are and what they’re for.
So as I have already said, the Long-Term Servicing Channel (LTSC) version of Windows 11 is for specific static hardware that runs Windows. This includes medical equipment and scanners, ATMs, factory robot production systems, and of course some systems that directly control weaponry for the armed forces, such as a battleship.
These systems differ from desktop PCs in one very important respect. They must never ever fail to work or, to be blunt, the consequences could be severe. A hospital patient might be misdiagnosed or perhaps even die, a factory producing machinery that will save us from climate change might shut down, or Joe might not be able to pay for the last train home after his pop concert.
There is only one version of Windows 11 that can be enrolled in LTSC and that’s a specific Windows 11 Enterprise LTSC edition. Microsoft has engineered this version in such a way as to make it impossible (or at least extremely difficult) to install desktop and office software, and they have perhaps understandably removed Candy Crush (surely reason enough for all of us to use it; Ed).
The LTSC version of Windows 11 will still, as I mentioned, get critical security and stability updates that will inevitably be deferred and tested by IT managers and will get a general update every two to three years.

How Long Is a Windows Feature Update Supported For?

Where LTSC differs from the Home, Pro, Enterprise, and Education versions of Windows 11 is that for the main editions, each major update, called Feature Update, is supported for a period of 24 months for personal and stand-alone machines and 36 months for managed installations in enterprise environments.
The LTSC version of Windows 11 however will have a five-year support lifecycle, meaning that while feature updates will still be released for it every two to three years (not including any new features I might add as the computers running it don’t need them), system administrators can wait the full five years before deploying one, and this will give them all the time they need to make sure the update won’t interrupt the smooth operation of the machine.

Taming Windows Update

I don’t know if you watched it, but back in 2020 and running just for two seasons before being cancelled was an excellent Netflix comedy series called Space Force. This starred Steve Carell and John Malkovich as part of the hapless team running the US Military’s new space command.
Series 2 episode 7, “The Hack,” is the one to watch if you’re a fan of Windows Update causing chaos. The facility is hacked, the power is cut, and their computer systems are disabled. This has the result of sending one of their satellites out of orbit. Our intrepid heroes work together to get their systems back online, but when they try to reprogram the satellite, their computer restarts to install a Windows Update.
Windows 11 does include some features to help alleviate the pain, just in case you are managing a satellite that begins to fall out of orbit or are binge-watching Space Force on your Surface tablet. Open Setting and click Windows Update, and you will see an Advanced options button.
Clicking this displays the options you have available to you (see Figure 9-5), two of which I want to highlight. Active hours lets you specify when you’re typically using the PC. This tells the operating system not to restart the PC during those hours.

Figure 9-5. Windows 11 lets you control Windows Update to some degree

If you then get an update that will require restarting the PC in order for it to install, you will be notified by a pop-out message (see Figure 9-6). This will tell you roughly how long the restart and install will take and give you an option to restart the PC then should you want to.

Figure 9-6. Windows Update will tell you when a restart is required

These pop-out messages might seem irritating, but they’re useful for letting you know that if you leave your PC on (if you turn it off, the update will be installed anyway), then you shouldn’t leave any programs open with unsaved work.
The other option is for Delivery Optimization. This allows you to set absolute bandwidth limits for Windows Update downloads. This can be useful in situations where bandwidth is limited and you have other processes being performed regularly, such as cloud data backups.

Troubleshooting and Repairing Windows Update

So what happens if Windows Update goes wrong? This can happen if an update download becomes corrupt, and it can cause the whole update system to break, preventing any updates from being downloaded or installed. There are two things you can do here, depending really on whether you are supporting a user remotely or locally.
If the end user needs to fix the problem themselves, ask them to open Settings and, in the System section, scroll down to Troubleshoot. Then click Other trouble-shooters before running the one called Windows Update (see Figure 9-7). These troubleshooters reset Windows components to their default state and can often fix problems.

Figure 9-7. Windows 11 includes a troubleshooter to reset Windows Update

If this doesn’t work, we need to get our hands dirty. Open Services from a Start Menu search or from Windows Tools, and scroll down the list until you find two services, Windows Update and Windows Update Medic Service. If these are running, you need to right-click each and select Stop.
Next, and you only have a limited amount of time to do this before Windows Update will automatically restart those services, open File Explorer and navigate to C:\ Windows\SoftwareDistribution. This is the main repository of Windows Update files, including all downloads.
You can safely select all of the files and subfolders in this folder and delete them (see Figure 9-8). The next time you run Windows Update on the PC, they will all be recreated, but any corrupt file(s) will be gone.

Figure 9-8. It is safe to delete the contents of the SoftwareDistribution folder

Rolling Back and Uninstalling Updates

If you get an update on a PC that does cause problems, you will need to get rid of it. There are three different ways to achieve this depending on what type of update it was.
If an annual Feature Update is causing problems on the PC, then this can be rolled back for a period of 30 days, as a folder called Windows.old is kept on the hard disk with the previous installation files (see Figure 9-9).

Figure 9-9. The Windows.old folder is kept for 30 days by the system

To roll back, in Settings click Recovery in the System section, and you will see a Go back option. Click this unless it is grayed out as it will then no longer be available for you to use (see Figure 9-10).

Figure 9-10. You can “Go back” to a previous Feature Update for 30 days

If this option isn’t available to you, there are other things you can do. In Settings, click Windows Update and then Update history. Scroll to the bottom of the page, and you will see an Uninstall updates option (see Figure 9-11).

Figure 9-11. You can uninstall some Windows Updates

This currently opens in the old Windows Update Control Panel applet, though we can likely expect it to be completely folded into Settings at some point in the future, as Windows Update is one of the applets that’s been marked for complete removal.
You will notice however that while the list of installed updates in Settings is long, the list of updates you can actually remove is short (see Figure 9-12). This is because Microsoft deems security and stability updates as being too important to remove. If it’s one of those you need to get rid of, then you’ll see a different route for doing so.

Figure 9-12. Security and stability updates can’t be easily uninstalled

So your last port of call is System Restore. Search for it in the Start Menu and click the Create a Restore Point option. Then, in the dialog that appears, click the System Restore button, and the restore wizard will appear.
You will be offered a Recommended Restore Point to recover to, which will be the most recent, but you can choose a different one. There may not be many that appear in the list, but check the Show more restore points check box in the bottom-left corner of the dialog, and more will likely appear (see Figure 9-13).

Figure 9-13. You can roll back updates with System Restore

Choose the Restore Point that correlates to the time and date the problem occurred, that is, the time of the Windows Update that caused the issue, and click Next.
The last thing you need to do after the restore is complete is to go back into Settings and Windows Update and pause updates for a few weeks, as I described earlier in this chapter. This is because the offending update will inevitably come down to you again, and pausing updates will give Microsoft or the third-party vendor time to identify and either fix the update or pull it completely so that it doesn’t cause people any more headaches.

Managing Windows Update with PowerShell

If you like using scripting to manage your PCs, then it’s straightforward to manage and get detailed information about Windows Update by using PowerShell. This was always going to be a no-brainer, as system administrators need to configure and update computers across the network, which includes managing updates.
One of the reasons for this is some businesses, especially those using older bespoke software, can find new updates causing that software to become unresponsive or buggy, which is why every system administrator, maybe yourself as well, test each update provided by Microsoft before deploying them.
Sometimes, you need to know what updates have been installed on the Windows 11 PCs across your network; this can be done with the Get-HotFix {-ComputerName <PCName>, <PCName2>, <PCName3>} | Sort-Object InstalledOn command (see Figure 9-14). This will display the “KB” number for each, which is Microsoft’s standardized way to identify particular fixes and updates.

Figure 9-14. You can check which updates have recently been installed on local or remote PCs

If you want more detailed information about what updates have been installed on a PC or PCs over time, use the command Get-WindowsUpdateLog, which will export the full event logs from Windows Update, including error and failure events, and write them to a WindowsUpdate.txt file placed on your desktop (see Figure 9-15).


Figure 9-15. You can view full event logs for Windows Update with PowerShell

More information on the PowerShell commands you can use with Windows Update on PCs across a network can be found on the Microsoft Docs website.

Resetting and Reinstalling Windows 11

Sometimes, you need to reset Windows 11 completely because things have gotten so bad that’s really the only option available to you. There are a couple of different ways to do this in Windows, and both produce different results.

System Image Backup

First introduced with Windows Vista, the System Image Backup is a feature of the perating system that could very well be removed in a future version. This is for two reasons, firstly that it’s only accessible through the File History feature of the Control Panel, which has itself been replaced by OneDrive, and also that the Reset feature in Windows is now the direct replacement for System Image Backup. That being said, it’s still here as I write this, and you might find it useful.
As I mentioned, if you open Control Panel and then File History, you will see a Create a system image link in the top-left corner of the window. Click this and a dialog appears asking where you want to save your backup image (see Figure 9-16).

Figure 9-16. Windows allows you to save a backup install image

You can choose between saving it on a different partition or hard disk in the PC, on one or more DVDs (if you find any at the back of a drawer), or on a network location.

Caution:Do not save a System Image Backup on a network location the PC can only connect to by Wi-Fi or it will be unavailable if you need to restore it.

Clearly, the only option here is a separate partition or disk in the PC, which will already rule out this feature for many people. When you save the image, it creates a snapshot image of your Windows 11 installation at that time, including all your settings, installed programs, and also all your files and documents if they’re stored on the same disk as your Windows installation.
This creates another problem, in that to use this feature you will also need to have all your files and documents stored on a separate partition or disk to Windows, or you will find that all your new and updated files will be completely wiped out and replaced with older ones when you come to do a restore. Be warned!
The benefit of a System Image Backup though is that, while you’ll still need to download a ton of Windows Updates after restoring it, all your software and installed apps will be right where you left them, and, arguably, installing and configuring these again is the bigger job out of the two.
You restore a System Image Backup from the Recovery Console. Either boot the PC from a USB Recovery Drive, which I detailed in Chapter 3, or hold down the Shift key when restarting the PC from the Start Menu or Lock Screen.
When in the Recovery Console, click Troubleshooting and then Advanced Options. You will see a See more recovery options link, and clicking this will reveal an option to restore the PC using System Image Recovery (see Figure 9-17).

Figure 9-17. You can restore a System Image from the Recovery Console

The system will look for a System Image on the local PC and report if it can’t find one. Select the Select a system image option and click Next. At the next screen, click Advanced and you will be asked if you want to Search for a system image on the network, and remember this will only work for hardwired networked PCs, or if you want to Install a driver such as one needed for the system to access a local RAID array (see Figure 9-18).

Figure 9-18. You can only restore a System Image from a wired network

Reset This PC

Windows Reset is the option that has effectively replaced the System Image Backup, and it’s superior in some ways and vastly inferior in others. Windows keeps a backup copy of itself at all times that is 30 days old. The logic of this is that if your PC worked reliably 30 days ago, that’s a backup image you can use to restore it in the event of a failure. You don’t need to do anything to create this backup, Windows does it automatically.
You can restore it at any time in Settings under System and Recovery where you will see a Reset this PC option (see Figure 9-19).

Figure 9-19. You can reset the PC from Settings

You will then be asked what type of Reset you wish to perform. You can choose Keep my files which will keep your files and accounts intact or Remove everything which is the option to choose if you’re selling or giving away the PC.

Caution:Resetting a PC will offer to securely wipe data from the drive, but this is not as secure as the double- and multiple-wipe options offered by some software including the excellent and free CCleaner that you can download from www.ccleaner.com.

You are then asked if you want to download a fresh copy of Windows or use the local backup (see Figure 9-20).

Figure 9-20. You can choose from a cloud download or local reinstall

You can use the Cloud download option if you suspect the backup Reset image on the PC is perhaps corrupt and won’t work for you. Downloading a copy is a good way to ensure you have a fresh, crisp installation that’s up to date.
Lastly, and only if you are removing everything, you are asked if you want to Clean the drive (see Figure 9-21). I mentioned in the caution earlier that this is nowhere near as secure as other multiple-wipe options, so you should always securely wipe files on a PC that has contained personal files. I have an article on my website telling you how you can securely wipe a PC to sell or donate it.

Figure 9-21. You can wipe the drive for a full reset but use caution

You can also reset a PC from the Recovery Console, if you can’t get it to boot to the desktop. From the main Recovery Console screen, click Troubleshoot and you will then see a Reset this PC option (see Figure 9-22). This works in the same way as I have described earlier.

Figure 9-22. You can reset a PC from the Recovery Console

The benefit of Reset is threefold. The first is that you don’t need to set it up, it’s just always working in the background. The second is that you will have a PC afterward that has all your files, documents, and accounts intact and up to date, even if they’re stored on the same disk or partition as your Windows installation. This restored PC will also be completely up to date with security and stability patches and the most recent feature update too. You could even slip in a fourth benefit that it won’t face removal from Windows 11 in the future.
The downside of Reset however is that it won’t keep any of your installed software, not win32 desktop apps and not Microsoft Store apps. You will have to reinstall and configure all of them after resetting the PC. This makes it a swings and roundabouts option when compared to System Image Backup.

Summary

Clearly, there’s quite a bit you can do to repair the operating system itself if it starts going screwy, not to mention just performing a System Restore at any time should you need to. The choice between Reset and System Image Backup can be tricky though, and you might already have and prefer your own system backup software from a third party.
One of the biggest problems facing PC users though is issues with user accounts, documents, files, and drives and what happens when you get a corruption there that prevents you or an end user from signing in or accessing any files. This is what we’ll look at in the next chapter.