Fear, pain and hatred of technical support

Habr - not a mournful book. This article is about Nirsoft freeware tools for Windows System Administrator.



When contacting technical support, people often experience stress. Someone is worried that he will not be able to explain the problem and will look stupid. Someone is overwhelmed with emotions and it is difficult to restrain resentment about the quality of the service - because before there was not a single gap!



I like, for example, Veeam technical support. She answers quickly, but accurately and to the point. I’m even glad to write there for nothing in order to learn some new chip.



Good tech support in DeviceLock. The experience of their old-timers deserves respect. After almost every appeal, I enter a few lines of Secret Knowledge into the corporate Wiki. At the same time, they quickly collect test product builds with a fixed bug - support and production are closely related.



ArcServe is not very. The residents of the Indian Ocean are very, very polite and attentive, but I can’t say anything more. If there is no finished KB, your life will be sad.



Apart is the technical support of our antivirus flagship - Kaspersky Lab. As a person puts off going to the dentist, so I try not to write there until the last. Because it will be long, painful and with unpredictable results. You can’t choose a doctor, even though you have 5000 rubles of licenses - heals whoever comes across. And I’m kind of a doctor myself (well, not a doctor, so a locksmith), I’m doubly upset.



To business.



We update Kaspersky Security for Windows Server from version 10.1.1 to 10.1.2. The operation is simple, but we know something. In another Patch Tuesday from Microsoft, I noticed that the updates did not install on a large group of servers.



It turned out that the wuauserv and BITS services had stopped working on the servers, and an error was returned when starting:







Treating the launch of folk remedies



sc config wuauserv type= own sc config bits type= own
      
      





I realized that there was something in common between the servers - KSWS 10.1.2 was recently installed on 100% of patients.



He became very ill, opened treatment.

Hello!

After the upgrade from 10.1.1 to 10.1.2.996, BITS and Windows Update services broke down on a number of servers.

At startup, an error is returned: 1290

Is the occurrence of an error related to product installation?
The answer was not long in coming.

Good afternoon, Michael!

When installing or updating the version, Kaspersky Security 10 for Windows Server does not consider the available services, nor does it check / change their settings.

They said how they cut it off.



A quick googling showed that the problem exists, at least existed in a different version .



I wrote it back - here are smart people writing that there was such a problem before, maybe it still remains? Provided standard technical information.



7 days (seven days, Karl!) Technical support was silent. The result was not encouraging. I quote in abbreviated form:

Michael, good afternoon!



In your case, disabling services after upgrading the product is connected with individual or group settings of the operating system (my conclusions are based on the study of the report you sent).



I recommend that you deeply investigate the work of system services. I would be happy to help you with this, however, it is in the competence of Microsoft support, since the solution you specified is working and requires only a one-time input.



On my own behalf, I want to add that both of the services you indicated are related to updating the operating system and in no way affect the operation of our product, respectively, and the degree of your protection .
This is the end. It's a shame.



Well, if Kaspersky Lab cannot find the defect, the soldiers will find it. H will have to look for it yourself.



The configuration of Windows services is stored in the registry branch:



 HKLM\System\CurrentControlSet\services\
      
      





Nothing useful is stored on the file system except binary files.



How do we monitor the registry? The most versatile tool is Process Monitor from Sysinternals .



What is wrong with Process Monitor? It is extremely difficult to find in it if you do not know exactly what you are looking for.



At the same time, there are utilities from the not so well-known company Nirsoft . It produces dozens of unique programs - from monitoring the connection of USB devices to reading product keys from the registry. If you have never heard of her, I highly recommend visiting the site and evaluating the collection. When I first found out about them - as if I opened a box with toys.



The utility www.nirsoft.net/utils/registry_changes_view.html will be useful for our work

RegistryChangesView v1.21. Download, run on the server.



The first thing to do is a snapshot before installation.







Then run Sysinternals Process Monitor, disable everything except the registry, and configure the saving of the results to a file.







We start the installation process, make sure that everything is broken.

Making a second snapshot in RegistryChangesView.

Compare snapshots among themselves.







And here is what interests us.











But who did it? Maybe the service broke itself?



We look at the Process Monitor log, let's start by filtering processes:











We take Summary by registry, sort by Writes field:







And here’s what’s sought:











That's all friends, in 5 minutes the cause of the problem was found.



This is exactly the installer of Kaspersky, and we know exactly how it breaks the service. So, we will easily return it to its original state.



What are the findings?



Hope for support, but don’t be too bad. Do not be lazy. Figure it out.

Use suitable tools. Expand your personal set of technical tools. Learn the tools you use every day.

Well, if you work in support yourself, try to learn how to skip the first phase - “Denial”. This, by the way, is the most difficult.



I wish I myself began to follow these tips. Hello Labs!



Addition . Two weeks later, I was lucky to get a response from the developer. Thank you, Oleg, at least one person cares, which means that not everything for us, our clients, is lost. He explained that, in fact, the installer returns the state of the service to its original state, as after a clean installation of the operating system (and it really is, checked it). The previous version of KSWS changed the service settings, allocating them to a separate process (why?). But the installer does not roll back the settings correctly, simply changing the values ​​in the registry without notifying Service Control Manager. After a reboot (I don’t know how to restart SCM, although if you just try to repeat the same configuration through the sc.exe utility, reboots can be avoided), the update services will work again. The easiest workaround is to assign a reboot overnight (during service time) after updating the release.

Honestly, all of this has already been described in the forum post above. It was simply confirmed that the error passed to the new release.



PS: Thanks berez for helping with punctuation.



All Articles