For more info about creating the OpenSearch XML file, see the [Understanding OpenSearch Standards](https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. | Disable setting (default) | Any added search engines are removed from the employee’s device. |
-| Do not configure | The search engine list is set to what is specified in App settings. |
+## Always Enable book library
+>*Supporteded versions: Windows 10*
-### Configure Autofill
+This policy settings specifies whether to always show the Books Library in Microsoft Edge. By default, this setting is disabled, which means the library is only visible in countries or regions where available. if enabled, the Books Library is always shown regardless of countries or region of activation.
+
+**Microsoft Intune to manage your MDM settings**
+| | |
+|---|---|
+|MDM name |[AlwaysEnableBooksLibrary](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) |
+|Supported devices |Desktop
Mobile |
+|URI full path | ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary |
+|Data type | Integer |
+|Allowed values |
- **0 (default)** - Disable. Use default visibility of the Books Library. The Library will be only visible in countries or regions where it’s available.
- **1** - Enable. Always show the Books Library, regardless of countries or region of activation.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Additional search engines are not allowed.
- **1** - Additional search engines are allowed.
- **0** - Employees cannot use Autofill to complete form fields.
- **1 (default)** - Employees can use Autofill to complete form fields.
- **Allow all cookies (default)** from all websites.
- **Block all cookies** from all websites.
- **Block only 3rd-party cookies** from 3rd-party websites.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowCookies | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Allows all cookies from all sites.
- **1** - Blocks only cookies from 3rd party websites.
- **2** - Blocks all cookies from all sites.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Stops you from sending Do Not Track headers to websites requesting tracking info.
- **1** - Employees can send Do Not Track headers to websites requesting tracking info.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Employees cannot use Password Manager to save passwords locally.
- **1** - Employees can use Password Manager to save passwords locally.
- **0 (default)** - Turns off Pop-up Blocker, allowing pop-up windows.
- **1** - Turns on Pop-up Blocker, stopping pop-up windows.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Employees cannot see search suggestions in the Address bar of Microsoft Edge.
- **1** - Employees can see search suggestions in the Address bar of Microsoft Edge.
- **0** - Adobe Flash content is automatically loaded and run by Microsoft Edge.
- **1 (default)** - An employee must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
`
>If you already use a site list, enterprise mode continues to work during the 65-second wait; it just uses the existing site list instead of the new one. -### Configure Windows Defender SmartScreen +**Microsoft Intune to manage your MDM settings** +| | | +|---|---| +|MDM name |[EnterpriseModeSiteList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) | +|Supported devices |Desktop | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList | +|Data type | String | +|Allowed values |
- Not configured.
- **1 (default)** - Use the Enterprise Mode Site List, if configured.
- **2** - Specify the location to the site list.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Turns off Windows Defender SmartScreen.
- **1** - Turns on Windows Defender SmartScreen, providing warning messages to your you about potential phishing scams and malicious software.
- **0 (default)** - Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages.
- **1** - Disable lockdown of the Start pages and allow users to modify them.
Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices. | -| Disable or do not configure | Employees cannot sync their favorites between Internet Explorer and Microsoft Edge. | +**Microsoft Intune to manage your MDM settings** +| | | +|---|---| +|MDM name |[AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | +|Supported devices |Desktop | +|URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings | +|Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync | +|Data type | Integer | +|Allowed values |
- **0** - Employees cannot sync settings between PCs.
- **1 (default)** - Employees can sync between PCs.
- **0 (default)** - Synchronization is turned off.
- **1** - Synchronization is turned on.
- **0 (default)** - Employees can access the about:flags page in Microsoft Edge.
- **1** - Employees cannot access the about:flags page in Microsoft Edge.
Mobile | +|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Lets you ignore the Windows Defender SmartScreen warnings about unverified files and lets them continue the download process.
- **1** - Stops you from ignoring the Windows Defender SmartScreen warnings about unverified files.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Turns off Windows Defender SmartScreen.
- **1** - Turns on Windows Defender SmartScreen.
`https://fabrikam.com/opensearch.xml` | -| Disable | The policy-set default search engine is removed. If this is also the current in-use default, the search engine changes to the Microsoft Edge specified engine for the market . | -| Do not configure | The default search engine is set to the one specified in App settings. | +This policy setting specifies whether you can add, import, sort, or edit the Favorites list in Microsoft Edge. By default, this setting is disabled or not configured (turned on), which means the Favorites list is not locked down and you can make changes to the Favorites list. If enabled, you cannot make changes to the Favorites list. Also, the Save a Favorite, Import settings, and the context menu items, such as Create a new folder, are turned off. >[!Important] ->If you'd like your employees to use the default Microsoft Edge settings for each market , you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. +>Don't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops you from syncing their favorites between Internet Explorer and Microsoft Edge. -### Show message when opening sites in Internet Explorer +**Microsoft Intune to manage your MDM settings** +| | | +|---|---| +|MDM name |[LockdownFavorites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | +|Supported devices |Desktop
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Disabled. Do not lockdown Favorites.
- **1** - Enabled. Lockdown Favorites.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
- **1** - Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
Mobile | +|URI full path | ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage | +|Data type | Integer | +|Allowed values |
- **0 (default)** - Employees see the First Run webpage.
- **1** - Employees do not see the First Run webpage.
- **0 (default)** - Shows an employee's LocalHost IP address while using the WebRTC protocol.
- **1** - Does not show an employee's LocalHost IP address while using the WebRTC protocol.
- **0 (default)** - Automatically opens all websites, including intranet sites, using Microsoft Edge.
- **1** - Automatically opens all intranet sites using Internet Explorer 11.
Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine | +|Data type | Integer | +|Allowed values |
- **0 (default)** - The default search engine is set to the one specified in App settings.
- **1** - Allows you to configure the default search engine for your you.
- **0 (default)** - Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
- **1** - Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
- **0** - No shared folder.
- **1** - Use as shared folder.
Accounts: Block Microsoft accounts
**Note** Microsoft accounts can still be used in apps.
Enabled
Interactive logon: Do not display last user name
Enabled
Interactive logon: Sign-in last interactive user automatically after a system-initiated restart
Disabled
Interactive logon: Sign-in last interactive user automatically after a system-initiated restart
Disabled
User Account Control: Behavior of the elevation prompt for standard users
Auto deny
ASP.NET MVC 4.0
[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)
Service Principal Name (SPN)
The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.
If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.
diff --git a/windows/application-management/index.md b/windows/application-management/index.md index fdd42c35b8..23490f9d99 100644 --- a/windows/application-management/index.md +++ b/windows/application-management/index.md @@ -24,8 +24,8 @@ Learn about managing applications in Windows 10 and Windows 10 Mobile clients. | [Enable or block Windows Mixed Reality apps in the enterprise](manage-windows-mixed-reality.md) | Learn how to enable or block Windows Mixed Reality apps. | |[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications| | [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10 | -|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016| +|[Per User services in Windows 10](per-user-services-in-windows.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016| [Disabling System Services in Windows Server](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) | Security guidelines for disabling services in Windows Server 2016 with Desktop Experience |[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise| -| [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile | +| [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile | [Change history for Application management](change-history-for-application-management.md) | This topic lists new and updated topics in the Application management documentation for Windows 10 and Windows 10 Mobile. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 2ad3ca1434..404877f84d 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -112,7 +112,7 @@ The following image shows the EnterpriseModernAppManagement configuration servic ``` **AppManagement/RemovePackage** -Added in Windows 10, version 1703. Used to remove packages. +
Added in Windows 10, version 1703. Used to remove packages. Not supported for ./User/Vendor/MSFT.
Parameters:
-
@@ -121,34 +121,18 @@ The following image shows the EnterpriseModernAppManagement configuration servic
- Name: Specifies the PackageFullName of the particular package to remove.
- RemoveForAllUsers:
-
-
- 0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users. -
- 1 – Package will be removed for all users. +
- 0 (default) – Package will be un-provisioned so that new users do not receive the package. The package will remain installed for current users. This is not currently supported. +
- 1 – Package will be removed for all users only if it is a provisioned package.
Supported operation is Execute. -
The following example removes a package for the specified user:
-
-```XML
-
The following example removes a package for all users: ````XML @@ -307,7 +291,12 @@ The following image shows the EnterpriseModernAppManagement configuration servic
Supported operation is Get. **.../*PackageFamilyName*/*PackageFullName*/Users** -
Required. Registered users of the app. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string. +
Required. Registered users of the app and the package install state. If the query is at the device level, it returns all the registered users of the device. If you query the user context, it will only return the current user. Value type is string. + +- Not Installed = 0 +- Staged = 1 +- Installed = 2 +- Paused = 6
Supported operation is Get. diff --git a/windows/client-management/mdm/images/provisioning-csp-vpn.png b/windows/client-management/mdm/images/provisioning-csp-vpn.png index 15e907a16c..f46b884641 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-vpn.png and b/windows/client-management/mdm/images/provisioning-csp-vpn.png differ diff --git a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png index 8e18128149..c8f2721143 100644 Binary files a/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png and b/windows/client-management/mdm/images/provisioning-csp-windowsdefenderapplicationguard.png differ diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 5453323c70..b82b5779fd 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -24,49 +24,49 @@ The following diagram shows the MultiSIM configuration service provider in tree **./Device/Vendor/MSFT/MultiSIM** Root node. -**_ModemID_** +**_ModemID_** Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem ID is a GUID without curly braces, with exception of "Embedded" which represents the embedded modem. -**_ModemID_/Identifier** +**_ModemID_/Identifier** Modem ID. Supported operation is Get. Value type is string. -**_ModemID_/IsEmbedded** +**_ModemID_/IsEmbedded** Indicates whether this modem is embedded or external. Supported operation is Get. Value type is bool. -**_ModemID_/Slots** +**_ModemID_/Slots** Represents all SIM slots in the Modem. -**_ModemID_/Slots/_SlotID_** +**_ModemID_/Slots/_SlotID_** Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format is "0", "1", etc., with exception of "Embedded" which represents the embedded Slot. -**_ModemID_/Slots/_SlotID_/Identifier** +**_ModemID_/Slots/_SlotID_/Identifier** Slot ID. Supported operation is Get. Value type is integer. -**_ModemID_/Slots/_SlotID_/IsEmbedded** +**_ModemID_/Slots/_SlotID_/IsEmbedded** Indicates whether this Slot is embedded or a physical SIM slot. Supported operation is Get. Value type is bool. -**_ModemID_/Slots/_SlotID_/IsSelected** +**_ModemID_/Slots/_SlotID_/IsSelected** Indicates whether this Slot is selected or not. Supported operation is Get and Replace. Value type is bool. -**_ModemID_/Slots/_SlotID_/State** +**_ModemID_/Slots/_SlotID_/State** Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8) Supported operation is Get. Value type is integer. -**_ModemID_/Policies** +**_ModemID_/Policies** Policies associated with the Modem. -**_ModemID_/Policies/SlotSelectionEnabled** +**_ModemID_/Policies/SlotSelectionEnabled** Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true. Supported operation is Get and Replace. Value type is bool. diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index a7eeb7a2b0..dc568d07df 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1329,16 +1329,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
Added a new CSP in Windows 10, version 1803.
-======= + +Added the following node in Windows 10, version 1803:
- UntrustedCertificates
| New or updated topic | +Description | +
|---|---|
| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | +Added the following node in Windows 10, version 1803: +
|
 |
-  |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
- |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
- |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
- |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
- |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
- |
- |
- |
- |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Log file | Phase: Location | Description | When to use | +
| setupact.log | Down-Level: $Windows.~BT\Sources\Panther | Contains information about setup actions during the downlevel phase. | +All down-level failures and starting point for rollback investigations. This is the most important log for diagnosing setup issues. |
+
| OOBE: $Windows.~BT\Sources\Panther\UnattendGC |
+Contains information about actions during the OOBE phase. | Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F. | +|
| Rollback: $Windows.~BT\Sources\Rollback | Contains information about actions during rollback. | Investigating generic rollbacks - 0xC1900101. | +|
| Pre-initialization (prior to downlevel): Windows | Contains information about initializing setup. | If setup fails to launch. | +|
| Post-upgrade (after OOBE): Windows\Panther | Contains information about setup actions during the installation. | Investigate post-upgrade related issues. | +|
| setuperr.log | Same as setupact.log | Contains information about setup errors during the installation. | Review all errors encountered during the installation phase. | +
| miglog.xml | Post-upgrade (after OOBE): Windows\Panther | Contains information about what was migrated during the installation. | Identify post upgrade data migration issues. | +
| BlueBox.log | Down-Level: Windows\Logs\Mosetup | Contains information communication between setup.exe and Windows Update. | Use during WSUS and WU down-level failures or for 0xC1900107. | +
| Supplemental rollback logs: +Setupmem.dmp +setupapi.dev.log +Event logs (*.evtx) |
+$Windows.~BT\Sources\Rollback | Additional logs collected during rollback. | +
+Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump. +Setupapi: Device install issues - 0x30018 +Event logs: Generic rollbacks (0xC1900101) or unexpected reboots. |
+
-
+
- The date and time - 2016-09-08 09:20:05. +
- The log level - Info, Warning, Error, Fatal Error. +
- The logging component - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+
-
+
- The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors. +
- The message - Operation completed successfully. +
To analyze Windows Setup log files: + +
-
+
- Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process. +
- Based on the [extend code](upgrade-error-codes.md#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. +
- Open the log file in a text editor, such as notepad. +
- Using the [result code](upgrade-error-codes.md#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below. +
- To find the last occurrence of the result code:
+
-
+
- Scroll to the bottom of the file and click after the last character. +
- Click Edit. +
- Click Find. +
- Type the result code. +
- Under Direction select Up. +
- Click Find Next. +
- When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code. +
- Search for the following important text strings:
+
-
+
- Shell application requested abort +
- Abandoning apply due to error for object +
- Decode Win32 errors that appear in this section. +
- Write down the timestamp for the observed errors in this section. +
- Search other log files for additional information matching these timestamps or errors. +
setuperr.log content: + +
+27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] +27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570] +27:08, Error Gather failed. Last error: 0x00000000 +27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C +27:09, Error SP CMigrateFramework: Gather framework failed. Status: 44 +27:09, Error SP Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7] +27:09, Error SP Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7] +27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7] ++ +The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below): + +
+27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] ++ +The error 0x00000570 is a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable. + +Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure: + +
setupact.log content: + +
+27:00, Info Gather started at 10/5/2016 23:27:00 +27:00, Info [0x080489] MIG Setting system object filter context (System) +27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped +27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped +27:00, Info SP ExecuteProgress: Elapsed events:1 of 4, Percent: 12 +27:00, Info [0x0802c6] MIG Processing GATHER for migration unit:+ + +\UpgradeFramework (CMXEAgent) +27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] +27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570] +27:08, Info SP ExecuteProgress: Elapsed events:2 of 4, Percent: 25 +27:08, Info SP ExecuteProgress: Elapsed events:3 of 4, Percent: 37 +27:08, Info [0x080489] MIG Setting system object filter context (System) +27:08, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped +27:08, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped +27:08, Info MIG COutOfProcPluginFactory::FreeSurrogateHost: Shutdown in progress. +27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened- +27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object. +27:08, Error Gather failed. Last error: 0x00000000 +27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44 +27:08, Info Leaving MigGather method +27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C +
This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. + +## Related topics + +[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx) +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/quick-fixes.md b/windows/deployment/upgrade/quick-fixes.md new file mode 100644 index 0000000000..d11f924e4d --- /dev/null +++ b/windows/deployment/upgrade/quick-fixes.md @@ -0,0 +1,56 @@ +--- +title: Quick fixes - Windows IT Pro +description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.date: 03/30/2018 +ms.localizationpriority: high +--- + +# Quick fixes + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 100 level topic (basic).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + +The following steps can resolve many Windows upgrade problems. + +
-
+
- Remove nonessential external hardware, such as docks and USB devices. +
- Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type the following command. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
+
-
+
- chkdsk /F +
+ - Attempt to restore and repair system files by typing the following commands at an elevated command prompt. It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
+
-
+
- DISM.exe /Online /Cleanup-image /Restorehealth +
- sfc /scannow +
+ - Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. +
- Uninstall non-Microsoft antivirus software.
+
-
+
- Use Windows Defender for protection during the upgrade. +
- Verify compatibility information and re-install antivirus applications after the upgrade.
+
+ - Uninstall all nonessential software. +
- Update firmware and drivers. +
- Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. +
- Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md new file mode 100644 index 0000000000..ae8d50adda --- /dev/null +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -0,0 +1,684 @@ +--- +title: Resolution procedures - Windows IT Pro +description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.date: 03/30/2018 +ms.localizationpriority: high +--- + +# Resolution procedures + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 200 level topic (moderate).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + + +## 0xC1900101 + +A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
+ +- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp, +- Event logs: $Windows.~bt\Sources\Rollback\*.evtx +- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log + +The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/en-us/kb/929135) before initiating the upgrade process. + +
See the following general troubleshooting procedures associated with a result code of 0xC1900101: + + +
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+
0x800xxxxx
+ +Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. + +
See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+ +
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+||||||
+
+
|
+
+
+
+
|
+
| Error code + | Cause + | Mitigation + |
| 0xC1800118 | +WSUS has downloaded content that it cannot use due to a missing decryption key. | +See [Steps to resolve error 0xC1800118](https://blogs.technet.microsoft.com/wsus/2016/09/21/resolving-error-0xc1800118/) for information. | +
| 0xC1900200 | +Setup.exe has detected that the machine does not meet the minimum system requirements. | +Ensure the system you are trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) for information. |
+
| 0x80090011 | +A device driver error occurred during user data migration. | +Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
+ Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
+
| 0xC7700112 | +Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk. | +This issue is resolved in the latest version of Upgrade Assistant.
+ Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
+
| 0x80190001 | +An unexpected error was encountered while attempting to download files required for upgrade. | +To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). + | +
| 0x80246007 | +The update was not downloaded successfully. | +Attempt other methods of upgrading the operating system. +Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). + Attempt to upgrade using .ISO or USB. +**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). + |
+
| 0xC1900201 | +The system did not pass the minimum requirements to install the update. | +Contact the hardware vendor to get the latest updates. | +
| 0x80240017 | +The upgrade is unavailable for this edition of Windows. | +Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator. | +
| 0x80070020 | +The existing process cannot access the file because it is being used by another process. | +Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135). | +
| 0x80070522 | +The user doesn’t have required privilege or credentials to upgrade. | +Ensure that you have signed in as a local administrator or have local administrator privileges. | +
| 0xC1900107 | +A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade. + | +Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/en-us/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10). | +
| 0xC1900209 | +The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications. | +Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information.
+
+ You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools. + |
+
| 0x8007002 | +This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403) | +Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
+
+ The error 80072efe means that the connection with the server was terminated abnormally. + + To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN. + |
+
| 0x80240FFF | +Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. | + You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
+
+
For detailed information on how to run these steps check out How to delete upgrades in WSUS. + |
+
| 0x8007007E | +Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager. | + Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
+
+
|
+
| Error Codes | Cause | Mitigation |
| 0x80070003- 0x20007 + | This is a failure during SafeOS phase driver installation. + + | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver. + |
| 0x8007025D - 0x2000C + | This error occurs if the ISO file's metadata is corrupt. | "Re-download the ISO/Media and re-attempt the upgrade. + +Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10). + + |
| 0x80070490 - 0x20007 | An incompatible device driver is present. + + | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver. + + |
| 0xC1900101 - 0x2000c + | An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption. + | Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.
+ Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display. |
| 0xC1900200 - 0x20008 + + | The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. + + | See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements.
+
+ Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/). |
| 0x80070004 - 0x3000D + | This is a problem with data migration during the first boot phase. There are multiple possible causes. + + | [Analyze log files](log-files.md#analyze-log-files) to determine the issue. |
| 0xC1900101 - 0x4001E + | Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation. + | This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section. |
| 0x80070005 - 0x4000D + | The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data. + | [Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access denied. |
| 0x80070004 - 0x50012 + | Windows Setup failed to open a file. + | [Analyze log files](log-files.md#analyze-log-files) to determine the data point that is reporting access problems. |
| 0xC190020e
+ 0x80070070 - 0x50011 + 0x80070070 - 0x50012 + 0x80070070 - 0x60000 + | These errors indicate the computer does not have enough free space available to install the upgrade. + | To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
+
+ Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby. + |
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md index 65997cec49..1f7c1def87 100644 --- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md +++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy author: greg-lindsay -ms.date: 03/30/2018 +ms.date: 04/03/2018 ms.localizationpriority: high --- @@ -18,1078 +18,37 @@ ms.localizationpriority: high >**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see the following topic: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md). -## In this topic - -This topic contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. The following sections and procedures are provided in this guide: - -- [SetupDiag](#setupdiag): SetupDiag is a new tool to help you isolate the root cause of an upgrade failure. -- [Troubleshooting upgrade errors](#troubleshooting-upgrade-errors): General advice and techniques for troubleshooting Windows 10 upgrade errors.
-- [The Windows 10 upgrade process](#the-windows-10-upgrade-process): An explanation of phases used during the upgrade process.
-- [Quick fixes](#quick-fixes): Steps you can take to eliminate many Windows upgrade errors.
-- [Upgrade error codes](#upgrade-error-codes): The components of an error code are explained. - - [Result codes](#result-codes): Information about result codes. - - [Extend codes](#extend-codes): Information about extend codes. -- [Windows Error Reporting](#windows-error-reporting): How to use Event Viewer to review details about a Windows 10 upgrade. -- [Log files](#log-files): A list and description of log files useful for troubleshooting. - - [Log entry structure](#log-entry-structure): The format of a log entry is described. - - [Analyze log files](#analyze-log-files): General procedures for log file analysis, and an example. -- [Resolution procedures](#resolution-procedures): Causes and mitigation procedures associated with specific error codes. - - [0xC1900101](#0xc1900101): Information about the 0xC1900101 result code. - - [0x800xxxxx](#0x800xxxxx): Information about result codes that start with 0x800. - - [Other result codes](#other-result-codes): Additional causes and mitigation procedures are provided for some result codes. - - [Other error codes](#other-error-codes): Additional causes and mitigation procedures are provided for some error codes. - -## SetupDiag - -You can use the SetupDiag.exe tool to automatically analyze log files and determine the root cause of an upgrade failure. If SetupDiag is successful in diagnosing the problem, an error code is displayed. Given this error code, use the procedures here (in this topic) to determine how to repair the upgrade failure. For more information see [SetupDiag](setupdiag.md). - -## Troubleshooting upgrade errors - -If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. - -Briefly, the upgrade process consists of four phases: **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. - -These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered. - -1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible. - -2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software. - - Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues. - - **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information. - - If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware. - - If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption. - -3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade. - -4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade. - -If the general troubleshooting techniques described above or the [quick fixes](#quick-fixes) detailed below do not resolve your issue, you can attempt to analyze [log files](#log-files) and interpret [upgrade error codes](#upgrade-error-codes). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue. - -## The Windows 10 upgrade process - -The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. - -When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase. - -1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered. - -  - -2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017. - -  - -3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D. - -  - -4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017. - - At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed. - -  - -  - -  - -5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015. - -**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown): - - - -DU = Driver/device updates.
-OOBE = Out of box experience.
-WIM = Windows image (Microsoft) - - -## Quick fixes - -The following steps can resolve many Windows upgrade problems. - -
-
-
- Remove nonessential external hardware, such as docks and USB devices. -
- Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type the following command. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
-
-
-
- chkdsk /F -
- - Attempt to restore and repair system files by typing the following commands at an elevated command prompt. It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
-
-
-
- DISM.exe /Online /Cleanup-image /Restorehealth -
- sfc /scannow -
- - Update Windows so that all available recommended updates are installed, and ensure the computer is rebooted if this is necessary to complete installation of an update. -
- Uninstall non-Microsoft antivirus software.
-
-
-
- Use Windows Defender for protection during the upgrade. -
- Verify compatibility information and re-install antivirus applications after the upgrade.
-
- - Uninstall all nonessential software. -
- Update firmware and drivers. -
- Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. -
- Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS. -
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic. - -Result codes can be matched to the type of error encountered. To match a result code to an error: - -1. Identify the error code type as either Win32 or NTSTATUS using the first hexadecimal digit: -
**8** = Win32 error code (ex: 0x**8**0070070) -
**C** = NTSTATUS value (ex: 0x**C**1900107) -2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure. Other digits in the code identify things such as the device type that produced the error. -3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links: - - [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) - - [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) - -Examples: -- 0x80070070 - - Based on the "8" this is a Win32 error code - - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) table - - The error is: **ERROR_DISK_FULL** -- 0xC1900107 - - Based on the "C" this is an NTSTATUS error code - - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) table - - The error is: **STATUS_SOME_NOT_MAPPED** - -Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot. - -### Extend codes - ->**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. - -Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation: - -1. Use the first digit to identify the phase (ex: 0x4000D = 4). -2. Use the last two digits to identify the operation (ex: 0x4000D = 0D). -3. Match the phase and operation to values in the tables provided below. - -The following tables provide the corresponding phase and operation for values of an extend code: - -
- -
| Extend code: phase | -|
| Hex | Phase - |
| 0 | SP_EXECUTION_UNKNOWN - |
| 1 | SP_EXECUTION_DOWNLEVEL - |
| 2 | SP_EXECUTION_SAFE_OS - |
| 3 | SP_EXECUTION_FIRST_BOOT - |
| 4 | SP_EXECUTION_OOBE_BOOT - |
| 5 | SP_EXECUTION_UNINSTALL - |
| Extend code: operation | -|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-
|
-
-
|
-||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-
| P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
| P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
| P3: New OS Architecture (x=default,0=X86,9=AMD64) |
| P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
| P5: Result Error Code (Ex: 0xc1900101) |
| P6: Extend Error Code (Ex: 0x20017) |
| P7: Source OS build (Ex: 9600) |
| P8: Source OS branch (not typically available) |
| P9: New OS build (Ex: 16299} |
| P10: New OS branch (Ex: rs3_release} |
- -
- -
| Log file | Phase: Location | Description | When to use | -
| setupact.log | Down-Level: $Windows.~BT\Sources\Panther | Contains information about setup actions during the downlevel phase. | -All down-level failures and starting point for rollback investigations. This is the most important log for diagnosing setup issues. |
-
| OOBE: $Windows.~BT\Sources\Panther\UnattendGC |
-Contains information about actions during the OOBE phase. | Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F. | -|
| Rollback: $Windows.~BT\Sources\Rollback | Contains information about actions during rollback. | Investigating generic rollbacks - 0xC1900101. | -|
| Pre-initialization (prior to downlevel): Windows | Contains information about initializing setup. | If setup fails to launch. | -|
| Post-upgrade (after OOBE): Windows\Panther | Contains information about setup actions during the installation. | Investigate post-upgrade related issues. | -|
| setuperr.log | Same as setupact.log | Contains information about setup errors during the installation. | Review all errors encountered during the installation phase. | -
| miglog.xml | Post-upgrade (after OOBE): Windows\Panther | Contains information about what was migrated during the installation. | Identify post upgrade data migration issues. | -
| BlueBox.log | Down-Level: Windows\Logs\Mosetup | Contains information communication between setup.exe and Windows Update. | Use during WSUS and WU down-level failures or for 0xC1900107. | -
| Supplemental rollback logs: -Setupmem.dmp -setupapi.dev.log -Event logs (*.evtx) |
-$Windows.~BT\Sources\Rollback | Additional logs collected during rollback. | -
-Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump. -Setupapi: Device install issues - 0x30018 -Event logs: Generic rollbacks (0xC1900101) or unexpected reboots. |
-
-
-
- The date and time - 2016-09-08 09:20:05. -
- The log level - Info, Warning, Error, Fatal Error. -
- The logging component - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
-
-
-
- The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors. -
- The message - Operation completed successfully. -
To analyze Windows Setup log files: - -
-
-
- Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process. -
- Based on the [extend code](#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate. -
- Open the log file in a text editor, such as notepad. -
- Using the [result code](#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below. -
- To find the last occurrence of the result code:
-
-
-
- Scroll to the bottom of the file and click after the last character. -
- Click Edit. -
- Click Find. -
- Type the result code. -
- Under Direction select Up. -
- Click Find Next. -
- When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code. -
- Search for the following important text strings:
-
-
-
- Shell application requested abort -
- Abandoning apply due to error for object -
- Decode Win32 errors that appear in this section. -
- Write down the timestamp for the observed errors in this section. -
- Search other log files for additional information matching these timestamps or errors. -
setuperr.log content: - -
-27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] -27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570] -27:08, Error Gather failed. Last error: 0x00000000 -27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C -27:09, Error SP CMigrateFramework: Gather framework failed. Status: 44 -27:09, Error SP Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7] -27:09, Error SP Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7] -27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7] -- -The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below): - -
-27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] -- -The error 0x00000570 is a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable. - -Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure: - -
setupact.log content: - -
-27:00, Info Gather started at 10/5/2016 23:27:00 -27:00, Info [0x080489] MIG Setting system object filter context (System) -27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped -27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped -27:00, Info SP ExecuteProgress: Elapsed events:1 of 4, Percent: 12 -27:00, Info [0x0802c6] MIG Processing GATHER for migration unit:- - -\UpgradeFramework (CMXEAgent) -27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570] -27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570] -27:08, Info SP ExecuteProgress: Elapsed events:2 of 4, Percent: 25 -27:08, Info SP ExecuteProgress: Elapsed events:3 of 4, Percent: 37 -27:08, Info [0x080489] MIG Setting system object filter context (System) -27:08, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped -27:08, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped -27:08, Info MIG COutOfProcPluginFactory::FreeSurrogateHost: Shutdown in progress. -27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened- -27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object. -27:08, Error Gather failed. Last error: 0x00000000 -27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44 -27:08, Info Leaving MigGather method -27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C -
This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. - -## Resolution procedures - -### 0xC1900101 - -A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
- -- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp, -- Event logs: $Windows.~bt\Sources\Rollback\*.evtx -- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log - -The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/en-us/kb/929135) before initiating the upgrade process. - -
See the following general troubleshooting procedures associated with a result code of 0xC1900101: - - -
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-
0x800xxxxx
- -Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly. - -
See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
- -
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-||||||
-
-
|
-
-
-
-
|
-
| Error code - | Cause - | Mitigation - |
| 0xC1800118 | -WSUS has downloaded content that it cannot use due to a missing decryption key. | -See [Steps to resolve error 0xC1800118](https://blogs.technet.microsoft.com/wsus/2016/09/21/resolving-error-0xc1800118/) for information. | -
| 0xC1900200 | -Setup.exe has detected that the machine does not meet the minimum system requirements. | -Ensure the system you are trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) for information. |
-
| 0x80090011 | -A device driver error occurred during user data migration. | -Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
- Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
-
| 0xC7700112 | -Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk. | -This issue is resolved in the latest version of Upgrade Assistant.
- Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
-
| 0x80190001 | -An unexpected error was encountered while attempting to download files required for upgrade. | -To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). - | -
| 0x80246007 | -The update was not downloaded successfully. | -Attempt other methods of upgrading the operating system. -Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10). - Attempt to upgrade using .ISO or USB. -**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). - |
-
| 0xC1900201 | -The system did not pass the minimum requirements to install the update. | -Contact the hardware vendor to get the latest updates. | -
| 0x80240017 | -The upgrade is unavailable for this edition of Windows. | -Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator. | -
| 0x80070020 | -The existing process cannot access the file because it is being used by another process. | -Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135). | -
| 0x80070522 | -The user doesn’t have required privilege or credentials to upgrade. | -Ensure that you have signed in as a local administrator or have local administrator privileges. | -
| 0xC1900107 | -A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade. - | -Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/en-us/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10). | -
| 0xC1900209 | -The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications. | -Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information.
-
- You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools. - |
-
| 0x8007002 | -This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403) | -Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
-
- The error 80072efe means that the connection with the server was terminated abnormally. - - To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN. - |
-
| 0x80240FFF | -Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. | - You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
-
-
For detailed information on how to run these steps check out How to delete upgrades in WSUS. - |
-
| 0x8007007E | -Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager. | - Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
-
-
|
-
| Error Codes | Cause | Mitigation |
| 0x80070003- 0x20007 - | This is a failure during SafeOS phase driver installation. - - | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver. - |
| 0x8007025D - 0x2000C - | This error occurs if the ISO file's metadata is corrupt. | "Re-download the ISO/Media and re-attempt the upgrade. - -Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10). - - |
| 0x80070490 - 0x20007 | An incompatible device driver is present. - - | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver. - - |
| 0xC1900101 - 0x2000c - | An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption. - | Run checkdisk to repair the file system. For more information, see the [quick fixes](#quick-fixes) section in this guide.
- Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display. |
| 0xC1900200 - 0x20008 - - | The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10. - - | See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements.
-
- Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/). |
| 0x80070004 - 0x3000D - | This is a problem with data migration during the first boot phase. There are multiple possible causes. - - | [Analyze log files](#analyze-log-files) to determine the issue. |
| 0xC1900101 - 0x4001E - | Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation. - | This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xc1900101) section of this guide and review general troubleshooting procedures described in that section. |
| 0x80070005 - 0x4000D - | The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data. - | [Analyze log files](#analyze-log-files) to determine the data point that is reporting access denied. |
| 0x80070004 - 0x50012 - | Windows Setup failed to open a file. - | [Analyze log files](#analyze-log-files) to determine the data point that is reporting access problems. |
| 0xC190020e
- 0x80070070 - 0x50011 - 0x80070070 - 0x50012 - 0x80070070 - 0x60000 - | These errors indicate the computer does not have enough free space available to install the upgrade. - | To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
-
- Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby. - |
+Level 200: Moderate
+Level 300: Moderate advanced
+Level 400: Advanced
+ +## In this guide + +See the following topics: + +- [Quick fixes](quick-fixes.md): \Level 100\ Steps you can take to eliminate many Windows upgrade errors.
+- [SetupDiag](setupdiag.md): \Level 300\ SetupDiag is a new tool to help you isolate the root cause of an upgrade failure. +- [Troubleshooting upgrade errors](troubleshoot-upgrade-errors.md): \Level 300\ General advice and techniques for troubleshooting Windows 10 upgrade errors, and an explanation of phases used during the upgrade process.
+- [Windows Error Reporting](windows-error-reporting.md): \Level 300\ How to use Event Viewer to review details about a Windows 10 upgrade. +- [Upgrade error codes](upgrade-error-codes.md): \Level 400\ The components of an error code are explained. + - [Result codes](upgrade-error-codes.md#result-codes): Information about result codes. + - [Extend codes](upgrade-error-codes.md#extend-codes): Information about extend codes. +- [Log files](log-files.md): \Level 400\ A list and description of log files useful for troubleshooting. + - [Log entry structure](log-files.md#log-entry-structure): The format of a log entry is described. + - [Analyze log files](log-files.md#analyze-log-files): General procedures for log file analysis, and an example. +- [Resolution procedures](resolution-procedures.md): \Level 200\ Causes and mitigation procedures associated with specific error codes. + - [0xC1900101](resolution-procedures.md#0xc1900101): Information about the 0xC1900101 result code. + - [0x800xxxxx](resolution-procedures.md#0x800xxxxx): Information about result codes that start with 0x800. + - [Other result codes](resolution-procedures.md#other-result-codes): Additional causes and mitigation procedures are provided for some result codes. + - [Other error codes](resolution-procedures.md#other-error-codes): Additional causes and mitigation procedures are provided for some error codes. +- [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis. ## Related topics diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md index 71f47196cb..a460f3c8b5 100644 --- a/windows/deployment/upgrade/setupdiag.md +++ b/windows/deployment/upgrade/setupdiag.md @@ -16,6 +16,10 @@ ms.localizationpriority: high **Applies to** - Windows 10 +>[!NOTE] +>This is a 300 level topic (moderate advanced).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + [SetupDiag.exe](https://go.microsoft.com/fwlink/?linkid=870142) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. SetupDiag works by examining Windows Setup log files. It attempts to parse these log files to determine the root cause of a failure to update or upgrade the computer to Windows 10. SetupDiag can be run on the computer that failed to update, or you can export logs from the computer to another location and run SetupDiag in offline mode. diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md index 01a1e06134..32eddd5c45 100644 --- a/windows/deployment/upgrade/submit-errors.md +++ b/windows/deployment/upgrade/submit-errors.md @@ -16,6 +16,10 @@ ms.localizationpriority: high **Applies to** - Windows 10 +>[!NOTE] +>This is a 100 level topic (basic).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + ## In this topic This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub. diff --git a/windows/deployment/upgrade/troubleshoot-upgrade-errors.md b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md new file mode 100644 index 0000000000..a7f5d26c91 --- /dev/null +++ b/windows/deployment/upgrade/troubleshoot-upgrade-errors.md @@ -0,0 +1,91 @@ +--- +title: Troubleshoot Windows 10 upgrade errors - Windows IT Pro +description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.date: 03/30/2018 +ms.localizationpriority: high +--- + +# Troubleshooting upgrade errors + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 300 level topic (moderately advanced).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + +If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. + +Briefly, the upgrade process consists of four phases: **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. + +These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered. + +1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible. + +2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software. + + Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues. + + **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information. + + If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware. + + If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption. + +3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade. + +4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, temporarily uninstall anti-virus software, then retry the upgrade. + +If the general troubleshooting techniques described above or the [quick fixes](quick-fixes.md) detailed below do not resolve your issue, you can attempt to analyze [log files](log-files.md) and interpret [upgrade error codes](upgrade-error-codes.md). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue. + +## The Windows 10 upgrade process + +The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. + +When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase. + +1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered. + +  + +2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017. + +  + +3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D. + +  + +4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017. + + At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed. + +  + +  + +  + +5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015. + +**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown): + + + +DU = Driver/device updates.
+OOBE = Out of box experience.
+WIM = Windows image (Microsoft) + +## Related topics + +[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx) +
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-error-codes.md b/windows/deployment/upgrade/upgrade-error-codes.md new file mode 100644 index 0000000000..cdd4fe37c9 --- /dev/null +++ b/windows/deployment/upgrade/upgrade-error-codes.md @@ -0,0 +1,144 @@ +--- +title: Upgrade error codes - Windows IT Pro +description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.date: 03/30/2018 +ms.localizationpriority: high +--- + +# Upgrade error codes + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 400 level topic (advanced).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + + +If the upgrade process is not successful, Windows Setup will return two codes: + +1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error. +2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred. + +>For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**. + +Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/en-us/kb/3159635) then only a result code might be returned. + +>[!TIP] +>If you are unable to locate the result and extend error codes, you can attempt to find these codes using Event Viewer. For more information, see [Windows Error Reporting](windows-error-reporting.md). + +## Result codes + +>A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](resolution-procedures.md) section later in this article. + +Result codes can be matched to the type of error encountered. To match a result code to an error: + +1. Identify the error code type as either Win32 or NTSTATUS using the first hexadecimal digit: +
**8** = Win32 error code (ex: 0x**8**0070070) +
**C** = NTSTATUS value (ex: 0x**C**1900107) +2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits are the actual error code type as defined in the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure. Other digits in the code identify things such as the device type that produced the error. +3. Based on the type of error code determined in the first step (Win32 or NTSTATUS), match the 4 digits derived from the second step to either a Win32 error code or NTSTATUS value using the following links: + - [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) + - [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) + +Examples: +- 0x80070070 + - Based on the "8" this is a Win32 error code + - The last four digits are 0070, so look up 0x00000070 in the [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) table + - The error is: **ERROR_DISK_FULL** +- 0xC1900107 + - Based on the "C" this is an NTSTATUS error code + - The last four digits are 0107, so look up 0x00000107 in the [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx) table + - The error is: **STATUS_SOME_NOT_MAPPED** + +Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot. + +## Extend codes + +>**Important**: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update. + +Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation: + +1. Use the first digit to identify the phase (ex: 0x4000D = 4). +2. Use the last two digits to identify the operation (ex: 0x4000D = 0D). +3. Match the phase and operation to values in the tables provided below. + +The following tables provide the corresponding phase and operation for values of an extend code: + +
+ +
| Extend code: phase | +|
| Hex | Phase + |
| 0 | SP_EXECUTION_UNKNOWN + |
| 1 | SP_EXECUTION_DOWNLEVEL + |
| 2 | SP_EXECUTION_SAFE_OS + |
| 3 | SP_EXECUTION_FIRST_BOOT + |
| 4 | SP_EXECUTION_OOBE_BOOT + |
| 5 | SP_EXECUTION_UNINSTALL + |
| Extend code: operation | +|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
|
+
+
|
+||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index fb04dd5bf6..7b45c2ed1b 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -66,7 +66,7 @@ To run the Upgrade Readiness deployment script: > > *IEOptInLevel = 3 Data collection is enabled for all sites* -4. The latest version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. +4. A recent version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**. The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**. @@ -75,7 +75,9 @@ To run the Upgrade Readiness deployment script: \*vortex\*.data.microsoft.com
\*settings\*.data.microsoft.com -5. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. +5. The latest version (03.28.2018) of the deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**. + +6. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system. ## Exit codes diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md new file mode 100644 index 0000000000..e8c3251320 --- /dev/null +++ b/windows/deployment/upgrade/windows-error-reporting.md @@ -0,0 +1,66 @@ +--- +title: Windows error reporting - Windows IT Pro +description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors. +keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +ms.date: 03/30/2018 +ms.localizationpriority: high +--- + +# Windows error reporting + +**Applies to** +- Windows 10 + +>[!NOTE] +>This is a 300 level topic (moderately advanced).
+>See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article. + + +When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**. You can use Event Viewer to review this event, or you can use Windows PowerShell. + +To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt: + +``` +$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"} +$event = [xml]$events[0].ToXml() +$event.Event.EventData.Data +``` + +To use Event Viewer: +1. Open Event Viewer and navigate to **Windows Logs\Application**. +2. Click **Find**, and then search for **winsetupdiag02**. +3. Double-click the event that is highlighted. + +Note: For legacy operating systems, the Event Name was WinSetupDiag01. + +Ten parameters are listed in the event: +
+
| P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool) |
| P2: Setup Mode (x=default,1=Downlevel,5=Rollback) |
| P3: New OS Architecture (x=default,0=X86,9=AMD64) |
| P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked) |
| P5: Result Error Code (Ex: 0xc1900101) |
| P6: Extend Error Code (Ex: 0x20017) |
| P7: Source OS build (Ex: 9600) |
| P8: Source OS branch (not typically available) |
| P9: New OS build (Ex: 16299} |
| P10: New OS branch (Ex: rs3_release} |
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications) +
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) +
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821) diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md index 51a8bd92fe..2dced411ff 100644 --- a/windows/deployment/windows-10-deployment-scenarios.md +++ b/windows/deployment/windows-10-deployment-scenarios.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high ms.sitesec: library -ms.date: 03/16/2018 +ms.date: 04/03/2018 author: greg-lindsay --- @@ -23,7 +23,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen - Dynamic deployment methods enable you to configure applications and settings for specific use cases. - Traditional deployment methods use tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
-
| Category | Scenario | Description | diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md index d3be3e2ba8..0e81b79e6d 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md @@ -20,7 +20,7 @@ Prefer video? See [Windows Defender Credential Guard Deployment](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) in the Deep Dive into Windows Defender Credential Guard video series. -For Windows Defender Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). +For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). ## Hardware and software requirements diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 43ce0a6db5..645efb6bee 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -1,5 +1,5 @@ --- -title: Hybrid Key trust Windows Hello for Business Prerequistes (Windows Hello for Business) +title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business) description: Prerequisites for Hybrid Windows Hello for Business Deployments keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust ms.prod: w10 diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index c8fbfbe290..29fcf7faee 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -72,7 +72,7 @@ The table shows the minimum requirements for each deployment. ## Frequently Asked Questions ### Can I deploy Windows Hello for Business using System Center Configuration Manager? -Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deploymnet model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager wil no long be supported after November 2018. +Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no long be supported after November 2018. ### What is the password-less strategy? diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 61dc742a69..880d8394b1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -284,7 +284,7 @@ If box **2a** reads **GP** and box **2b** reads **modern management**, write **A | Web Server | NDES | | CEP Encryption | NDES | -If box **2a** reads **GP** and box **2b** reads **N/A**, write **AD FA RA** in box **5b** and write the following certificate template names and issuances in box **5c** on your planning worksheet. +If box **2a** reads **GP** and box **2b** reads **N/A**, write **AD FS RA** in box **5b** and write the following certificate template names and issuances in box **5c** on your planning worksheet. | Certificate Template Name | Issued To | | --- | --- | diff --git a/windows/security/identity-protection/hello-for-business/toc.md b/windows/security/identity-protection/hello-for-business/toc.md index 86c01a544c..ae838d1fcc 100644 --- a/windows/security/identity-protection/hello-for-business/toc.md +++ b/windows/security/identity-protection/hello-for-business/toc.md @@ -22,7 +22,7 @@ #### [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) ### [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md) -#### [Prerequistes](hello-hybrid-cert-trust-prereqs.md) +#### [Prerequisites](hello-hybrid-cert-trust-prereqs.md) #### [New Installation Baseline](hello-hybrid-cert-new-install.md) #### [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) #### [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings.md) diff --git a/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md index c7078281bc..04fceb336d 100644 --- a/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md +++ b/windows/security/identity-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md @@ -1,5 +1,5 @@ --- -title: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security (Windows 10) +title: Open the Group Policy Management Console to Windows Defender Firewall (Windows 10) description: Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security ms.assetid: 5090b2c8-e038-4905-b238-19ecf8227760 ms.prod: w10 @@ -7,10 +7,10 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 08/17/2017 +ms.date: 04/02/2017 --- -# Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security +# Open the Group Policy Management Console to Windows Defender Firewall **Applies to** - Windows 10 diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index c68ad8e70c..20431799cb 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -62,7 +62,7 @@ WIP provides: - Additional data protection for existing line-of-business apps without a need to update the apps. -- Ability to wipe corporate data from devices while leaving personal data alone. +- Ability to wipe corporate data from Intune MDM enrolled devices while leaving personal data alone. - Use of audit reports for tracking issues and remedial actions. diff --git a/windows/security/threat-protection/applocker/configure-the-application-identity-service.md b/windows/security/threat-protection/applocker/configure-the-application-identity-service.md index 73a7463d29..eace7b9b57 100644 --- a/windows/security/threat-protection/applocker/configure-the-application-identity-service.md +++ b/windows/security/threat-protection/applocker/configure-the-application-identity-service.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: brianlic-msft -ms.date: 09/21/2017 +ms.date: 04/02/2018 --- # Configure the Application Identity service @@ -38,4 +38,12 @@ Membership in the local **Administrators** group, or equivalent, is the minimum 2. Click the **Services** tab, right-click **AppIDSvc**, and then click **Start Service**. 3. Verify that the status for the Application Identity service is **Running**. -Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic**. +Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic** by using the Sevices snap-in. Try either of these methods instead: + +- Open an elevated commnad prompt or PowerShell session and type: + + ```powershell + sc.exe config appidsvc start= auto + ``` + +- Create a security template that configures appidsvc to be automatic start, and apply it using secedit.exe or LGPO.exe. diff --git a/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md index 0d9c04fc68..5e17a306fa 100644 --- a/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md +++ b/windows/security/threat-protection/device-guard/deploy-catalog-files-to-support-windows-defender-application-control.md @@ -152,7 +152,7 @@ After the catalog file is signed, add the signing certificate to a WDAC policy, > **Note** Include the **-UserPEs** parameter to ensure that the policy includes user mode code integrity. -3. Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add the signing certificate to the WDAC policy, filling in the correct path and filenames for `-*.updates.microsoft.com +*.update.microsoft.com |