question

FXE-9887 avatar image
0 Votes"
FXE-9887 asked FXE-9887 answered

CRITICAL_SERVICE_FAILED at Windows 2016 boot

Hi all,

Since last saturday, we face an Windows Server 2016 boot failure with error "CRITICAL_SERVICE_FAILED".
This happened following our Windows Update cycle, so I guessed it was due to last installed updates.

Then, I restored system disk (via Veeam B&R) 1 day before update, and same issue !
So it seems to not be related to Windows Update.

The only way I have found to make Windows boot "normally" is to chose "boot without drivers signature verification".
After this "successful" boot, I applied latest updates from our WSUS, but the next reboot attempt failed.

sfc /scannow command shows there are errors it cannot repair.
I have launched DISM /Online /Cleanup-Image /RestoreHealth command which has finished correctly, then relaunched sfc /scannow and and no change...

Every time I reboot this VM (under VMware 6.7), boot fails and I have to select "boot without drivers signature verification".

We have several VM based on the same image without any issue.

Any idea please ?
Thank you.

Regards,

windows-server-2016
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@FXE-9887
Hi,

Just checking in to see if the information provided was helpful.

If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.

0 Votes 0 ·

@FXE-9887
Hi,

We have not get information from you for several days.

If the reply is useful for you, please accept as answer. It will be helpful to other members who have same questions.
If you have any other confuse, please reply to us directly.

0 Votes 0 ·
FXE-9887 avatar image
0 Votes"
FXE-9887 answered

Hi all,

Finally, thanks to DELL Software Support Team, our server is now fully operational.

The issue was missing files in folder C:\Windows\System32\CatRoot{F750E6C3-38EE-11D1-85E5-00C04FC295EE} serving drivers signatures.

The solution was to copy all the files in this folder from another Windows Server 2016 to the folder on affected server without overwrite existing files, and then reboot affected server.

Thank you all again for your help.

PS : I'm always waiting for a enterprise-class answer from Microsoft Support.......... Is my paid Software Assurance is really useful ?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JennyFeng-MSFT avatar image
0 Votes"
JennyFeng-MSFT answered JennyFeng-MSFT edited

@FXE-9887
Hi,
Probably the signature of the driver was bad or unknown and Windows was forcing it to be valid, so it was crashing whole system.
Then I suggest you update all the drivers to see if it solves the problem.
For your reference:
https://docs.microsoft.com/en-us/troubleshoot/azure/virtual-machines/troubleshoot-common-blue-screen-error#collect-memory-dump-file

Hope above information can help you.

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered Docs-4663 edited

The computer has scannow and boot problems.

Please post results:

Open administrative command prompt and copy and paste:
sfc /scannow
dism /online /cleanup-image /scanhealth
dism /online /cleanup-image /restorehealth
sfc /scannow

When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into the thread




CBS and CBS persist may take time to troubleshoot.

Consider performing a Regback which should fix both scannow and boot problems.


After a successful Regback:
a) make a new restore point
b) make a free backup image > save the image to another disk drive or the cloud
c) update Windows
d) if there are any problems perform a system restore or restore the image
e) logs can be collected for scanning and troubleshooting

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FXE-9887 avatar image
0 Votes"
FXE-9887 answered FXE-9887 edited

Below the results, in french sorry :

 Microsoft Windows [version 10.0.14393]
 (c) 2016 Microsoft Corporation. Tous droits réservés.
    
 C:\Users\Administrateur>sfc /scannow
    
 Début de l’analyse du système. Cette opération peut nécessiter un certain temps.
    
 Démarrage de la phase de vérification de l’analyse du système.
 La vérification 100% est terminée.
 La protection des ressources Windows a trouvé des fichiers endommagés, mais
 n’a pas réussi à tous les réparer. Des détails sont inclus dans le journal
 CBS.Log windir\Logs\CBS\CBS.log. Par exemple C:\Windows\Logs\CBS\CBS.log. Notez que la journalisation n’est pas actuellement
 prise en charge dans les scénarios de service hors connexion.
    
 C:\Users\Administrateur>dism /online /cleanup-image /scanhealth
    
 Outil Gestion et maintenance des images de déploiement
 Version : 10.0.14393.4169
    
 Version de l’image : 10.0.14393.4169
    
 [==========================100.0%==========================] Aucun endommagement du magasin de composants n’a été détecté.
 L’opération a réussi.
    
 C:\Users\Administrateur>dism /online /cleanup-image /restorehealth
    
 Outil Gestion et maintenance des images de déploiement
 Version : 10.0.14393.4169
    
 Version de l’image : 10.0.14393.4169
    
 [==========================100.0%==========================] La restauration a été effectuée.
 L’opération a réussi.
    
 C:\Users\Administrateur>sfc /scannow
    
 Début de l’analyse du système. Cette opération peut nécessiter un certain temps.
    
 Démarrage de la phase de vérification de l’analyse du système.
 La vérification 100% est terminée.
 La protection des ressources Windows a trouvé des fichiers endommagés, mais
 n’a pas réussi à tous les réparer. Des détails sont inclus dans le journal
 CBS.Log windir\Logs\CBS\CBS.log. Par exemple C:\Windows\Logs\CBS\CBS.log. Notez que la journalisation n’est pas actuellement
 prise en charge dans les scénarios de service hors connexion.
    
 C:\Users\Administrateur>

Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered

Please change the default language to English:



https://www.tenforums.com/tutorials/3813-language-add-remove-change-windows-10-a.html
https://www.tenforums.com/tutorials/136792-change-display-language-windows-10-a.html#option1


Open administrative command prompt and copy and paste:
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Find the new text file on the desktop > post a share link


Run V2 > post a share link into this thread

https://www.windowsq.com/resources/v2-log-collector.8/
https://www.tenforums.com/bsod-crashes-debugging/2198-bsod-posting-instructions.html







.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FXE-9887 avatar image
0 Votes"
FXE-9887 answered

Adding language pack in Windows Server 2016 seems to be pretty different than in Windows 10...
After reading some ways to achieve this, I did not find some equivalent for our 2016 server...

Here the link for CBS.log extract : https://1drv.ms/t/s!AmngHhSfNyRUiRLyh56kdqffUs7x

"V2" download is restricted. Must I register to download it ?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered Docs-4663 edited

Open administrative Powershell and copy and paste this script > click enter > click OK > it typically takes 15 - 20 minutes to run > zip > post a share link


(The script is from Technet) (I've not checked whether it was designed to run on server 2016)


 function wh   
     {  
         Param ( [parameter (Mandatory = $true)][string]$txt )  
         Write-Host $txt -ForegroundColor Green -BackgroundColor Black -NoNewline  
         ##Example usage wh "Alias for `n Write-Host"  
      
     } ## End function wh  
      
      
 function StartScript   
     {  
         ##Locating Temp Dir and writing Transcript  
         $global:tempDir = [System.IO.Path]::GetTempPath()   
         MD $tempDir\LOGS -EA SilentlyContinue   
         CD $tempDir\LOGS  
         $txtCount = Get-Item $tempDir/LOGS/*.TXT -EA SilentlyContinue  
         if((Get-Host).Version.Major -cge 5) ##WIN7 Not Supported  
             {  
                 if($txtCount.Count -cge 1)   
                 {Start-Transcript -Append -Path $tempDir/LOGS/Event-Search.TXT}   
                 Else{Start-Transcript -Path $tempDir\LOGS\Event-Search.TXT}   
             }  
      
         $global:explore = $tempDir + "LOGS\"  
         $global:Ver = "1.6.3"  
         wh "`nLog Collection... (V$Ver)`n"  
      
         #clearing previous actions  
         Stop-Job *  
      
         #Initialize CheckBox Vars to $True/$False  
             $Global:EventsCollect = $true; $Global:SetupDiagCollect = $true  
                 $Global:UpdatesCollect = $true; $Global:WLANCollect = $true  
                     $Global:PowerCollect = $true; $Global:GPCollect = $true  
                         $Global:miscCollect = $true; $Global:bingCollect = $true  
                             $Global:eventOut = $false        
         #Clear Jobs  
         Stop-Job *  
         Remove-Job *  
                                              
     } ## End function Start-Script  
      
      
 function SetupDiagFunc  
     {  
         wh "`n Grabbing SetupDiag.exe ..."       
         Invoke-WebRequest https://go.microsoft.com/fwlink/?linkid=870142 -OutFile $tempDir\SetupDiag.exe -TimeoutSec 3 -UseBasicParsing  
             #check for successful download  
             if((Get-Item $tempDir\SetupDiag.exe).length -gt 100000)  
                 {  
                   wh "`nSuccessful DL!"  
                   wh "`n Invoking SetupDiag.exe ..."  
                   $SetupDiag = {CMD.EXE /C "%temp%\setupdiag.exe /Verbose /Output:%temp%\SetupDiag-Log.txt"}  
      
                   ## Kick-Off SetupDiagJob  
                   Start-Job -Name SetupDiagJob -ScriptBlock $SetupDiag                     
                      
                 }Else{Write-Host "`nDownload of SetupDiag.exe Failed!" -BackgroundColor RED }  
      
     } ## End Function SetupDiagFunc  
      
      
 function EventSearch  
     {  
     wh "`n Starting EventSearch Job-Function ...`n"  
     ## Gathering Events from System using Get-WinEvent via Job  
     $EventSearchJob =   
         {  
         $evtPaths = Get-Item C:\Windows\System32\Winevt\Logs\*.evtx -Exclude "*PowerShell*",   
             "*known folders*" | Select-Object FullName  
         $i = $evtPaths.Count  
      
         $x = 0 ##For 1st Loop do Until x = i  
         $events = @()  
         $gatherEvents = @()  
         $eventsArray = @()  
         $searchResult = @()  
         $MaxEvents = 99  
      
         #Loading/Gathering Events Loop...  
         do {  
           
             ##Getting Events w/ Get-WinEvent         
             $gatherEvents = Get-WinEvent -Path $evtPaths[$x].FullName -MaxEvents $MaxEvents -EA SilentlyContinue  
             $events = $events + $gatherEvents             
      
             $x++  
                  
             }  
              Until ($x -eq $i)      
      
         $x = $x +1 ##Total Events Found!  
              
         $eventsLength = $events.Length ##Total events catalogged!  
              
         $xx = 0  
                   
         # Write Event Properties to a row and roll it out - Collapsing Array ...   
         do {  
                $date = $events[$xx].TimeCreated | Get-Date -Format "yyyyMMdd".ToString() -EA SilentlyContinue ##EA SC for Blank Entries  
                      
                 $eventRow = new-object PSObject -Property @{  
                 Date = $date;  
                 Id = $events[$xx].Id;  
                 Level = $events[$xx].LevelDisplayName;  
                 Provider = $events[$xx].ProviderName;  
                Message = $events[$xx].Message;  
                 }  
      
                 $cRow = $date + " " + "ID:" +  $events[$xx].Id + " " + "Level:" + $events[$xx].LevelDisplayName + " " + "Provider:" + $events[$xx].ProviderName + " " + "Message:" + $events[$xx].Message   
                 $eventsArray += $cRow  
                   
                 $xx++  
                 $d++  
         }  
         Until ($xx -eq $events.Length)  
     
         ##Looking for patterns error or fail in $eventsArray  
         $search = $eventsArray | Select-String -pattern ("error|fail") 
     
         Return $search ## | Write-Output ##Output for job  
      
         } ## End $EventSearchJob  
      
     Start-Job -Name EventSearchJob -ScriptBlock $EventSearchJob  
      
     } ## End function Event-Search  
      
      
 function writeSearch  ##   
     {  
         ##Event Logs Cont.  
         MD $tempDir\LOGS\EVTX\ -EA SilentlyContinue 
     
         ##output to file  
         $search | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name -Wrap > TOP-ERRORS.TXT  
         $search > $tempDir\LOGS\SEARCH.TXT  
      
     if($Global:eventOut -eq $True)  
         {  
         $search | Group-Object | Sort-Object Count -Descending |   
             Select-Object -Property Count, Name | Out-GridView -Title "Top `"Errors`" via EVTX - V-$Ver"  
         }  
      
         wh "`n Collecting Matching EVTX Entries ...`n"     
         #Collecting all prev matching EVTX  
         #$evtx = Get-ChildItem C:\Windows\System32\Winevt\Logs\*.evtx  
         $evv = 0  
                      
            $providerName =   
                (($search | Select-String "Provider:.*Message:").Matches.Value -Replace   
                       " Message:", "" -Replace "Provider:", "" | Group-Object ).Name  
                  
             #Converting Provider Name to Log Name                 
             $providerName = (($providerName | ForEach-Object {Get-WinEvent -ProviderName $_ -MaxEvents 1 -EA SilentlyContinue}).LogName | Group-Object).Name     
                $providerName = $providerName -replace "Microsoft.", ""  
                   $providerName = $providerName -replace "Windows.", ""  
                      $providerName = $providerName -replace "`/.*$", ""  
                               
                               
                          $evtx = $providerName | foreach{Get-ChildItem "C:\Windows\System32\winevt\logs\*$_*"}  
      
                 Do{  
                     COPY $evtx[$evv].PSPath $tempDir\LOGS\EVTX\ 
                        $evv++  
                   }  
                   Until($evv -eq $evtx.Count)  
      
     } #End function writeSearch  
      
      
 function GetUpdates  
     {  
         wh "`n Starting Get-WindowsUpdateLog Job-Function ...`n"  
         $updateJob = {get-WindowsUpdateLog}  
             
         if((Get-Host).Version.Major -cge 5) ##Modern Gatherer  
         {  
             Start-Job -Name GetUpdates -ScriptBlock $updateJob  
         }  
              
         ##Legacy Gatherer  
         CP C:\Windows\WindowsUpdate.log $tempDir\LOGS\WindowsUpdate.log  
      
         ##Installed-Updates/Packages 
         Get-WmiObject win32_quickfixengineering > $tempDir\LOGS\Installed_Updates.TXT  
         Get-WmiObject Win32_OperatingSystemQFE >> $tempDir\LOGS\Installed_Updates.TXT  
     DISM /Online /Get-Packages /Format:Table >> $tempDir\LOGS\Installed_Updates.TXT 
      
     } ## End function Get-Updates  
      
           
 function PrinterCheck  
     {  
         wh "`n Getting Printer Information ..."  
         get-printer | ft Name, ComputerName, Type, DriverName, PortName, Datatype, Location, DriverName > $tempDir\LOGS\Printers.TXT  
         get-printerDriver | fl >> $tempDir\LOGS\Printers.TXT  
         Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
         Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers" | Out-File $tempDir\LOGS\Printers.TXT -Append  
         Get-ChildItem -Recurse Registry::"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" | Out-File $tempDir\LOGS\Printers.TXT -Append  
         write-output "## CBS ntprint CHECK ##" >> $tempDir\LOGS\Printers.TXT  
         $cbsCheck = (Get-ChildItem C:\Windows\Logs\CBS\*cbs* -Recurse | select-string -Pattern "E_INVALIDARG in eventsXml.*Microsoft-Windows-PrintService")  
         if($cbsCheck.Count -eq 0){Write-Output "## NO MATCHES IN CBS ##" >> $tempDir\LOGS\Printers.TXT} Else{$cbsCheck | Group-Object  >> $tempDir\LOGS\Printers.TXT}  
         write-output "## ntprint.dll CHECK ##" >> $tempDir\LOGS\Printers.TXT  
         (Get-ChildItem C:\Windows\System32\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
         (Get-ChildItem C:\Windows\SysWOW64\ntprint.dll).VersionInfo | ft -AutoSize >> $tempDir\LOGS\Printers.TXT  
      
     } ## End function PrinterCheck  
      
      
 function UpdateHelper  
     {  
     if((Get-Host).Version.Major -cge 5)  
         {  
             $winupdatelog = get-item $tempDir\LOGS\windows-update.log    ##WIN-10 File  
             MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue | Out-Null  
             CP C:\Windows\Logs\WindowsUpdate\*.etl $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
         }  
             Else{$winupdatelog = get-item $tempDir\LOGS\windowsupdate.log} ##LEGACY File  
      
     $updateError = ($winupdatelog | select-string -pattern "error.*0x........");  
     $updateErrorSplit = $updateError -Split " "  
     $updateErrorCount = (($updateErrorSplit | select-string -pattern "0x........") -Replace "[(),'`.:]", "" -Replace "hr=", "");  
      
     $updateErrorCount | Group-Object | Sort-Object Count -Descending | Format-Table Count, Name | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT -Width 999  
     $updateError >> UPDATE-ERRORS.TXT  
     if($updateError.length -eq 0){"No `"error.*0x........`" patterns Found in Windows-Update.log" | Out-File $tempDir\LOGS\UPDATE-ERRORS.TXT}  
      
     ($winupdatelog | Select-String "KB\d\d\d\d\d\d\d" | Select-string "fail") | Out-file $tempDir\LOGS\UPDATE-ERRORS.TXT -Append -width 999  
      
     } ## End function UpdateHelper  
      
      
 function getProcesses  
     {  
     wh "`nGetting Active Process ...`n"   
     Get-Process > $tempDir\LOGS\Running-Processes.TXT  
     CMD.EXE /C "tasklist /svc" | Out-File -Append  $tempDir\LOGS\Running-Processes.TXT  
          
     } ## End function getProcesses  
      
      
 function GetApps  
     {  
     wh "`n Getting List of Installed Apps...`n"  
     Get-WmiObject -Class Win32_Product | Format-Table -Property Name, Version, Vendor > $tempDir\LOGS\Installed-Apps.TXT  
     Get-AppxPackage | ft Name, Version, InstallLocation, IspArtiallyStaged, SignatureKind, Status >> $tempDir\LOGS\Installed-Apps.TXT  
          
     } ## End function GetApps  
      
      
 function SetupLogs  
     {  
     wh "`nGetting Windows Setup Logs Independent of SetupDiage.exe...`n"  
         MD $tempDir\LOGS\SETUP\ -EA SilentlyContinue  
     dir C:\ > $tempDir\LOGS\Dir_Structure.txt  
          
     ## Main Setup Collection  
     if($env:SystemDrive -eq 'C:') ##Verify SystemDrive  
     {  
         $SetupPaths = @()  
      
         $locations = @(  
             'C:\GetCurrent',  
             'C:\$Reset',  
             'C:\$SysReset',  
             'C:\$Windows.~BT',  
             'C:\$Windows.~WS',  
             'C:\Windows\Logs\',  
             'C:\Windows\Panther\',  
             'C:\Windows\inf\',  
             'C:\Windows\System32\LogFiles\',  
             'C:\Windows\System32\SysPrep\',  
             'C:\Windows10Upgrade',  
             'C:\Windows.old\Windows\Panther')  
      
         for($i = 0; $locations.count -gt $i; $i++)  
         {   
             if((get-item $locations[$i] -Force -EA SilentlyContinue).length -gt 0) ##Null Path Check -Force for Hidden  
             {  
                 CD $locations[$i]  
                 ##Search includes setuperr/setupact only  
                 $SetupPaths += Get-ChildItem * -Force -Recurse -Include setuperr.log, setupact.log, miglog.xml, *APPRAISER_Humanreadable.xml -EA SilentlyContinue      
             }  
         }  
      
         $cleanPaths = @()  
      
         for($i = 0; $SetupPaths.count -gt $i; $i++)  
         {  
             $cleanPaths += $SetupPaths[$i].PSParentPath.ToString() -replace "Microsoft\.PowerShell\.Core\\FileSystem\:\:C\:\\", ""  
         }  
      
         CD $tempDir\LOGS\SETUP\  
         MD $cleanPaths -Force  
         CD $tempDir\LOGS\  
      
         for($i = 0; $SetupPaths.count -gt $i; $i++)  
         {  
             $destPath = "$tempDir\LOGS\SETUP\" + $cleanPaths[$i]  
             $copyPathLog = ($SetupPaths[$i].ToString())  
                  
             Copy  $copyPathLog -Destination $destPath  
         }  
          
     }Else{Write-Host "`nSystem Drive is not C:... Setup Collection Aborted!`n"}  
     ## End Main Setup Collection  
          
              
         ## Setup Reg Output      
         Get-ChildItem HKLM:\SYSTEM\SETUP\ | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT  
         Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\Me* -recurse -EA SilentlyContinue | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
         Get-Childitem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate | Out-File $tempDir\LOGS\SETUP\HKLM_SYSTEM_SETUP-OOBE.TXT -Append  
      
         ## SetupAct String Search  
      
      
              
          $setupRegx = @("MOUPG SetupHost..Initialize:",  
                         "============================",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Initialize. CmdLine"),  
                         "",  
                         "MOUPG Setup build & Host OS Build:",  
                         "==================================",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG  SetupHost..Setup build"),  
                         "...",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MOUPG      Host OS"),  
                         "",  
                         "Watson Parameters (4&5):",  
                         "=======================",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Watson Bucketing Parameters\[[4-5]\]" ),  
                         "",  
                         "\[0x........\]Error:",  
                         "==================",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "\[0x........\]\[0x.....\]"),  
                         "",  
                         "`"FATAL`":",  
                         "======",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "FATAL" | Select-String -NotMatch "FatalExecutionEngineError" | Select-String -NotMatch "non-fatal"),  
                         "",  
                         "`"Error   `":",  
                         "===========",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "Error   "),  
                         "",  
                         "MIGRATE.*DATA:",  
                         "==============",  
                         "",  
                         (Get-ChildItem $tempDir\LOGS\*setupact.log -Recurse | Select-String "MIGRATE.*DATA"),  
                         ""             
                         )  
             $q=0  
             Do {$setupRegx[$q] | Out-File $tempDir\LOGS\SETUP\SetupAct-Regex.TXT -Append -Width 999 ##spool out results  
                                   $q++                    
                                             }Until($q -eq $setupRegx.Count)  
      
     } ## End function SetupLogs  
      
      
 function powerCFGInfo  
     {  
     MD $tempDir\LOGS\POWER\ -EA SilentlyContinue  | Out-Null  
     wh "`n Grabbing PowerCFG, Sleep & Battery Info ...`n"  
          
     ("`n" + "Available Sleep States (/A): `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     powercfg /a | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
     ("`n" + "-DeviceQuery Wake_Armed: `r" + "`n" +"========================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     powercfg -devicequery wake_armed  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
     ("`n" + "Last Wake (-lastwake):  `r" + "`n" +"=====================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     powercfg -lastwake  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
     ("`n" + "-Requests: `r" + "`n" +"==========`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     powercfg -requests  | Out-file -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
     $powerList = powercfg -list  
     $powerList | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     $powerActive = $powerList | select-string "\*" | powercfg /QH "$_"   
     ("`n`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
     ("`n" + "Active Power Scheme Details: `r" + "`n" +"============================`r" + "`r").ToString() | Out-File -Append -Encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
     $powerActive | Out-File -Append -encoding ascii $tempDir\LOGS\POWER\POWERCFG_INFO.txt  
      
      
     if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support powercfg /battery /sleepstudy  
          {   
            $ifbattery = Get-WmiObject win32_battery  
            if ( $ifbattery.__SERVER.count -cge 1 ) { CMD.EXE /C "powercfg /batteryreport /output %temp%\LOGS\POWER\battery-report.html" }  
            CMD.EXE /C "powercfg /sleepstudy /output %temp%\LOGS\POWER\sleepstudy-report.html"  
          }  
            CMD.EXE /C "powercfg /ENERGY /duration 10 /output %temp%\LOGS\POWER\energy-report.html"         
          
     } ## End function powerCFGInfo  
      
      
 function sysProductCheck  
     {  
     wh "`n Getting SystemProductName ...`n"  
     ##SystemInformation Reg   
     reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SystemInformation\ /v SystemProductName  > $tempDir\LOGS\REG_SystemProductName.TXT   
     Get-WmiObject Win32_ComputerSystem > $tempDir\LOGS\WMI_Object_System.TXT  
     Get-WmiObject Win32_ComputerSystemProduct >> $tempDir\LOGS\WMI_Object_System.TXT  
          
     } ## End functions sysProductCheck  
      
      
 function showWLAN  
     {  
     wh "Generating NETSH WLAN Report...`n"  
      
     $showWLANjob = {  
                     CMD.EXE /c "netsh wlan show networks mode=ssid > %temp%\LOGS\Network\wlan.txt"  
                     CMD.EXE /c "netsh wlan show networks mode=bssid >> %temp%\LOGS\Network\wlan.txt"  
                     CMD.EXE /c "netsh winhttp show proxy > %temp%\LOGS\Network\proxy.txt"  
                     CMD.EXE /c "netsh wlan show wlanreport & COPY C:\ProgramData\Microsoft\Windows\wlanReport\wlan-report-latest.html %temp%\LOGS\Network\wlan-report-latest.html"   
                     ##WIN7 Does not Support netsh wlanreport                                                    
                     }   
      
     Start-Job -Name showWLAN -ScriptBlock $showWLANjob  
      
     } ## End function sysProductCheck  
      
      
 function getGPRESULT  
     {  
     wh "`nGetting GPRESULT...`n"  
     CMD.EXE /C "GPRESULT /V > %temp%\LOGS\GPRESULT.TXT"  
          
     } ## End function getGPRESULT  
      
      
 function reservedCheck  
     {       
             
     $reservedJob =   
         {  
         $vol = (mountvol /L | select-string -Pattern "\\\\")  
         $volstring = "mountvol y:" + $vol[0]  
         CMD.EXE /C $volstring  
          
         SLEEP 2  
      
         CMD.EXE /C "CHKDSK y: > %temp%\LOGS\SystemReserved.TXT"  
          
         SLEEP 2 # Pause after drive dismount  
          
         CMD.EXE /C "mountvol y: /D"  
         }  
      
     Start-Job -Name reservedJob -ScriptBlock $reservedJob  
          
     } ## End function reservedCheck  
      
      
 function fltmcCheck  
     {  
     wh "`n Getting fltmc Filters ...`n"  
     CMD.EXE /c "fltmc filters > %temp%\LOGS\fltmc_filters.TXT"  
          
     } ## End function fltmcCheck  
      
      
 function getDXDiag  
     {  
     wh "`n Grabbing DXDiag Info...`n"  
     C:\Windows\System32\dxdiag /x $explore\DxDiag  
          
     } ## End function getDXDiag  
      
      
 function getMSINFO  
     {  
     wh "`n Gathering MSINFO32 ...`n"  
     ## check if msinfo is already gathering - if so stop  
     If((get-process | select-string -Pattern "msinfo").Pattern -eq "msinfo")  
     {Stop-Process -ProcessName msinfo32}  
      
         C:\Windows\System32\msinfo32.exe /nfo $tempDir/LOGS/MSINFO32.NFO  
                     
     } ## End function getMSINFO  
      
      
 function getAV  
     {  
      if((Get-Host).Version.Major -cge 5) ##Modern OS Only  
         {  
         wh "`n Grab root\SecurityCenter2 AntivirusProduct ...`n"  
         $avPath = (Get-WmiObject -Namespace root\SecurityCenter2 -Class AntivirusProduct) | % {$_.pathtoSignedProductEXE}  
         "AV Info" + "`n========" | Out-File $tempDir/LOGS/SecurityProductInformation.TXT 
     $avPath | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
         if($avPath[0] -match "exe")  
             {   
                 $path = (Get-Item $avPath[0]).PSParentPath  
                 Get-Item $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append  
                 Get-Content $path/*.ini | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append             
             }  
             Get-ChildItem "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\" -recurse -EA SilentlyContinue | Out-File $tempDir/LOGS/SecurityProductInformation.TXT -Append      
         }  
     } ## End function getAV  
      
      
 function getDrivers  
     {  
     wh "`n Grabbing Driver listing via DISM.EXE ...`n"  
         $drivers = cmd.exe /C "dism /online /get-drivers /format:table"  
         $drivers += cmd.exe /C "dism /online /get-drivers /all /format:table"  
         $drivers | Out-File $tempDir/LOGS/DISM-Get-Drivers.TXT  
     wh "`n Done!`n"  
     } ## End Function getDrivers  
      
      
 function getMISCLogs  
     {  
         wh "`nCopying misc. logs ...`n"   
         MD $tempDir\LOGS\WER\ -EA SilentlyContinue   
         MD $tempDir\LOGS\Windows\Logs\WindowsUpdate\ -EA SilentlyContinue  
         CP "C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\*" $tempDir\LOGS\WER\ -Recurse -EA SilentlyContinue  
         CP "C:\Windows\Logs\CBS\*cbs*" $tempDir\LOGS\Windows\Logs\  
         CP "C:\Windows\Logs\DISM\*dism*" $TempDir\LOGS\Windows\Logs\  
         CP "C:\Windows\Logs\WindowsUpdate\*" $TempDir\LOGS\Windows\Logs\WindowsUpdate\  
      
                
         #DMP Collect  
         $dmp = @()  
         $dmp += Get-ChildItem C:\Windows\*.dmp   
         $dmp += (Get-ChildItem C:\Windows\LiveKernelReports\*.dmp -Recurse -EA SilentlyContinue)  
         $dmp += (Get-ChildItem C:\Windows\Minidump\*.dmp -Recurse -EA SilentlyContinue)  
         #Validate empty array  
         if($dmp.length -ne 0)  
             {  
             $dd=0  
                   Do{       
                         If($dmp[$dd].length -lt 2000000)  
                             { $destPath = $dmp[$dd].PSParentPath.Replace('C:\', '').Replace('Microsoft.PowerShell.Core\FileSystem::', '')  
                                 MD $destPath -EA SilentlyContinue 
                                     COPY -Path $dmp[$dd].PSPath -Destination $destPath }  
                         $dd++  
                     }  
                     Until($dd -eq $dmp.Count)  
             }  
     
          #disk info 
          "`nGet-Disk:`n=========" > $tempDir\LOGS\Disk-Info.TXT  
          Get-Disk |fl >> $tempDir\LOGS\Disk-Info.TXT 
          "`nGet-Partition:`n==============" >> $tempDir\LOGS\Disk-Info.TXT  
          Get-Partition >> $tempDir\LOGS\Disk-Info.TXT 
          Manage-bde -protectors -get C: >> $tempDir\LOGS\Disk-Info.TXT 
          "`nIO Fail Search:`n===============`n" >> $tempDir\LOGS\Disk-Info.TXT 
          $search | Select-String ".*io.fail.*" | Select-String -NotMatch '0, 0, 0, 0' >> $tempDir\LOGS\Disk-Info.TXT        
      
     } ## End function getMISCLogs  
      
      
 function bingCollect  
     {  
         ##O365 Firewall Check & Bing.com diagnostics.asp  
         ##URIs based on Article:   
         ##https://support.office.com/en-us/article/Network-requests-in-Office-365-ProPlus-and-Mobile-eb73fcd1-ca88-4d02-a74b-2dd3a9f3364d  
                    
         MD $TempDir\LOGS\Network\ -EA SilentlyContinue  
      
         wh "Performing Bing & O365 URI Check ... `n"  
      
      
               $bingCheck = (Invoke-WebRequest -Uri https://www.bing.com/fdv2/diagnostics.aspx -UseBasicParsing)   
               $bingCheck | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT  
                     
               $URIs = @('api.login.microsoftonline.com',    #0  Standard Reply = 403  
               'api.passwordreset.microsoftonline.com',      #1  Standard Reply = 200  
               'becws.microsoftonline.com',                  #2  Standard Reply = 403  
               'clientconfig.microsoftonline-p.net',         #3  Standard Reply = 404  
               'companymanager.microsoftonline.com',         #4  Standard Reply = 403  
               'device.login.microsoftonline.com',           #5  Standard Reply = 200  
               'graph.microsoft.com',                        #6  Standard Reply = 404  
               'hip.microsoftonline-p.net',                  #7  Standard Reply = 404   
               'hipservice.microsoftonline.com',             #8  Standard Reply = 404  
               'login.microsoft.com',                        #9  Standard Reply = 200  
               'login.microsoftonline.com',                  #10 Standard Reply = 200  
               'logincert.microsoftonline.com',              #11 Standard Reply = 200   
               'loginex.microsoftonline.com',                #12 Standard Reply = 200  
               'login-us.microsoftonline.com',               #13 Standard Reply = 200  
               'login.microsoftonline-p.com',                #14 Standard Reply = 200  
               'login.windows.net',                          #15 Standard Reply = 200  
               'nexus.microsoftonline-p.com',                #16 Standard Reply = 403  
               'passwordreset.microsoftonline.com',          #17 Standard Reply = 200  
               'provisioningapi.microsoftonline.com',        #18 Standard Reply = 403  
               'stamp2.login.microsoftonline.com',           #19 Standard Reply = 200  
               'ccs.login.microsoftonline.com',              #20 Standard Reply = 401  
               'ccs-sdf.login.microsoftonline.com',          #21 Standard Reply = 401  
               'accounts.accesscontrol.windows.net',         #22 Standard Reply = 200  
               'secure.aadcdn.microsoftonline-p.com',        #23 Standard Reply = 400  
               'windows.net',                                #24 Standard Reply = 200  
               'phonefactor.net',                            #25 Standard Reply = 200  
               'account.activedirectory.windowsazure.com',   #26 Standard Reply = 404  
               'secure.aadcdn.microsoftonline-p.com',        #27 Standard Reply = 400  
               'login.windows.net',                          #28 Standard Reply = 200  
               'provisioningapi.microsoftonline.com',        #29 Standard Reply = 403  
               'mscrl.microsoft.com',                        #30 Standard Reply = 400  
               'secure.aadcdn.microsoftonline-p.com',        #31 Standard Reply = 400  
               'windowsupdate.microsoft.com',                #32 Standard Reply = 200  
               'update.microsoft.com',                       #33 Standard Reply = 200  
               'au.download.windowsupdate.com',              #34 Standard Reply = 200  
               'download.windowsupdate.com',                 #35 Standard Reply = 200  
               'download.microsoft.com',                     #36 Standard Reply = 200  
               'tlu.dl.delivery.mp.microsoft.com');          #37 Standard Reply = 403  
              
                     
               $count = 0;  
               $queryResult =@{};  
                     
               Write-Host "Checking URIs .." -NoNewline  
                     
               Do {           
                       Try{  
                       $queryResult[$count] = (Invoke-WebRequest -Uri ("http:`/`/" + $URIs[$count]) -Method Head -UseBasicParsing -TimeoutSec 2).RawContent  
                          }Catch{ $catch = $_ }  
                     
                           if($queryResult[$count].Count -eq 0)  
                                   {$queryResult[$count] = ($catch[$catch.count -1].ToString()).Replace("`n", " ")}                                     
                       Write-Host "." -NoNewline           
                       $count++         
                   }Until ($count -eq ($URIs.Count));                            
               Write-Host "."  
                      
                   Get-Date | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                   $queryResult | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
                        
         Write-Host " Bing Check", `n, "==========" | Out-File $tempDir\LOGS\Network\O365-URL-Query.TXT -Append  
            
               wh "`n`n`n`URL Check Finished...`n"   
     }  
      
      
 function smbConfig  
 {  
      
     $CMDs =  
     {   cmd.exe /c "net config server"    
         cmd.exe /c "net config workstation"  
         Get-SmbClientNetworkInterface  
         Get-SmbServerConfiguration  
         Get-SmbClientConfiguration  
         Get-ChildItem "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer"   
         Get-NetAdapterAdvancedProperty | ft }  
      
     ForEach-Object{Invoke-Command $CMDs | Out-File $TempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
     $share = Get-SmbShare  
      
     ForEach-Object{Get-SmbShareAccess $share.Name | ft  | Out-File $tempDir\LOGS\NETWORK\$env:COMPUTERNAME-SMB-Config.TXT -Append}  
      
 } ## End Function smbConfig  
      
      
 function regLang  
     {       
         DISM.EXE /Online /Get-Intl  | Out-File $tempDir\LOGS\Reg-Lang.TXT  
         "`n","Get-WinUserLanguageList","=======================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
         Get-WinUserLanguageList     | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
         "`n","Get-WinLanguageBarOption","========================" | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
         Get-WinLanguageBarOption    | Out-File $tempDir\LOGS\Reg-Lang.TXT -Append  
     }  
      
      
 function autoRotate  
     {  
         Get-ChildItem HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Auto* | Out-File $tempDir\LOGS\AutoRotate.TXT  
     }  
      
      
 function checkBoxes  
    {  
         Add-Type -AssemblyName System.Windows.Forms  
         Add-Type -AssemblyName System.Drawing  
      
         $Global:form = New-Object System.Windows.Forms.Form  
         $Global:form.Text = "LOGS-V$ver"  
         $Global:form.Size = New-Object System.Drawing.Size(300,400)  
         $Global:form.StartPosition = 'CenterScreen'  
      
         $OKButton = New-Object System.Windows.Forms.Button  
         $OKButton.Location = New-Object System.Drawing.Point(100,300)  
         $OKButton.Size = New-Object System.Drawing.Size(75,23)  
         $OKButton.Text = 'OK'  
         $OKButton.DialogResult = [System.Windows.Forms.DialogResult]::OK  
         $Global:form.AcceptButton = $OKButton  
         $Global:form.Controls.Add($OKButton)  
             
         $Global:form.ControlBox = $false  
              
             $Global:boxNum = 1  
             $Global:checkBox = @{} #hash for $checkBox  
             $tag = @{} #hash for $label  
             $Global:Box = @{}  
      
             function createCheckBox   
                 {  
                     Param ( [parameter (Mandatory = $true)][string]$name,  
                             [parameter (Mandatory = $true)][string]$label )  
                          
                     $drawingPoint = (50 + ($boxNum *25))  
      
                     $Global:checkBox[$boxNum] = New-Object System.Windows.Forms.CheckBox  
                     $Global:checkBox[$boxNum].Location = New-Object System.Drawing.Point(10,$drawingPoint)  
                     $Global:checkBox[$boxNum].Size = New-Object System.Drawing.Size(15,15)  
                     $Global:checkBox[$boxNum].Text = ''  
                     $Global:checkBox[$boxNum].Checked = $true  
                     $Global:form.Controls.Add($checkBox[$boxNum])  
                     #SetupDiag Label  
                     $tag[$boxNum] = New-Object System.Windows.Forms.Label  
                     $tag[$boxNum].Location = New-Object System.Drawing.Point(40,$drawingPoint)  
                     $tag[$boxNum].Size = New-Object System.Drawing.Size(280,20)  
                     $tag[$boxNum].Text = "$label"  
                     $Global:form.Controls.Add($tag[$boxNum])  
      
                     $Global:boxNum ++  
                      
                 } #End nested function createCheckBox   
                
             createCheckBox -name "EV" -label "EventSearch EventLog Helper"       #1  
             createCheckBox -name "SD" -label "SetupDiag.EXE Setup Diagnostics"   #2  
             createCheckBox -name "WU" -label "Get-WindowsUpdateLog Collection"   #3  
             createCheckBox -name "IP" -label "Network Information"               #4  
             createCheckBox -name "PW" -label "POWERCFG. Sleep & Battery Info"    #5  
             createCheckBox -name "GP" -label "GPResult Info"                     #6  
             createCheckBox -name "MS" -label "General Machine Info"              #7  
             createCheckBox -name "EO" -label "EventSearch Out-GridView"          #8            
                     
             #Checkbox State Changes               
             $Global:checkBox[1].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[1].checked -eq $True){ $Global:EventsCollect = $true ; Write-Host "." -nonewline} Else{ $Global:EventsCollect = $false }  
                                  
                     })             
             $Global:checkBox[2].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[2].checked -eq $True){ $Global:SetupDiagCollect = $true ; Write-Host "." -nonewline} Else{ $Global:SetupDiagCollect = $false }  
                                  
                     })  
             $Global:checkBox[3].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[3].checked -eq $True){ $Global:UpdatesCollect = $true ; Write-Host "." -nonewline} Else{ $Global:UpdatesCollect = $false }  
                                  
                     })  
             $Global:checkBox[4].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[4].checked -eq $True){ $Global:WLANCollect = $true ; Write-Host "." -nonewline} Else{ $Global:WLANCollect = $false }  
                                  
                     })  
      
             $Global:checkBox[5].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[5].checked -eq $True){ $Global:PowerCollect = $true ; Write-Host "." -nonewline} Else{ $Global:PowerCollect = $false }  
                                  
                     })  
             $Global:checkBox[6].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[6].checked -eq $True){ $Global:GPCollect = $true ; Write-Host "." -nonewline} Else{ $Global:GPCollect = $false }  
                                  
                     })  
             $Global:checkBox[7].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[7].checked -eq $True){ $Global:miscCollect = $true ; Write-Host "." -nonewline} Else{ $Global:miscCollect = $false }  
                                  
                     })  
      
              $Global:checkBox[8].Add_CheckStateChanged(  
                     {   
                         if($Global:checkBox[8].checked -eq $True){ $Global:eventOut = $true ; $Global:checkBox[1].checked = $true; Write-Host "x" -nonewline} Else{ $Global:eventOut = $false }  
                                  
                     })  
                                               
         $Global:checkBox[8].Checked = $false  
         $mainText = New-Object System.Windows.Forms.Label  
         $mainText.Location = New-Object System.Drawing.Point(62,30)  
         $mainText.Size = New-Object System.Drawing.Size(260,20)  
         $mainText.Text = 'Choose which logs to collect:'  
         $Global:form.Controls.Add($mainText)  
         $result = $Global:form.ShowDialog()  
         SLEEP 1  #testing Topmost lag  
         $Global:form.Topmost = $true  
      
         #OK Button ...   
         if ($result -eq [System.Windows.Forms.DialogResult]::OK)  
         {  
             $x = $textBox.Text  
             $x  
         }       
      
     } #End function checkBoxes  
      
      
 Function werHint  
 {  
     $WERs = Get-ChildItem $tempDir\LOGS\WER\*.wer -Recurse  
      
     $WERArray = @()  
      
     $Date = $WERs | Select-String -pattern "eventtime=" | % {$_ -Replace("C:.*EventTime=", "")}  
     $eventType = $WERs | Select-String -pattern "EventType=" | % {$_ -Replace("C:.*EventType=", "")}  
     $Sig0Nam = $WERs | Select-String -pattern "Sig\[0\].Name" | % {$_ -Replace("C:.*Sig\[0\].Name=", "")}  
     $Sig0Val = $WERs | Select-String -pattern "Sig\[0\].Value" | % {$_ -Replace("C:.*Sig\[0\].Value=", "")}  
     $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
     $Sig3 = $WERs | Select-String -pattern "Sig\[3\].Value" | % {$_ -Replace("C:.*Sig\[3\].Value=", "")}  
     $Sig4 = $WERs | Select-String -pattern "Sig\[4\].Value" | % {$_ -Replace("C:.*Sig\[4\].Value=", "")}  
      
     #ConvertDateTime  
     $epoch = [datetime]"01/01/1601 00:00"  
     $date = $date | foreach{$epoch.AddSeconds($_/10000000)}   
     $convertedDate = foreach($Date in $Date) {Get-Date $Date -Format G}  
      
     $WERarray = 0..($convertedDate.Length -1) | Select-Object @{n="Id";e={$_}},   
         @{n="Date";e={$convertedDate[$_]}}, @{n="EventType";e={$eventType[$_]}},  
             @{n="S0-Name";e={$Sig0Nam[$_]}}, @{n="S0-Value";e={$Sig0Val[$_]}}, @{n="S3";e={$Sig3[$_]}},   
                 @{n="S4";e={$Sig4[$_]}}  
      
     $WERArray |Sort-Object -Descending Date | ft -autosize Date, EventType, S0-Name, S0-Value, S3, S4  |   
         Out-File $tempDir\LOGS\WER-SUMMARY.TXT -Width 500  
      
 } ## End Function werHint  
      
      
      
 ### FUNCTIONS_INIT ###   
      
         $Script:Cancel = @{}  
      
         StartScript #function  
         checkBoxes  
              
         ## SetupDiagCollect   #2  
         if($Global:SetupDiagCollect -eq $True)  
             {  
             SetupDiagFunc #function & job   
             wh "...`n"  
             }  
         ## EventSearch         #1  
         if($Global:EventsCollect -eq $True)  
             {  
             EventSearch #function & job  
             wh "...`n"  
             }  
      
         ## Get-WindowsUpdate   #3  
         if($Global:UpdatesCollect -eq $True)  
             {  
             GetUpdates #function & job  
             wh "...`n`n"  
             }  
      
         ## WLAN/Wifi Collect    #4  
         if($Global:WLANCollect -eq $True)      
             {  
             bingCollect #function  
             wh "...`n"  
             showWLAN #function & job   
             wh "...`n"  
             smbConfig #function  
             }  
      
         ## Power/Battery Collect:#5  
         if($Global:PowerCollect -eq $True)  
             {  
             powerCFGInfo #function - make job takes a min  
             wh "...`n"  
             }  
      
         ## GPRESULT Collection:  #6  
         if($Global:GPCollect -eq $True)  
             {  
             getGPRESULT #function  
             wh "...`n"  
             }  
      
         ## Misc Logs Collection: #7        
         if($Global:miscCollect -eq $True)  
             {  
             getMSINFO #function & job  
                 wh "...`n"  
             PrinterCheck #function  
                 wh "...`n"  
             getProcesses #function  
                 wh "...`n"  
             getApps #function - make job - takes a min  
                 wh "...`n"  
             SetupLogs #function  
                 wh "...`n"       
             sysProductCheck #function  
                 wh "...`n"                 
             reservedCheck #function  
                 wh "...`n"  
             fltmcCheck #function  
                 wh "...`n"  
             getDXDiag #function  
                 wh "...`n"  
             regLang #function  
                 wh "...`n"  
             autoRotate #function  
             getMISCLogs #function  
                 wh "...`n"  
             getDrivers #function  
                 wh "...`n"   
             getAV #function  
                 wh "...`n"            
              }  
            
      
 #### RECEIVING JOBS SECTION ###...   
      
         #EventSearchJob  
         if($Global:EventsCollect -eq $True)  
         {          
             wh "`nWaiting for EventSearchJob to complete...`n"  
      
             Receive-Job -Name EventSearchJob -OutVariable eventSearch -Wait   
             $search = $eventSearch.Line  
         }  
      
      
         if($Global:SetupDiagCollect -eq $True)  
         {  
             #SetupDiagJob - Receive-Job  
             $stamp = (Get-Date -format "hh:mm tt")  
             wh "`nWaiting for SetupDiagJob to complete..."  
             wh "`nTime Stamp: $stamp"  
             wh "`nThis can take up to 10 minutes ..."  
      
             Do{  
               SLEEP 15  
                 wh "."  
                 if((Get-Job -name SetupDiagJob).State -eq "Completed")  
                     { Receive-Job -Name SetupDiagJob  
                            wh "`nSetupDiag Completed!"                         
                         Break                      }  
                                 }Until($Cancel.SetupDiag -eq $True)  
             wh `n  
                                                   
             #Receive file and copy  
             Receive-Job -Name SetupDiagJob -Wait   
             Copy-Item $tempDir\Logs*.zip $tempDir\LOGS\SetupDiag-Log.zip  
             Copy-Item $tempDir\setupdiag*.log $tempDir\LOGS\  
             Remove-Item $tempDir\Logs*.zip  
         }  
      
           
         if($Global:UpdatesCollect -eq $True)  
         {  
             #GetUpdates Job via:  
             #UpdateHelper <--- GetUpdates Job has to finish first!  
             #Checking Status of GetUpdates Job...  
             wh "Checking Status of GetUpdates Job...`n"  
             If ((Get-Job -Name GetUpdates).State -eq "Failed")  
                 { wh "`nGetUpdates Job Failed!`n" }  
                     Else{  
                             Receive-Job -Name GetUpdates -wait  
                             Move $env:USERPROFILE\Desktop\WindowsUpdate.log $TempDir\LOGS\Windows-Update.log -Force  
                             wh "`n Writing Update Helper Info to UPDATE-ERRORS.TXT ... `n"  
                             UpdateHelper #run the update helper function  
                         }               
         } #End getting GetUpdates-job       
      
         #Finishing EventSearch  
         if($Global:EventsCollect -eq $True)  
             {  
                 writeSearch #function  
             }  
      
 #Wait on MSINFO...  
 if($Global:miscCollect -eq $True)  
 {  
     wh "`n Waiting for MSINFO32 to Complete ...`n"  
     do{ start-sleep 1 }  
     Until((get-process | select-string -Pattern "msinfo").Pattern -cne "msinfo")  
         werHint #function  
 }  
      
      
 if((Get-Host).Version.Major -cge 5) ##WIN7 Does not Support Transcript  
     {  
      
 Stop-Transcript   
      
         do{  
     start-sleep 1  
     }  
     Until((get-item $tempDir\LOGS\Event-Search.TXT).Length -cne 0)  
          
     }  
      
 wh "`nLog Collection Completed! `nLogs are available in %temp%\LOGS\`n"    
 wh "`nHit Any Key or Close ...`n"  
      
 Start-Sleep 1  
      
 Start Explorer.exe $explore  
      
 PAUSE  
      
 ## LOGS.PS1 1.6.3  ##     
 ## JOHNEM 8-2019 ##   
 ## EOF ##




.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FXE-9887 avatar image
0 Votes"
FXE-9887 answered FXE-9887 edited
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Docs-4663 avatar image
0 Votes"
Docs-4663 answered Docs-4663 edited

There were 3 mini dump files collected.

All bugchecks were 5A:


CRITICAL_SERVICE_FAILED

Error code: 0xc0000428 =

Windows cannot verify the digital signature for this file.

A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Event viewer system events were not collected / missing.

Some files were partially in another language and could not be scanned.

Summary corruption in the CBS / CBS persist was not seen.

The integrity violations appear to be related to duplicate ownership.




Open file explorer> this PC > C: > in the right upper corner search for: C:\Windows\memory.dmp

if the file size is < 1.5 GB then > save to the downloads folder > zip > post a separate share link into the thread using one drive, drop box, or google drive





Total Detected Corruption: 0
CBS Manifest Corruption: 0
CBS Metadata Corruption: 0
CSI Manifest Corruption: 0
CSI Metadata Corruption: 0
CSI Payload Corruption: 0
Total Repaired Corruption: 0
CBS Manifest Repaired: 0
CSI Manifest Repaired: 0
CSI Payload Repaired: 0
CSI Store Metadata refreshed: True



.
.
.
.
.

Please remember to vote and to mark the replies as answers if they help.

On the bottom of each post there is:

Propose as answer = answered the question

On the left side of each post: Vote = a helpful post
.
.
.
.
.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FXE-9887 avatar image
0 Votes"
FXE-9887 answered

Here the memory dump : https://1drv.ms/u/s!AmngHhSfNyRUiRQc7zgOKpgFs6lc?e=rAeqBw


Thank you for your help.

Regards,

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.