The Windows Servicing Guy

Tips and tricks from a Windows support engineer on issues related to servicing

Fixing component store corruption in Windows 8 and Windows Server 2012

Fixing component store corruption in Windows 8 and Windows Server 2012

  • Comments 173
  • Likes

One of the most used tools when fixing corruption for Windows Vista, 7, 2008 and 2008 R2 was the System Update and Readiness Tool (KB947821), commonly called CheckSUR.  The CheckSUR tool was an excellent way for most people to see what corruption had happened on their store, and potentially fix that corruption if the tool contained the payload to do so.  I’ve written in the past how to use this mechanism to also fix corruption when the CheckSUR utility doesn’t include the payload for your files to “fool” CheckSUR into resolving the problem without needing to do all sorts of whacky permission changes (http://blogs.technet.com/b/joscon/archive/2010/05/26/using-checksur-and-update-packages-to-fix-corruption.aspx). 

The way this works in Windows 8 and Windows Server 2012 is different, in a fantastic way.  It’s called Inbox Corruption Repair and it brings the functionality of CheckSUR into Windows rather than requiring a separate download to get the utility like you do now.  This is exposed in two ways, the first is really unseen by the end user and happens when we detect a corrupted state when attempting to install fixes via Windows Update.  When this happens, we'll fix the corruption silently and then re-install the prior packages.  The manual way to use this tool is via DISM.  The way this is exposed is via the DISM /Cleanup-Image functionality.  Here’s what the available switches do:

/CheckHealth: This checks to see if a component corruption marker is already present in the registry.  We’ll inform the user if there is corruption but nothing is fixed or logged anywhere.  This is merely a quick way to see if corruption currently exists.  Think of it as a read-only CHKDSK. This operation should be almost instantaneous.

/ScanHealth: This checks for component store corruption and records that corruption to the C:\Windows\Logs\CBS\CBS.log but no corruption is fixed using this switch.  This is useful for logging what, if any, corruption exists.  This operation takes ~5-10mins.

/RestoreHealth: This checks for component store corruption, records the corruption to C:\Windows\Logs\CBS\CBS.log and FIXES the corruption using Windows Update.  This operation takes ~10-15mins or more depending on the level of corruption.

As an example, if you wanted to run this utility against your local component store to check for corruption and you wanted it to repair everything as it found it you would run the following command: DISM /Online /Cleanup-Image /RestoreHealth

So a couple of things of note here:

  1. CheckSUR.log is not created using Inbox Corruption Repair, this logging has now been rolled into CBS.log
  2. I would typically recommend you run /RestoreHealth if you suspect corruption as it will record and fix issues and takes about the same time as /ScanHealth. 
  3. This functionality is also present in Windows PowerShell and can be scripted across an environment
  4. Windows Update or a network available WIM are valid recovery sources but WSUS installations are not.  This is important because if you have WSUS enabled in your environment, there is a chance that your repair operations may be captured by the WSUS Servers and not be properly serviced.  You can control this behavior using Group Policy or the /LimitAccess switch
  5. If you decide to block Windows Update and use a local source WIM, the WIM will only be able to recover payloads present in that WIM.  This means that you’ll need to update your WIM files accordingly to match the patch level of your environment or you wont successfully recover.
  6. CheckSUR will continue to be available for down-level operating systems prior to Windows 8 and Windows Server 2012 and will continue to get updated

These changes are really fantastic in my opinion because you no longer need to attempt to move files from other servers, manipulate permissions or “hack” other utilities to get corruption resolved.  Windows Update is updated frequently so that it contains all of the payloads necessary to repair corruption.  And above all else, Inbox Corruption Repair can repair both payload files and manifests (CheckSUR only did manifests) which is a HUGE win for you and I as customers. 

As always, ask questions here.

--Joseph

Comments
  • No question - just a thank you for this post.

  • Sure thing Susan :)

  • Thanks for the post... amazing info and great work on integrating with the OS

    Adding the powershell cmdlets:

    Repair-WindowsImage -Online -CheckHealth

    Repair-WindowsImage -Online -ScanHealth

    Repair-WindowsImage -Online -RestoreHealth

    You may confirm if these are right :)

  • Thanks Rahul, and yes, those are correct

  • What do you mean by "corruption" - missing or altered files?  Does AutoChk and ChkDsk feed back info on what it "fixes" destructively (e.g. truncations, cross-links, unreadable clusters)?

  • Corruption is typically a missing manifest or security catalog.  CHKDSK reports its repairs to the Application event log

  • This is fantastic and therefore it should be ported to Windows 7 in SP2 because no one wants Windows 8.

  • I'll leave the comment xplclient but in the future I ask that you just stick to your point.  I know plenty of people looking forward to Win8 release and plenty that will stay with Win7.  That's what choices are there for.

    --Joseph

  • nice to see that my request to download corrupted files is implemented in Win8. Sadly the "User Unexperience Team" ruined Windows 8 completely :(

    @xpclient

    I doubt that we ever get a Sp2 for Win7. This will be the way for MSFT to force users to upgrade to Win8.

  • Andre;

    I'm interested to hear more about your thoughts on user experience.  Feel free to shoot me mail with your thoughts.

    --Joseph

  • joscon, Could you be a little more detailed as to how we can run this tool.

  • Sure thing Matt, added an example command line for you to the blog.  Let me know if you need something additional.

    --Joseph

  • Thanks Josco, great post us always.

    One question... What about in-place upgrade? Is it still the opcion when it's no possible to recover the corruption?

  • Thanks Rafa, yes, the process for in-place upgrade hasn't changed from prior releases so if you had horribly bad corruption and you needed to recover via in-place, those should all still work.

  • Really good stuff. This makes CheckSUR look crude by comparison.

    "/CheckHealth: This checks to see if a component corruption marker is already present in the registry."

    How do the markers get made in the first place?

    "/ScanHealth: This checks for component store corruption and records that corruption to the C:\Windows\Logs\CBS\CBS.log but no corruption is fixed using this switch."

    If a master image is being created, would it be considered best-practice to run this command after Setup and other servicing procedures had been completed?

    "4. Windows Update or a network available WIM are valid recovery sources..."

    How can a WIM be configured as a recovery source?

    "5. If you decide to block Windows Update and use a local source WIM, the WIM will only be able to recover payloads present in that WIM.  This means that you’ll need to update your WIM files accordingly to match the patch level of your environment or you wont successfully recover."

    Is it conceivable that the WU client could be made to convert update downloads into .MSU files, that could then be used to service a mounted image?