Corrupt SRUDB.dat in WIndows 8.1 - Event ID 476 (Network Steve Forum)

Corrupt SRUDB.dat in WIndows 8.1 - Event ID 476

Hi all,

I have an issue slight issue with a Windows 8.1 machine (non domain joined). The user was complaining that the system/applications would become unresponsive. I ran a "Chkdsk /f /r" and it came back with a few bad clusters of which some where located in the "\Windows\System32\sru\SRUDB.dat" file.

In the Application Event Log I see an event ID 476 raised which contain the following:

svchost (1300) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2195456 (0x0000000000218000) (database page 535 (0x217)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

I'm running an "sfc /scannow", but it looks as though the actual SRUDB.dat database has become corrupt. What does this DAT file contain and is there a way to recreate?

SFC retunred:

Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.

I can post the CBS.log file if required, but toward the end there are some interesting entries:

2014-11-30 16:04:31, Info                  CSI    000008c5 [SR] Verify complete
2014-11-30 16:04:31, Info                  CSI    000008c6 [SR] Repairing 2 components
2014-11-30 16:04:31, Info                  CSI    000008c7 [SR] Beginning Verify and Repair transaction
2014-11-30 16:04:31, Info                  CSI    000008c8 [SR] Cannot repair member file [l:32{16}]"bootmgfw.efi.mui" of Microsoft-Windows-BootEnvironment-Core-BootManager-EFI.Resources, Version = 6.3.9600.17031, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-GB", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-11-30 16:04:32, Info                  CSI    000008c9 Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:Lj30AtCo6GC4fXRo0EX1GOwFbEaWFP3FS+YNHfv0SZ4=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-11-30 16:04:32, Info                  CSI    000008ca [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-30 16:04:32, Info                  CSI    000008cb [SR] Unable to repair \SystemRoot\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.3.9600.17031_en-gb_68408c0dc1958b90\\[l:32{16}]"bootmgfw.efi.mui"
2014-11-30 16:04:32, Info                  CSI    000008cc [SR] Cannot repair member file [l:32{16}]"bootmgfw.efi.mui" of Microsoft-Windows-BootEnvironment-Core-BootManager-EFI.Resources, Version = 6.3.9600.17031, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-GB", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-11-30 16:04:32, Info                  CSI    000008cd [SR] This component was referenced by [l:168{84}]"Package_2145_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.2919355-4305_neutral_GDR"
2014-11-30 16:04:32, Info                  CSI    000008ce Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:Lj30AtCo6GC4fXRo0EX1GOwFbEaWFP3FS+YNHfv0SZ4=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-11-30 16:04:32, Info                  CSI    000008cf [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-30 16:04:32, Info                  CSI    000008d0 [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"
2014-11-30 16:04:32, Info                  CSI    000008d1 [SR] Repair complete
2014-11-30 16:04:32, Info                  CSI    000008d2 [SR] Committing transaction
2014-11-30 16:04:32, Info                  CSI    000008d3 Creating NT transaction (seq 2), objectname [6]"(null)"
2014-11-30 16:04:32, Info                  CSI    000008d4 Created NT transaction (seq 2) result 0x00000000, handle @0xf0c
2014-11-30 16:04:32, Info                  CSI    000008d5@2014/11/30:16:04:32.816 Beginning NT transaction commit...
2014-11-30 16:04:32, Info                  CSI    000008d6@2014/11/30:16:04:32.891 CSI perf trace:
CSIPERF:TXCOMMIT;82527
2014-11-30 16:04:32, Info                  CSI    000008d7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

Following this I ran a "Dism /Online /Cleanup-Image /RestoreHealth", which seems to have repair a few packages as seen in the CBS log, therefore I can an "sfc /scannow" once more - this time SFC reported there were no integrity violations.

However, the Event ID 476 and corrupt SRUDB.dat still persists. Is there anything that anyone can suggest?

Cheers

November 30th, 2014 5:09pm

on this web site there is similar problem

http://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/event-viewer-esent-error-467/fb604c97-8214-4abe-ac47-277b7648ce1b

Free Windows Admin Tool Kit Click here and download it now

November 30th, 2014 11:00pm

Hi Swinster,

The bad clusters seems to be the root cause .Before we restore the .bat ,we should ensure hardware issue has been resolved.If the hardware persists ,this Event ID will persist and the dism will not work.

Here is similar symptom and it will help us to troubleshoot the Event ID 476.

http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Exchange&ProdVer=8.0&EvtID=476&EvtSrc=ESE&LCID=1033

You may need to consider to migrate to a different disk.

Best regards

December 1st, 2014 12:47pm

on this web site there is similar problem

<xmlns:texthelpns rwthpgen="1">http:</xmlns:texthelpns><xmlns:texthelpns rwthpgen="1">//answers.microsoft.com/en-us/windows/forum/windows8_1-performance/event-viewer-esent-error-467/fb604c97-8214-4abe-ac47-277b7648ce1b</xmlns:texthelpns>

Hi Nicolas, I should have mentioned that I have already read this thread and been unable to resolve the problem.

Free Windows Admin Tool Kit Click here and download it now

December 1st, 2014 1:08pm

Hi MeipoXu,

Many thanks for your pointer. I have indeed seen the 476 issue with Exchange databases and a lot of the online info do relate to Exchange for this error. I had wondered if the same process could be used to resolve this error.

The HDD is a Western Digital and so I left the WD diagnostic tests running last night. I will check with the user to see if they completed successfully. Obviously HDD can develop bad sectors which are not necessarily a sign that the drive is failing, but as this machine is less than a year old, if the bad sector count keep rising, I will indeed replace and clone the HDD.

I will report back when I have more info.

Cheers

December 1st, 2014 1:22pm

Hi Swinster,

Is there any new information to update?

Best regards

Free Windows Admin Tool Kit Click here and download it now

December 10th, 2014 10:09am

Hi MeipoXu,

The WD diagnostic showed there were unrecoverable errors, although multiple ChkDsk have not found any further problems. We are going back to the manufacturer (Acer) to get a warranty replacement, however the system seem much more stable at this present time.

If I clone the drive I will obviously clone the error, but I'm not sure if it is worth fixing at this point in time.

Regards,

Chris

December 10th, 2014 2:49pm

Hi Swinter,

WD diagnostic showed there were unrecoverable errors the system seems to be stable

Since there are unrecoverable errors and it has much possibility to relate to the drive. The error will occur again if the hardware issue is not be resolved. If the issue is under tolerant , I recommend you to back up your important data to a separate media. This is vital to avoid of losing important data due to the unexpected drive corruption. Making a full system imagine is a better choice, though the error may be included.

If you decide to replace the hard drive ,this video may be helpful.
Video: Restoring your PC after a hard drive failure
http://windows.microsoft.com/en-HK/windows7/help/videos/restoring-your-pc-after-a-hard-drive-failure#tab=system

Best regards

Marked as answer by Yolanda ZhuMicrosoft contingent staff, Moderator Friday, December 19, 2014 9:09 AM

Free Windows Admin Tool Kit Click here and download it now

December 12th, 2014 9:12am

I am getting nearly the same error except that my Event ID is 474. SFC and DSIM both run and the issue still occurs.

Thanks for posting.

April 14th, 2015 8:11pm

This topic is archived. No further replies will be accepted.