Hi all,
I have an issue slight issue with a Windows 8.1 machine (non domain joined). The user was complaining that the system/applications would become unresponsive. I ran a "Chkdsk /f /r" and it came back with a few bad clusters of which some where located in the "\Windows\System32\sru\SRUDB.dat" file.
In the Application Event Log I see an event ID 476 raised which contain the following:
svchost (1300) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2195456 (0x0000000000218000) (database page 535 (0x217)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
I'm running an "sfc /scannow", but it looks as though the actual SRUDB.dat database has become corrupt. What does this DAT file contain and is there a way to recreate?
SFC retunred:
Windows Resource Protection found corrupt files but was unable to fix some
of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.
I can post the CBS.log file if required, but toward the end there are some interesting entries:
2014-11-30 16:04:31, Info CSI 000008c5 [SR] Verify complete
2014-11-30 16:04:31, Info CSI 000008c6 [SR] Repairing 2 components
2014-11-30 16:04:31, Info CSI 000008c7 [SR] Beginning Verify and Repair transaction
2014-11-30 16:04:31, Info CSI 000008c8 [SR] Cannot repair member file [l:32{16}]"bootmgfw.efi.mui" of Microsoft-Windows-BootEnvironment-Core-BootManager-EFI.Resources,
Version = 6.3.9600.17031, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-GB", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-11-30 16:04:32, Info CSI 000008c9 Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:Lj30AtCo6GC4fXRo0EX1GOwFbEaWFP3FS+YNHfv0SZ4=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-11-30 16:04:32, Info CSI 000008ca [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version =
6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-30 16:04:32, Info CSI 000008cb [SR] Unable to repair \SystemRoot\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_6.3.9600.17031_en-gb_68408c0dc1958b90\\[l:32{16}]"bootmgfw.efi.mui"
2014-11-30 16:04:32, Info CSI 000008cc [SR] Cannot repair member file [l:32{16}]"bootmgfw.efi.mui" of Microsoft-Windows-BootEnvironment-Core-BootManager-EFI.Resources,
Version = 6.3.9600.17031, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-GB", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2014-11-30 16:04:32, Info CSI 000008cd [SR] This component was referenced by [l:168{84}]"Package_2145_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.2919355-4305_neutral_GDR"
2014-11-30 16:04:32, Info CSI 000008ce Hashes for file member \SystemRoot\WinSxS\amd64_prncacla.inf_31bf3856ad364e35_6.3.9600.17415_none_95dd5540d57f8c01\Amd64\CNBJ2530.DPB
do not match actual file [l:36{18}]"Amd64\CNBJ2530.DPB" :
Found: {l:32 b:Lj30AtCo6GC4fXRo0EX1GOwFbEaWFP3FS+YNHfv0SZ4=} Expected: {l:32 b:n520k714Uu3utHa5JGQ6HQYbZphKhlMWq5pEmfnCDuw=}
2014-11-30 16:04:32, Info CSI 000008cf [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version =
6.3.9600.17415, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2014-11-30 16:04:32, Info CSI 000008d0 [SR] This component was referenced by [l:166{83}]"Package_2709_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.3000850-6825_neutral_GDR"
2014-11-30 16:04:32, Info CSI 000008d1 [SR] Repair complete
2014-11-30 16:04:32, Info CSI 000008d2 [SR] Committing transaction
2014-11-30 16:04:32, Info CSI 000008d3 Creating NT transaction (seq 2), objectname [6]"(null)"
2014-11-30 16:04:32, Info CSI 000008d4 Created NT transaction (seq 2) result 0x00000000, handle @0xf0c
2014-11-30 16:04:32, Info CSI 000008d5@2014/11/30:16:04:32.816 Beginning NT transaction commit...
2014-11-30 16:04:32, Info CSI 000008d6@2014/11/30:16:04:32.891 CSI perf trace:
CSIPERF:TXCOMMIT;82527
2014-11-30 16:04:32, Info CSI 000008d7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction
have been successfully repaired
Following this I ran a "Dism /Online /Cleanup-Image /RestoreHealth", which seems to have repair a few packages as seen in the CBS log, therefore I can an "sfc /scannow" once more - this time SFC reported there were no integrity violations.
However, the Event ID 476 and corrupt SRUDB.dat still persists. Is there anything that anyone can suggest?
Cheers