Jaa


Bugcheck 0xC4 on Windows 2008 R2 when Driver Verifier is not enabled

Hello everyone,

 

It's been a while since I have posted something, but I've been seeing a new trend now and though I'd share it with you.

I've seen a lot of situations lately where Windows 2008 R2 servers are crashing with bugcheck 0xC4 (DRIVER_VERIFIER_DETECTED_VIOLATION) after a reboot even though Driver Verifier is NOT enabled on the system... a bit strange but it seems to be related to some CBS corruption that is already present on the machine.

Here are a few steps to help get you on your way:

 

  1. Boot the system into Recovery Mode (by either booting with a Windows DVD and choosing Repair your computer or by pressing F8 reputedly at boot and choosing Repair your computer)
  2. Open Command Prompt
  3. Use diskpart to identify the OS drive letter and the System Reserved partition drive letter that have been assigned in the recovery environment:
    1. diskpart
    2. list volume
    3. note down the drive letter of the OS drive and of the System Reserved partition
  4. I will use C: for the system reserved partition below and D: for the OS partition but please change them to what you have on your system
  5. Load the SYSTEM registry hive from the OS so that we check and make sure Driver Verifier is not enabled:
    1. regedit
    2. Select HKEY_LOCAL_MACHINE
    3. Click on File -> Load Hive
    4. Browse to D:\Windows\System32\config
    5. Click on the SYSTEM file (the one that has no extension)
    6. Click Open
    7. Give it the name offlineSystemHive
  6. Expand HKEY_LOCAL_MACHINE\offlineSystemHive\Select
  7. Check the Default value
    1. If Default is set to 1 then expand HKEY_LOCAL_MACHINE\offlineSystemHive\ControlSet001\Control\Session Manager\Memory Management
    2. If Default is set to 2 then expand HKEY_LOCAL_MACHINE\offlineSystemHive\ControlSet002\Control\Session Manager\Memory Management
    3. and so on
  8. Check if the following registry keys are present:
    1. VerifyDriverLevel
    2. VerifyDrivers
  9. If they are then delete them and reboot the system
  10. If not then close Registry Editor and go back to the Command Prompt
  11. Run the following commands:
    1. D:
    2. cd D:\Windows\WinSxS
    3. dir *.xml
  12. If you see a file called pending.xml run the following command:
    1. ren pending.xml pending.xml.old
  13. Run the following command in Command Prompt
    1. sfc /scannow /offbootdir=C: /offwindir=C:\Windows
  14. Once finished reboot the system

Hope this helps someone get out of this sort of situation.

Best of luck!