Monday, June 16, 2014

Using WinDbg to find root cause of application crash

Below is steps taken to resolve issue with random application crashes occuring on machine.
After Windows udpate Microsoft Word, Excel and bunch of third party applications started to crash on machine with following error message being displayed.

Common troubleshooting technics like booting in safe mode, running antivirus, using "sfc /scannow" did not yeld any results. Rolling back Windows patches did not revert behavior either.

1. Obtain memory dump for failing process (winword.exe in this case). Follow this article to enable memory dump generation. (
2. Load generated dump in WinDbg and issue "lmv" command. This command will list modules loaded into process at the time of crash. Look for anything which is not signed or have no version or something which looks out of place. It was pretty obvious in my case.
74b00000 74b80000   uxtheme    (deferred)            
    Image path: C:\Windows\System32\uxtheme.dll
    Image name: uxtheme.dll
    Timestamp:        Mon Jul 13 20:11:24 2009 (4A5BDB3C)
    CheckSum:         000479E1
    ImageSize:        00080000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     UxTheme.dll
    OriginalFilename: UxTheme.dll
    ProductVersion:   6.1.7600.16385
    FileVersion:      6.1.7600.16385 (win7_rtm.090713-1255)
    FileDescription:  Microsoft UxTheme Library
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
74d40000 75156000   FastAndSafe   (deferred)            
    Image path: c:\ProgramData\Fast And Safe\FastAndSafe.dll
    Image name: FastAndSafe.dll

    Timestamp:        Wed May 21 09:33:53 2014 (537CB951)
    CheckSum:         003FEFF5
    ImageSize:        00416000
    File version:
    Product version:
    File flags:       0 (Mask 0)
    File OS:          0 Unknown Base
    File type:        0.0 Unknown
    File date:        00000000.00000000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
75160000 75169000   version    (deferred)            
    Image path: C:\Windows\System32\version.dll
    Image name: version.dll
    Timestamp:        Mon Jul 13 20:11:07 2009 (4A5BDB2B)
    CheckSum:         000138C1
    ImageSize:        00009000
    File version:     6.1.7600.16385
    Product version:  6.1.7600.16385
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
3. Find out how this got loaded into executable by using Sysinternals autoruns.exe. That utility also provides you solution to problem as well 

Thursday, April 10, 2014

Changing MachineKey on IIS while using SQLMembership provider

There is business need to change MachineKey after servers was already rolled out and SQLMembership provider created accounts on backend encrypted with MachineKey.
Below code and instructions how to properly do that.
1. Your password setting in SQLMembership provider is configured as "encrypted"
That's really the only requirement for the rest of the things to work.

Process is as follows

1. Create membership provider with setting which allows password decryption (enablePasswordRetrieval as "true") and put passwordFormat setting as "clear".
2. Go through the list of users with this membership provider and find all users which are locked and with passwords which can not be decrypted (happens if passwords were encrypted with wrong MachineKey etc). If locked user is encountered then user is unlocked and his password is reset. If any passwords found which are not decryptable then their passwords are reset to preset password. For the rest of the users add their passwords to in-memory Dictionary<> instance which will provide temporary storage of passwords during decryption process.
3. Run SQL statement on database which marks all passwords for all users as [PasswordFormat] =0 which tells provider that this user stores it's password in clear text format. (It's possible to have mix of users in database with both clear and "encrypted" format.
4. Run code against all users and reset their passwords to their original passwords.

By the end of step 4 you would have all passwords in clear text in database.

5. Change "MachineKey" value in web.config file for this application to value you'd like to use
6. Enumerate all users and get their passwords and store them in memory
7. Run SQL statement to mark their [PasswordFormat]=2 which means "encrypted"
8. Change password to the one stored in memory which will encrypt it on the fly to encrypted format in database using MachineKey
9. Change MachineKey in production database

Entire application can stay online (no downtime is required) during operation. The only part which will be offline is user creation and password changes. You need to make sure pages responsible for user creation and password changes are disabled during operations.

Monday, February 24, 2014

Powershell script to send email to users about expiring passwords

Just published powershell script which I wrote to email users in Active Directory about their password expiration.

You can find source code and documentation on following link Technet Gallery