My [1 year and a week] in Network Hell with Microsoft Vista

/a hopefully funny, maybe instructive look at fixing Vista network settings without reformatting/

About a year ago, I installed VMWare Workstation on my HP dv6000 laptop running Vista 32-bit, and it messed up some network adapter settings. No loss of functionality for day-to-day use, just enough to corrupt the contents of the "Network Adapter Properties" dialog box. Opening this dialog box revealed an empty name for the Network Adapter card, and showed an empty list where the network protocols should be. If I were lucky I got a message saying "Another dialog box is open" as an excuse for the inability to change any settings in this window. No there weren't any other open dialox box, but they didn't give me anybody to argue with.

The first repair attempts were almost-spectacularly unsuccessful. Removing the Network Adapter and reinstalling it gave an Error 31 ("Device cannot be started" - thanks I noticed) in the Device Manager, then I was greeted by scvhost using 100% CPU after the next reboot. Be too hasty, do this on both NICs, and lock yourself out of the Net with no way back in. Do this on just one NIC, and scvhost acts up. Do the reboot just later enough so that you forgot you messed up with the network settings (like - a few days later), and seach for a good while until you find that closing the Netman service gives you enough breathing room to find out it was the network adapter reinstall tht broke things. Use a restore point to go back to the previous state. No way to change the TCP/IP settings - no way to connect to another network - no way to use the laptop to test a modem to see if it works. The same nagging feeling you get if your car makes that funny noise, and you know the axel is going to tear out if you go over 40mph.

So this one quiet evening with nothing to do for the coming week, I figured it was time to fix all of that. Of course the only solution proposed by HP, Microsoft, and anybody on the forums was "do a clean Windows reinstall". Sorry but no thanks - I'd better spend a week fixing the damned thing that spending two weeks rebuilding my main computer from scratch (then wondering what I forgot).

First step: uninstalling all the NICs. No use reinstalling at this point - always the same error 31.

Quick stop at the svchost problem. It turns out that if there are any entries in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\NcQueue] , svchost gets in a busy loop trying to dance with the contents. Removed everything inside, and enjoyed the silence.

Still Error 31.

First unsuccessful trip down Vista Hairy Lane was to do a good thorough search in the registry to find remnants of VMWare. Of course I had run the VMWare registry cleaner (i.e. launch the VMWare*.exe installer with /c to clean the registry). There were remnants indeed. Keys pretty much all over the place, partially installed services, keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network , and under pretty much every Root and CLSID's imaginable. Started to remove them manually when it made sense. Then it got interesting: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_VMNETBRIDGE . Keys under Legacy are kind of a new-generation CONFIG.SYS : they point to drivers that shall be loaded no matter what the Universal Plug-and-Play says. Tried to delete it - learned that by now, the Windows registry supports per-key authorization. That key was owned by the user SYSTEM, which was at a higher level than Administrator. I knew that Microsoft intended to turn the Registry into its own cryptic proprietary OS - I realized that day that we were one step closer.

In related news, Windows has a user SYSTEM, more priviledged than Administrator. I'm sure I won't have to hold my breath very long for them to give birth to an even more priviledged user, say METASYSTEM or HYPERVISOR, depending on the fashion of the day. My bet is that in due time, both will come.

Thankfully I found some comment on the Net pointing to SysInternals^H^H^H^H^H^H^H^H^H^H^H^HMicrosoft PsExec, with the command "start psexec -i -d -s c:\windows\regedit.exe" . Stuff that into a Batch file, and, *Most Importantly*, run the batch file as Admin. Stupid I got stuck for a few days wondering why PsExec segfaulted (which must be the error code for "You do not have the right permissions to do that"). Once jailbroken, I could remove the key. At very long last the VMWare services/"hardware" drivers were all out.

At this point reinstalling the Network Adapters would give me an Error 2 in the Device Manager, "Cannot find the file specified". This one turned out tough to isolate, and trivial to fix. To make a long story short, the biggest break was when I found the log file for all device driver installation, c:\windows\inf\setupapi.dev.log . Here's what I saw :

cci: !!! NCI: (loading external data) Error 0x80070002 opening vmware_bridge instance key inf: Opened INF: 'C:\Windows\INF\netnwifi.inf' ([strings.0409] ) inf: Opened INF: 'C:\Windows\INF\netnwifi.inf' ([strings.0409] )

and judging from the last successful install in the same log file, here's what I should have seen:

inf: Opened INF: 'C:\Windows\INF\rspndr.inf' ([strings.0409] ) inf: Opened INF: 'C:\Windows\INF\ndisuio.inf' ([strings.0409] ) inf: Opened INF: 'C:\Windows\INF\ndisuio.inf' ([strings.0409] ) cci: NCI: Init Notify Object for vmware_bridge cci: NCI: Init Notify Object for vmware_bridge complete

Eventually I noticed that the string "vmware_bridge" was hidden deep into a (wide-character, thus unserchable by regedit) string into HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\Config . A quick chek on the net confirms that this key is safe to delete. Deleted. That fixed the whole thing - now all NICs reinstall properly, settings are finally updateable.

Kids, if you learn a lesson from this story, shall it be: don't rely on a machine you are not allowed to tinker inside. And by "allowed" I mean "have all the documentation you need". Or be prepared to spend a week (or fifty-three) paying for it.

-- Christian Meunier, 2009-05-17

----------

Some random facts that may some day be useful :

• Bcdedit.exe /set nointegritychecks ON : disables device driver signing on Vista. No clue as to how it may become genuinely useful (I suppose it just bypasses the mandatory "device driver not sign - recommended not to use this driver" warning. Oh well.)

• After running for a short while without Vista User Account Control (enable/disable it in msconfig.exe, Tools tab) then re-enabling it, a bunch of settings started getting corrupted. McAfee corrupted its Framework service configuration. The language bar started behaving erratically (or rather - not performing at all). Even Windows Defender corrupted the permissions on its settings, which prevented marking such-or-such process as safe to run on startup. Disabled again the UAC and all went smoothly after that. I say good riddance - it's not like the warning window gives any information to help deciding whether we should say "Allow" anyways.

• Shortcut to start the Device Manager: launch devmgmt.msc .

• Shortcut to start the Network Adapter settings: launch ncpa.cpl .