Win10 doesn't boot after F-Secure installing critical updates

Rossen
Rossen W/ Partner Posts: 5 Junior Protector

Hello there,

I have 10 computers that are unable to boot with error: Inaccessible boot device.
All of them have one thing in common: they received updates via F-Secure this morning. After restart they cannot boot.

 

Does anyone else have similar problems?

 

Any ideas?

Comments

  • ATLtech
    ATLtech W/ Alumni Posts: 4 Security Scout

    We are dealing with the same issue. Currently the only option Microsoft has given, because no others work, is to reformat the machine. We are still waiting on F-Secure Support to get back to us.

     

    Have you heard back from Support with an answer/resolution?

  • Rossen
    Rossen W/ Partner Posts: 5 Junior Protector

    All PCs are with Windows 10. This morning they got few updates.

     

    The only solution I found so far is reinstallation or Troubleshooting->Reset this PC->Keep files.

     

    Hope this helps!

  • Rossen
    Rossen W/ Partner Posts: 5 Junior Protector
    How many PCs you have? Are all of them with Win10
  • ATLtech
    ATLtech W/ Alumni Posts: 4 Security Scout
    edited February 2021

    The ones having issues are all Windows 10 as well. We tried every single troubleshooting option out there, save for reformatting the machines, but nothing worked. I called F-Secure, and they sent me the following afterward:

     

    Thank you for contacting F-Secure.

    As per our conversation, it seems that there is an ongoing issue with regards to the blue screen'INACCESSIBLE_BOOT_DEVICE' however this is caused by the Microsoft Cumulative Month Updates that triggered this. The F-Secure Software Updater and Windows updates seems to have been configured to have two updates installed however it seems as though Microsoft has configured these updates to function correctly only if one update is installed and then the other.

    This seems to have affect users worldwide that have programs that are similar to the Software Updater and also those that allowed the Windows Update to run automatic updates.

    We would like to first advise that you have the Software Updater disabled inside the PSB Portal to prevent this from happening on any other Windows 10 machines. There has yet to be an update on how this can be resolved from our end however I managed to find the following steps that may help you resolve the issue before going to have the machines reformatted.

    1.
    Microsoft Diagnostics and Recovery Toolset (DaRT)

    http://www.thepc.tech/2016/06/windows-10-dart-10-x64.html

    Here are some 3rd Party forums that might give you some ideas on how you could handle the problem before completely reformatting the machine as per suggested by Microsoft.

    ***Disclaimer : These links provided below are not written by F-Secure and the steps to be taken further are of the users own responsibility.

    https://superuser.com/questions/1198226/blue-screen-inaccessible-boot-device-on-windows-10

    https://www.reddit.com/r/vmware/comments/65ws15/windows_kb4015217_breaks_vm_boot/dge235t/

    Let us know the outcome of this. We look forward to hear from you.

    Best regards,

    Senior Customer Service Engineer
    F-Secure Corporation
    http://www.f-secure.com

    [EDIT: PII] 

  • ATLtech
    ATLtech W/ Alumni Posts: 4 Security Scout

    I haven't tested out the DaRT iso yet, but I will yet tonight or tomorrow. I will post my findings on here!

  • Rossen
    Rossen W/ Partner Posts: 5 Junior Protector

    SOLVED!!!!

     

     

     

  • comalley
    comalley W/ Alumni Posts: 5 Security Scout

    Hi all,

     

    Just to expand on what Rossen said. Boy I wish I had a post like yours to read last month, Rossen! So...

    I have been watching for an issue like this (for a brief period I thought WSUS on an older server was involved).

     

    My company had a dozen or more INACCESSIBLE_BOOT_DEVICE non-booting PC's last month, starting right after after "Patch Tuesday" in May. The fundamental reason for it is that a support tool, in our case F-Secure, is forcing updates flagged as "security"-related on machines without delving into the inter-operability of these updates.

     

    Specifically, if a machine ends up installing a "rollup" update that itself contains a "delta" security update that is also being installed, that leaves the machine in this unbootable state with a helpful message that makes you think the hard drive is dead. The logic that chooses updates need to be more sophisticated than this!!

     

    Here is another systems management tool that caused a similar issue. Finding this thread was an absolute godsend for me last month:

    https://community.ivanti.com/thread/35248

    ... and here (linked from the above) is the Microsoft article talking about not mixing these updates together (F-Secure take note! Do you write your own update-choosing algorithms or buy them in? Either way, get it fixed ASAP!):

    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/monthly-delta-update-isv-support-without-WSUS

     

    In any case, dism is the solution, as Rossen said. Get a command window up, with boot media > repair option > advanced. Then run this:

    D:\>x:\windows\system32\dism.exe /image:C:\ /Get-Packages

     

    The C: will correspond to the actual Windows install and will vary depending on recovery partitions etc.

    Look for updates that are not complete, marked as "pending". You can also see the date (as Rossen mentioned).

     

    For me, in May 2017, there were three on every single affected machines (some possibly WannaCry-related):

     

    Package Identity : Package_for_RollupFix_Wrapper~31bf3856ad364e35~amd64~~14393.1198.1.6

    State : Install Pending

    Release Type : Security Update

    Install Time :

    Package Identity : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1066.1.8

    State : Install Pending

    Release Type : Security Update

    Install Time : 5/10/2017 5:26 PM

    Package Identity : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1198.1.6

    State : Install Pending

    Release Type : Security Update

    Install Time : 5/10/2017 5:24 PM

     

     

    Roll *each one* back like so:

    D:\>x:\windows\system32\dism.exe /image:C:\ /remove-package /packagename:Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1198.1.6

     

    It's possible that this can all be done in one command like so, once you know the right drive letter) but I haven't tested it:

    dism.exe /image:C:\ /cleanup-image /revertpendingactions

    source:

    https://serverfault.com/questions/762270/windows-server-2012-r2-update-stuck-after-restart-at-9

     

    To sum up...

    This is an *appalling* thing to have to fix on a bunch of PC's.

    On older machines it takes a while to get the cmd window up, and the removal of a large rollup update takes a very long time. You will easily end up wasting an entire day.

     

    I really hope this doesn't become a regular occurrence after Patch Tuesday every month, or F-Secure will become more trouble than it is worth.

     

    Thank you,

    Conor

  • comalley
    comalley W/ Alumni Posts: 5 Security Scout

    Hi all,

     

    Just to expand on what Rossen said. Boy I wish I had a post like yours to read last month, Rossen! So...

    I have been watching for an issue like this (for a brief period I thought WSUS on an older server was involved).

     

    My company had a dozen or more INACCESSIBLE_BOOT_DEVICE non-booting PC's last month, starting right after after "Patch Tuesday" in May. The fundamental reason for it is that a support tool, in our case F-Secure, is forcing updates flagged as "security"-related on machines without delving into the inter-operability of these updates.

     

    Specifically, if a machine ends up installing a "rollup" update that itself contains a "delta" security update that is also being installed, that leaves the machine in this unbootable state with a helpful message that makes you think the hard drive is dead. The logic that chooses updates need to be more sophisticated than this!!

     

    Here is another systems management tool that caused a similar issue. Finding this thread was an absolute godsend for me last month:

    https://community.ivanti.com/thread/35248

    ... and here (linked from the above) is the Microsoft article talking about not mixing these updates together (F-Secure take note! Do you write your own update-choosing algorithms or buy them in? Either way, get it fixed ASAP!):

    https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/monthly-delta-update-isv-support-without-WSUS

     

    In any case, dism is the solution, as Rossen said. Get a command window up, with boot media > repair option > advanced. Then run this:

    D:\>x:\windows\system32\dism.exe /image:C:\ /Get-Packages

     

    The C: will correspond to the actual Windows install and will vary depending on recovery partitions etc.

    Look for updates that are not complete, marked as "pending". You can also see the date (as Rossen mentioned).

     

    For me, in May 2017, there were three on every single affected machines (some possibly WannaCry-related):

     

    Package Identity : Package_for_RollupFix_Wrapper~31bf3856ad364e35~amd64~~14393.1198.1.6

    State : Install Pending

    Release Type : Security Update

    Install Time :

    Package Identity : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1066.1.8

    State : Install Pending

    Release Type : Security Update

    Install Time : 5/10/2017 5:26 PM

    Package Identity : Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1198.1.6

    State : Install Pending

    Release Type : Security Update

    Install Time : 5/10/2017 5:24 PM

     

     

    Roll *each one* back like so:

    D:\>x:\windows\system32\dism.exe /image:C:\ /remove-package /packagename: Package_for_RollupFix~31bf3856ad364e35~amd64~~14393.1198.1.6

     

    It's possible that this can all be done in one command like so, once you know the right drive letter) but I haven't tested it:

    dism.exe /image:C:\ /cleanup-image /revertpendingactions

    source:

    https://serverfault.com/questions/762270/windows-server-2012-r2-update-stuck-after-restart-at-9

     

    To sum up...

    This is an *appalling* thing to have to fix on a bunch of PC's.

    On older machines it takes a while to get the cmd window up, and the removal of a large rollup update takes a very long time. Overall you can spend a full day on this if you have over 100 computers and 10% are hit.

     

    I really hope this doesn't become a regular occurrence after Patch Tuesday every month, or F-Secure will become more trouble than it is worth.

     

    Thank you,

    Conor

  • ATLtech
    ATLtech W/ Alumni Posts: 4 Security Scout

    Thanks for the reply, Conor! I actually received an email from F-Secure that is linked to the "Known Issue" section of the site, related to these issues. See below!

     

     

    https://community.f-secure.com/t5/Known-Issues-in/Blue-Screen-of-Death-BSoD-after/m-p/95259#M44

  • TerjeF
    TerjeF W/ Alumni Posts: 5 Security Scout

    This happened in May aswell. Not as many for June yet.

    We have solved this on 14-15 computers with going backup to a previous systemrestore point. But this usually failes at first, and we have to rename or delete c:\Programfiles\WindowsApps before running the system restore.

    Boot into troubleshooting mode, and use command promt to first:

    attrib ?:\Program files\WindowsApps -h

    then

    rename ?:\Program files\WindowsApps c:\Program files\WindowsApps.old

     

    Then run the restore again. It might give an error this time also, but the restore works. At least it has for us.

    This i a huge pain. I have made customers do this over the phone, when they are at a remote location but we are now going to turn off Software Updates via F-Secure until this is resolved.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    > I really hope this doesn't become a regular occurrence after Patch Tuesday every month, or F-Secure will become more trouble than it is worth.

     

    On a related note, Microsoft appears to be on a crusade against some european AV vendors. Whether or not they do this on their own initiative or maybe Redmond received a National Security Letter from NSA (also known as a FISA secret court verdict) which forces them to collaborate in hurting independent AV vendors, is anybody's guess.

     

    However, Microsoft hotfixes breaking compatibility or even causing AVP software malfunction suddenly, unexpectedly and without prior notification have become so frequent during the past few years and escalated to such intolarable levels since Win10 published that KL of Russia just filed an official complaint with the anti-trust / consumer protection investigation authorities of EU and  Germany about 2 weeks ago.

     

    Best Regards: Tamas Feher, Hungary.

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    Hi all,

     

    note that you can subscribe to the article mentioned earlier by  @ATLtech to receive email notification when we have update on the problem.

  • fiechann
    fiechann W/ Alumni Posts: 1 Security Scout

    Hi,

     

    It does happen regularly after Tuesday updates. We have 5 machines today with the same problem caused by 08. 08.2017 updates. To make it worst, those solutions to remove pending packages doesn't work anymore with some errors like error: 87, error: 2, and scratchDir error.

     

    I reported this issue to F-secure sometime on January or February, but i guess they don't get any record from other users so they don't take my case seriously and blame the Microsoft completely. 

     

    We ran out of ideas, any advice everyone? 😊

     

    Thanks,

    For 


    @etomcat wrote:

    Hello,

     

    > I really hope this doesn't become a regular occurrence after Patch Tuesday every month, or F-Secure will become more trouble than it is worth.

     

    On a related note, Microsoft appears to be on a crusade against some european AV vendors. Whether or not they do this on their own initiative or maybe Redmond received a National Security Letter from NSA (also known as a FISA secret court verdict) which forces them to collaborate in hurting independent AV vendors, is anybody's guess.

     

    However, Microsoft hotfixes breaking compatibility or even causing AVP software malfunction suddenly, unexpectedly and without prior notification have become so frequent during the past few years and escalated to such intolarable levels since Win10 published that KL of Russia just filed an official complaint with the anti-trust / consumer protection investigation authorities of EU and  Germany about 2 weeks ago.

     

    Best Regards: Tamas Feher, Hungary.


     

     

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello fiechann,

     

    We had fixed the scenario, in which F-Secure Software Updater initiated installation of both Delta and Cumulative Tuesday updates without restart in the middle, in June. 

     

    Unfortunately, since that time, we get several customer reports about BSOD, and the analysis shows that it was caused by another scenario:

    - F-Secure Software Updater initiates the installation of Tuesday Delta update;

    - F-Secure Software Updater Reboot request dialog is shown, but local user selects "Postpone" option;

    - Windows Updates initiates Tuesday Cumulative update installation;

    - BSOD appears after reboot.

     

    Possible workarounds are:

    - Tune "Force restart in" policy for Automatic installation (default value is 1 day);

    - Exclude Microsoft Tuesday Delta and Cumulative updates from automatic installation in F-Secure Software Updater. For example, to exclude August Tuesday Delta/Cumulative updates, exclude Bulletin ID "MS17-08-W10". Support can provide you more detailed instructions for creating exclusions in Policy Manager and/or PSB Portal .

     

    Best regards,

    Vad

     

  • perttis
    perttis W/ Alumni Posts: 1 Security Scout

    Possible workarounds are:

    - Tune "Force restart in" policy for Automatic installation (default value is 1 day);

    - Exclude Microsoft Tuesday Delta and Cumulative updates from automatic installation in F-Secure Software Updater. For example, to exclude August Tuesday Delta/Cumulative updates, exclude Bulletin ID "MS17-08-W10". Support can provide you more detailed instructions for creating exclusions in Policy Manager and/or PSB Portal .

     


    You should provide a setting that excludes those updates without specifically excluding them one at the time.  Or did i misunderstood this exclusion mechanism?

  • nobodyknows
    nobodyknows W/ Alumni Posts: 4 Security Scout

    Happend to me several times, f-secure need a quick fix for this, cant keep my customers happy when f-secure messing up theirs computers several times in week.

     

    System restore to earlier point worked for me, very annoying problem..

     

     

     

This discussion has been closed.