Saturday, March 5, 2016

Troubleshooting a Constantly Freezing Windows 10 PC


enter image description here

On my Windows 10 Home, I was being bugged by constant freezes which forced me to hard reboot now and then. Since I use Ubuntu as my primary OS, I chose to adjust with this for long. However, this became more of a trouble in the recent times with Windows starting up at 98% CPU usage and every process actually showing 0% CPU usage. That's when I decided to get into the root of the problem and resolve it. I was confident that the hardware was fine since Ubuntu worked perfectly all the time.

It turned out that many Windows 10 users, especially those who upgraded from previous versions of Windows 7 or 8 / 8.1 faced similar freezing issues. The answers at Windows Forums by Microsoft staffers generally suggested using the command sfc /scannow to verify that system files were intact. However, most users found it unhelpful and that didn't help me either.

Using the Event Viewer

I was taken aback by the sheer number of errors and warnings which were being logged in the Windows System log (use Event Viewer to check) during the freezes. Here are the ones that impacted me - 

Event LevelSourceEvent IDDescription
ErrorService Control Manager7001The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
ErrorService Control Manager7031The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
ErrorDistributedCOM10010The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. You may have to take ownership
ErrorService Control Manager7011A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service
Warningdisk153The IO operation at logical block address 0x6f8b0 for Disk 0 (PDO name: \Device\0000002d) was retried.
Warningstorahci129Reset to device, \Device\RaidPort0, was issued.
WarningTaskScheduler414Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscoveryW2 definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.
WarningTaskScheduler414Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan definition. Additional Data: Error Value: C:\Program Files\Microsoft Security Client\MpCmdRun.exe.

Now I will describe how each issue was resolved - 

Event ID 7001

ErrorService Control Manager7001The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

In order to fix this issue, use Turn Windows Features on or off and uncheck the TCP Activation option. In my PC, I chose to turn off some IIS related services which were checked. To be honest, I don't really remember when did I check them! This took care of the TCP part. 


Event ID 7031

ErrorService Control Manager7031The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Following these steps can resolve 7031 (Source)
  1. Run Regedit
  2. Expand HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services menus
  3. Scroll down the list of Services in the left pane to find the following services
    • MessagingService
    • OneSyncSvc
    • PimIndexMaintenanceSvc
    • UnistoreSvc
    • UserDataSvc
  4. Click once on the service to highlight it and show its content in the right window pane
  5. Double click the name Start in the left pane
  6. Change the Value data to 4 and then click OK in the window that pops up.
  7. Do this for each of the services above
  8. Close Regedit and restart your computer
Note: All of these services have multiple services with the same name followed by a string of several number and letters. Only change the Start value data in the services identified above, not the other ones with all the numbers and letters.

Event ID 10010

ErrorDistributedCOM10010The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. You may have to take ownership
  1. Run Regedit
  2. Find the key {4991D34B-80A1-4291-83B6-3328366B9097} (yours' might be different) using the Edit > Find option in Registry Editor. It will bring up a result under HKCR\CLSID\
  3. In the context menu select 'Permissions'. Click Advanced and change the owner to Administrators group. Thereafter, in the previous dialog give 'Full Control' to Administrators

Event ID 7011

ErrorService Control Manager7011A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service
  1. In 'Run' type “dcomcnfg” and enter 
  2. Under Component Services\Computers\My Computer\DCOM Config\netprofm 
    1. Right click “netprofm” 
    2. Click “Properties” -> “Security” -> “Launch and Activation Permissions” 
    3. “Customize” -> click “Edit” button -> click “Add..”. It the options in this page are disabled, you will have to take ownership of the Application ID key through Registry as described in the steps for Event ID 10010 above. The application ID can be found in the General tab of the dialog.
    4. Type “LOCAL SERVICE” as the object names, click “OK” -> in “Permissions for LOCAL SERVICE”, 
    5. select “Allow” for “Local Launch” and “Local Activition” -> “OK” -> “OK”
Source. I liked the statement made there: Be patient when repairing computers and don’t give up! The “fix” is probably just “around the corner” and eventually, you’ll discover it. That’s how you become a better tech!

Event ID 129 and 153

Warningdisk153The IO operation at logical block address 0x6f8b0 for Disk 0 (PDO name: \Device\0000002d) was retried.
Warningstorahci129Reset to device, \Device\RaidPort0, was issued.

This issue was causing the PC to freeze during normal usage. The freezes used to last for 10 - 30 seconds. Both the issues were resolved after setting Hard Disk's AHCI link power management settings to Active. While I used the registry links provided in this forum post to enable those options to see AHCI power settings, I had to use active mode instead of HIPM+DIPM suggested there. By default, my setting was HIPM. 

Event ID 414

WarningTaskScheduler414Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscoveryW2 definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.
WarningTaskScheduler414Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan definition. Additional Data: Error Value: C:\Program Files\Microsoft Security Client\MpCmdRun.exe.

These errors were cropping up since the target executables were unavailable, the reason being the changes Microsoft made in Windows 10. The solution was to delete the (Media Center, Microsoft Antimalware) folders from the event scheduler.

Final Result

After I took care of each error / warning as described above, my Windows 10 works like a charm.