Dear all,
I recently suffered a BSOD error. The code was a Critical Structure Corruption.
The problem report shows:
Problem Event Name: LiveKernelEvent
Code: 1a1
Parameter 1: ffffa40fc8788080
Parameter 2: 0
Parameter 3: 0
Parameter 4: 0
OS version: 10_0_18362
Service Pack: 0_0
Product: 256_1
OS Version: 10.0.18362.2.0.0.256.48
Locale ID: 1033
In order:
1. The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX6jbm6fjqte5wzzrf5807m7eq0z44q5gf.mca did not register with DCOM within the required timeout.
2. The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
3. The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.
4. The SysMain service terminated with the following error:
The handle is invalid.
5. A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.
6. The device HID-compliant headset (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 4 more times. Please contact the device manufacturer for more information about this problem.
7. The Network Connection Broker service terminated with the following error:
A device attached to the system is not functioning.
8. The Connected Devices Platform Service service depends on the Network Connection Broker service which failed to start because of the following error: A device attached to the system is not functioning.
I have attached the DMP here: https://drive.google.com/file/d/1jKC29eOqHBF0nTuGRSMWZAa-NaZwGivh/view?usp=sharing
Error 6 suggests to me that it is my headset. However, the headset was not in use at the time; it was plugged in, but I was using my speakers to access sound.
I also regularly get a LiveKernelEvent Code: 144 error - which I have read is a graphics driver issue.
sfc /scannow
Verification was 100% completed. It found corrupt files and successfully repaired them.
The report is contained here: https://drive.google.com/file/d/1AQHehGbkeKaTrPTxP4mpdO_MifGnMnwH/view?usp=sharing
I should note that I have done this before so something is probably causing the file corruption.
Any advice would be most appreciated.
EDIT: I am not sure if relevant, but I have received five 'warnings' today in event viewer:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-3UDDAUO\grant SID (S-1-5-21-3216817342-4221280751-3601860933-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708).
This security permission can be modified using the Component Services administrative tool.
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-3UDDAUO\grant SID (S-1-5-21-3216817342-4221280751-3601860933-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708).
This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.