Friday, 5 June 2009

Black Screen Of Death (KSOD) - Mystery solved?

Black Screen Of Death (KSOD)
Mystery solved?

While applying some new Group Policies I managed to stumble into the mystery known as the "Black Screen Of Death" or KSOD.

In order to get SCCM to work I had to make sure certain services were up and running and in an attempt to prevent the user from accidently stopping the services I also applied security settings to the System Services settings in Computer configuration.

Before long, computers that had applied the new GPO and rebooted (due to updates) started showing up and no, they didn't walk to my office on their own =P
The error went undetected by Vista, it booted up but never managed to show the login and simply rebooted after showing the BIOS logo and before it showed the Microsoft Banner.
Only a Black screen and the cursor ....

Although 8\10 machines were saved using either "Last Known Good Configuration" or Restore points (older then 1 month), it didn't solve every case.
In a stubborn moment I decided to not simply re-install Vista when all attempts to restore failed, the main reason for this was because the solutions I found didn't apply to my problem but I was quite certain that the solution was not far away from what they had suggested.

I decided to do it the hard way and check that all of the settings were correct in the registryitself which of course involved looking at each setting as well as the security rights assigned to the key and containers.
I quickly saw that NetworkService was assigned as it was supposed to be in all of the registry
Controlsets and in the SYSTEM hive but in the RpcSs' security permissions, the NetworkService had no rights!

The reason for this was actually quite simple, the default security settings in the GPO did not include said user. (See picture below to see what users were applied by default)
I must admit that the discovery was uplifting and some what embarrassing at the same time.

With no rights assigned it had to be the reason for the KSODs we had seen, I Pixie (PXE) booted a Vista machine into PE and added the read rights straight to the controlset that was assigned as the Current one, held my breath and rebooted.

Of course, there might be other reasons in play but this is the solution that worked for me so it will probably work for some of you out there.

Default Assignment of Permissions to a Service.

This is how the GPO will assign permissions
by default, as you can see the required user
"Network Service" is not present and unless
it or a group it is a member of is assigned the
proper permissions, the system will crash.

No comments:

Post a Comment