WinDBG

PNP_DETECTED_FATAL_ERROR

2015-09-11
/ / /

I rebooted my computer to this lovely Blue Screen Of Death (BSOD) message:

PNP_DETECTED_FATAL_ERROR
Attempting to reboot into Safe Mode also resulted in the same message.  I was able to boot into ‘Recovery Mode’ which is a ‘Windows PE’ mode that runs a stripped down version of Windows in RAM.  From here I enabled the network ‘Kernel Debugging’ by configuring some parameters in the BCD file.
The two parameters I set where:

bcdedit /store C:\boot\bcd /debug on
bcdedit /store C:\boot\bcd /dbgsettings net hostip:192.168.1.101 port:49152


I needed to set the “/store” parameter to ensure I was manipulating my non-booting BCD file, and not the BCD file that Windows Recovery boots from.  Write down the key or save it someplace, you’ll need it on the ‘host’ computer (see in the above screenshot).

Once here I downloaded and installed ‘WinDBG.exe‘.  Open windbg.exe and choose “File > Kernel Debug“.  On the ‘NET’ tab, enter your ‘Port’ number and ‘Key’ (everything to right of the equal sign) and click ‘OK’.
Even though I ‘enabled’ debug in my BCD file, I found I still needed to tap the ‘F8’ key while booting and select ‘Debugging Mode’.  Once selected, my windbg.exe on my host computer sprang to life!

It turns out you need to enable symbols or else you get an incomplete picture.  After enabling symbols and running !analyze -v I got the following:

ctxusbm.  This is a Citrix driver for their Receiver client that passes through USB to a Citrix session. I had updated Receiver to 14.3.0.5014 last month and I probably hadn’t rebooted my computer until Windows Update made me.  So that’s probably why I’m experiencing this issue now.  To fix this issue, I rebooted into the Windows Recovery mode and deleted all instances of ‘ctxusbm’ from the SYSTEM hive.  Specifically, I deleted these locations:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{CF2A3345-050B-41D0-BAF5-CD558EFAAE3B}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CTXUSBM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ctxusbm

Upon the next reboot, my computer came back cleanly and operates without any issues.  I am going to keep this module removed until the next version of Receiver is released, hopefully, I won’t have any more issues.  Issues with ctxusbm seem relatively prevalent with Citrix.

Read More