For our industrial computers we use Unified Write Filter (UWF) on the systems. But since a recent update on some computers (30+) we experience a BSOD during shutdown BUGCODE_NDIS_DRIVER, tried updating drivers but with no luck.
So we want to debug the BSOD using the *.dmp file(s). But those are no where to find and the event viewer indicates why:
volmgr crash dump initialization failed
This is due to the missing pagefile which is disabled by the UWF manager. So we tried enabling pagefile on the non protect D:\ partion without luck (C:\ partion is the one protected by UWF). It still gets disabled. This also create a new message during startup of windows:
Windows created a temporary paging file on your computer because of a problem that occurred with your paging file configuration when you started your computer. The total paging file size for all disk drives may be somewhat larger than the size you specified.
This is our batchfile to setup UWF:
uwfmgr volume protect c:
uwfmgr overlay set-size [[RAMSIZE]]
uwfmgr overlay set-warningthreshold [[WARNINGSIZE]]
uwfmgr overlay set-criticalthreshold [[CRITICALSIZE]]
uwfmgr file add-exclusion "C:\Program Files\Windows Defender"
uwfmgr file add-exclusion "C:\ProgramData\Microsoft\Windows Defender"
uwfmgr file add-exclusion "C:\Windows\WindowsUpdate.log"
uwfmgr file add-exclusion "C:\Windows\Temp\MpCmdRun.log"
uwfmgr file add-exclusion "C:\Program Files\Microsoft Security Client"
uwfmgr file add-exclusion "C:\ProgramData\Microsoft\Microsoft Antimalware"
uwfmgr file add-exclusion "C:\Windows\System32\winevt\Logs"
uwfmgr file add-exclusion "C:\Windows\memory.dmp"
uwfmgr file add-exclusion "C:\Windows\minidump.dump"
uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"
uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware"
uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones"
uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation"
uwfmgr registry add-exclusion "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces"
So hopefully someone has struggled with this before and has a properly working solution for a production environment. Took us more than a day without any luck.
