Friday, September 11, 2015


I rebooted my computer to this lovely Blue Screen Of Death (BSOD) message:


Attempting to reboot into Safe Mode also resulted in the same message.  I was able to boot into 'Recovery Mode' which is a 'Windows PE' mode that runs a stripped down version of Windows in RAM.  From here I enabled the network 'Kernel Debugging' by configuring some parameters in the BCD file.

The two parameters I set where:

bcdedit /store C:\boot\bcd /debug on
bcdedit /store C:\boot\bcd /dbgsettings net hostip: port:49152

I needed to set the "/store" parameter to ensure I was manipulating my non-booting BCD file, and not the BCD file that Windows Recovery boots from.  Write down the key or save it someplace, you'll need it on the 'host' computer (see in the above screenshot).

Once here I downloaded and installed 'WinDBG.exe'.  Open windbg.exe and choose "File > Kernel Debug".  On the 'NET' tab, enter your 'Port' number and 'Key' (everything to right of the equal sign) and click 'OK'.

Even though I 'enabled' debug in my BCD file, I found I still needed to tap the 'F8' key while booting and select 'Debugging Mode'.  Once selected, my windbg.exe on my host computer sprang to life!

It turns out you need to enable symbols or else you get an incomplete picture.  After enabling symbols and running !analyze -v I got the following:

ctxusbm.  This is a Citrix driver for their Receiver client that passes through USB to a Citrix session. I had updated Receiver to last month and I probably hadn't rebooted my computer until Windows Update made me.  So that's probably why I'm experiencing this issue now.  To fix this issue, I rebooted into the Windows Recovery mode and deleted all instances of 'ctxusbm' from the SYSTEM hive.  Specifically, I deleted these locations:

Upon the next reboot, my computer came back cleanly and operates without any issues.  I am going to keep this module removed until the next version of Receiver is released, hopefully, I won't have any more issues.  Issues with ctxusbm seem relatively prevalent with Citrix.

No comments: