Written by Rafael Silva

Troubleshooting Windows Error Codes Like a Pro

Troubleshooting Windows Error Codes Like a Pro

https://ift.tt/34MYkmc

2Pint Software

I deal with errors every day.  I got used to it. My day is basically one big error. So I needed to learn early on in my life how to figure out what these numbers actually mean. I often see people not knowing how to deal with an error, instead they try to google the error code and often end up more confused than they should be. So let’s change this, let’s troubleshoot like a pro!

First off – hex or decimal

Errors come in different flavors, in positive decimal form, in negative decimal form, and in hex. That’s just part of life, let’s learn how to deal with that.

So let’s start with an error code of: 2147954429. This is a POSITIVE decimal number, but to confuse you even more, it can also be represented using the NEGATIVE number -2147012867, what kind of wizardry is this? To find out more, we need to convert it to hex.

Easy way to convert numbers is using calc.exe and switch to “Programmer mode”:

So if we tap in our positive number as decimal, we can see it convert to hex:

Lets do the same with our negative number:

Spot the similarity? We won’t dwell into the actual details on how/why this happens, typically its down to how developers report on their codes and the size of the numbers.

Ok, so we now know we have a HEX number with meaningful data of 8007 2EFD. If we break that down into two parts, we can see 8007 as one part and 2EFD as another part. 8007 indicates the typical error source.

There are two types of errors on Windows, HRESULT and NTSTATUS types. Both of them are broken down in 4 bytes, i.e. 32 bits. For both of them, the two first bytes indicates the error code “Facility” and other headers, very key info. The remaining two bytes are the actual error code itself, also important. You can read more about these structures here;

[MS-ERREF]: HRESULT | Microsoft Docs

[MS-ERREF]: NTSTATUS | Microsoft Docs

So, with this new knowledge, we need to break down that the 8007 to binary and see the individual bits:

8007 in hex is 1000000000000111 in binary. So we see that the first bit is set, we know this is an error.

S (1 bit): Severity. If set, indicates a failure result. If clear, indicates a success result.

As we dont have the N bit set, we know its now an NTSTATUS message;

N (1 bit): If set, indicates that the error code is an NTSTATUS value (as specified in section 2.3), except that this bit is set.

Then we only really have the three last bits set, which is the value of 7 in decimal and hex. From the list above we can see the following info:

OK, so we have an “undecorated” WIN32 error, which kind of means its “generic”. If we have a COM issue, the error would typically start with 8002, and a BCD error would start with 8039 as this is 1000000000111001 in bits, where 111001 is 39 in hex and 57 in dec.

Lets look at the last part then, the 2EFD, which is our error code. Doing the trick in calc, we know that 2EFD is 12029 in decimal. So lets head over to the generic list of errors (organized per group of thousands) here:

System Error Codes – Win32 apps | Microsoft Docs

Subcatetory would be this link: System Error Codes (12000-15999) (WinError.h) – Win32 apps | Microsoft Docs

As we see here:

So with this knowledge, we head over to the wininet errors: Error Messages (Wininet.h) – Win32 apps | Microsoft Docs

And we there see that the 12029 means:

ERROR_INTERNET_CANNOT_CONNECT

12029

The attempt to connect to the server failed.

Hurrah!

Great, but can we do it faster?

Yes!

  1. Download the Windows error lookup tool from here: The Microsoft Error Lookup Tool – Win32 apps | Microsoft Docs
  2. Smack in the error code on the command like this:

This is awesome, it even coverts the actual values from/to negative/positive/hex for you, it’s awesome and should be promoted!!!

Look at our favorite error of all time, the ConfigMgr 80070005, does it only mean “Access Denied”?

Happy error hunting! The Windows error code knows of almost all errors, so it’s your one stop shop for errors.

//Andreas

The post Troubleshooting Windows Error Codes Like a Pro appeared first on 2Pint Software.

FACILITY_WIN32

7

This region is reserved to map undecorated error codes into HRESULTs.

System Center

via 2Pint Software https://ift.tt/2LN9yz9

November 2, 2020 at 10:51AM
Andreas Hammarskjöld