KB4598242/KB4598229 BSOD Crash with CRITICAL PROCESS DIED errors

%3CLINGO-SUB%20id%3D%22lingo-sub-2071663%22%20slang%3D%22en-US%22%3EKB4598242%2FKB4598229%20BSOD%20Crash%20with%20CRITICAL%20PROCESS%20DIED%20errors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2071663%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20started%20rolling%20out%20KB4598230%2FKB4598242%2FKB4598229%20last%20week%2C%20since%20when%20we%20have%20seen%20widespread%20BSOD%20crashes%20with%20CRITICAL%20PROCESS%20DIED%20errors%2C%20and%20nothing%20useful%20in%20the%20crash%20dump.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20same%20happens%20on%20many%20of%20our%20laptops%20with%20the%20equivalent%20patches%20(e.g.%26nbsp%3B%3CSPAN%3EKB4598242%2C%20KB4598229)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20issue%20on%20Server%202019%20occurs%20every%20time%20one%20of%20our%20servers%20tries%20to%20do%20a%20VSS%20snapshot.%26nbsp%3B%20This%20isn't%20the%20only%20time%20it%20happens%20-%20I%20watched%20both%20my%20file%20servers%20BSOD%20within%205%20minutes%20this%20morning%2C%20not%20at%20the%20VSS%20snapshot%20time%2C%20but%20one%20does%20it%20reliably%20at%20the%20schedule%20VSS%20time%20(and%20no%20snapshot%20is%20created).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOn%20the%20laptops%2C%20as%20an%20aside%2C%20it%20is%20very%20hard%20to%20tell%20what%20makes%20the%20systems%20crash%26nbsp%3B%20-%20on%201909%20systems%2C%20randomly%20updating%20drivers%20seems%20to%20solve%20the%20problem%20(but%20there%20is%20no%20commonality%20between%20the%20systems%20in%20terms%20of%20what%20gets%20updated%2C%20so%20the%20'fix'%20is%20likely%20a%20side-effect).%26nbsp%3B%20On%20my%2020H2%20laptop%20I%20was%20able%20to%20remove%26nbsp%3BKB4598242%2C%20which%20is%20in%20the%20same%20release%20as%20the%20server%20patch%20above%2C%20and%20my%20machine%20stopped%20crashing.%26nbsp%3B%20Installing%20it%20again%20brought%20the%20crashing%20back%2C%20*but*%20downloading%20from%20the%20microsoft%20update%20store%20and%20installing%20manually%20worked%2C%20no%20crashes).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThis%20feels%20like%20a%20major%20issue%20with%20this%20patch%20delivery%20-%20there%20are%20almost%20no%20commonalities%20between%20the%20systems%2C%20they're%20all%20different%20versions%20of%20Windows%2010%2FServer%202019%20with%20almost%20no%20common%20software%20-%20the%20only%20thing%20that%20is%20common%20is%20Webroot%20and%20Senseon%20(a%20security%20product%2C%20which%20I%20have%20removed%2C%20but%20the%20server%20still%20crashes).%26nbsp%3B%20It%20could%20be%20an%20interaction%20with%20Webroot%2C%20but%20I%20would%20have%20expected%20more%20people%20to%20have%20reported%20issues%20if%20so%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAnyone%20else%20seeing%20the%20above%3F%26nbsp%3B%20I%20have%20found%20two%20posts%20on%20other%20forums%20from%20people%20with%20the%20problem%20on%20different%20versions%20of%20W10%2C%20but%20none%20for%20Server%202019%20-%20one%20of%20those%20suggested%20removing%20the%20patch%20and%20installing%20manually%2C%20which%20worked%20on%20my%20laptop%2C%20and%20I%20may%20try%20on%20the%20server.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2097528%22%20slang%3D%22en-US%22%3ERe%3A%20KB4598242%2FKB4598229%20BSOD%20Crash%20with%20CRITICAL%20PROCESS%20DIED%20errors%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2097528%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20also%20now%20seeing%20the%20same%20crashes%20with%20machines%20that%20have%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E2021-01%20Cumulative%20Update%20Preview%20for%20Windows%2010%20Version%201909%20for%20x64-based%20Systems%20(KB4598298)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3Einstalled.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWe're%20pretty%20stumped.%26nbsp%3B%20I%20am%20going%20to%20try%20to%20induce%20the%20problem%20on%20a%20spare%20laptop%20and%20set%20it%20to%20do%20full%20crash%20dumps%20for%20analysis%20(the%20minidumps%20have%20nothing%20in%20them)%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We started rolling out KB4598230/KB4598242/KB4598229 last week, since when we have seen widespread BSOD crashes with CRITICAL PROCESS DIED errors, and nothing useful in the crash dump.

 

The same happens on many of our laptops with the equivalent patches (e.g. KB4598242, KB4598229)

 

This issue on Server 2019 occurs every time one of our servers tries to do a VSS snapshot.  This isn't the only time it happens - I watched both my file servers BSOD within 5 minutes this morning, not at the VSS snapshot time, but one does it reliably at the schedule VSS time (and no snapshot is created).

 

On the laptops, as an aside, it is very hard to tell what makes the systems crash  - on 1909 systems, randomly updating drivers seems to solve the problem (but there is no commonality between the systems in terms of what gets updated, so the 'fix' is likely a side-effect).  On my 20H2 laptop I was able to remove KB4598242, which is in the same release as the server patch above, and my machine stopped crashing.  Installing it again brought the crashing back, *but* downloading from the microsoft update store and installing manually worked, no crashes).

 

This feels like a major issue with this patch delivery - there are almost no commonalities between the systems, they're all different versions of Windows 10/Server 2019 with almost no common software - the only thing that is common is Webroot and Senseon (a security product, which I have removed, but the server still crashes).  It could be an interaction with Webroot, but I would have expected more people to have reported issues if so?

 

Anyone else seeing the above?  I have found two posts on other forums from people with the problem on different versions of W10, but none for Server 2019 - one of those suggested removing the patch and installing manually, which worked on my laptop, and I may try on the server.

2 Replies

We are also now seeing the same crashes with machines that have 

 

2021-01 Cumulative Update Preview for Windows 10 Version 1909 for x64-based Systems (KB4598298)

 

installed.

 

We're pretty stumped.  I am going to try to induce the problem on a spare laptop and set it to do full crash dumps for analysis (the minidumps have nothing in them)

For anyone who comes looking, we tracked this down to Webroot Anti-Virus.  It looks like MS did something to VSS in these patches.  On affected machines, any snapshot operation seems to cause a crash in C:\WINDOWS\system32\drivers\wrkrn.sys

 

Webroot have offered a work-around involving turning off some protections temporarily, but so far we're struggling to definitively prove that these work (and have at least one case where they don't).  Holding out for a proper solution.