RVS Pro is impressive: some questions

Discussion in 'Returnil releases' started by discs, Nov 5, 2011.

Thread Status:
Not open for further replies.
  1. discs
    Offline

    discs Registered Member

    Hi,

    Eventually, on a move forward from RSS free, I have opted for RVS pro: REL14.

    It is a superb application - outstanding for me for the following reasons:

    - small footprint
    - virtual mode of course, but I love the choice between a temporary virtual mode, or the setting for virtual mode to be 'Always On'
    - File manager to exclude folders/files from virtual protection
    - Browsing, while in virtual mode, the real and virtual system files/folders side-by-side in the same window, and
    - Copying, within virtual mode, files/folders from the virtual system to the real system, or vice versa
    - One off 3rd party application use: I find this use of RVS extremely helpful in keeping my system clean - especially as many applications don't uninstall cleanly. I download and install a 3rd party application in virtual mode; I then use it to generate a result/output; I then restart RVS and the application is gone (To-date I have done this with SARDU to build a multi-boot DVD, and with Keytweak to generate registry entries for the keyboard shortcuts mute and volume up/down).

    I do have some questions/concerns (not to detract from how impressed I am by RVS!):

    1. Uppercase/lowercase differences
    When I saved a folder called 'Desktop Shortcuts' existing in virtual mode to real mode, it copied across but was named 'desktop shortcuts'. The capitalised D and S had been rendered lowercase.

    2. Event Viewer
    I have taskscheduler generate a notification to my desktop whenever there is a 'Critical' or 'Error' Event.

    Before installing RVS I would have an occasional one-off notification of such an event, but since RVS there are three 'Error' events which occur regularly:
    a) Events generated at startup: two such 'Error' events are generated:
    i) Log Name:System; Source:EventLog; Event ID:6008; Task Category: None; Level:Error; Keywords:Classic
    Description: The previous system shutdown at 13:40:10 on ‎04/‎11/‎2011 was unexpected.
    ii) Log Name: Security; Source: Microsoft-Windows-Eventlog; Event ID: 1101; Task Category: Event processing; Level: Error; Keywords: Audit Success
    Description: Audit events have been dropped by the transport. 0

    I imagine that the above may be unavoidable with RVS, but would like confirmation that they are to be routinely expected on all Windows 7 RVS installations, and are not a cause for concern.

    b)Events generated when accessing the registry in virtual mode or accessing file manager for 'files from all users on this computer' (Both of these require elevated permission). The event generated is:
    Log Name: System; Source: Ntfs; Event ID:137; Task Category: (2); Level: Error; Keywords: Classic
    Description: The default transaction resource manager on volume \\?\Volume{0d5c1f99-072f-11e1-be36-b8ac6fa734ca} encountered a non-retryable error and could not start. The data contains the error code.

    3. Unavailable files/folders:
    Some folders/files are not available for file manager, or for browsing/copying. I noticed a file I wanted saved to the real system was not available to me. It was the event log file under C:\Windows\System32\winevt. Is there a reason for this? Is there a category of files/folders not made available for saving - perhaps those which generate entries trigerred by the use of Returnil?

    Thank you, for a great product :thumb:.
  2. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi,
    Thank you for the kind words.

    1. We will look into this, but suspect it is more Windows related than anything caused by RVS virtualization. In any event, as long as the content is properly saved to disk, the capitalization of the file name should pose no adverse effect or be of concern.

    2. Remember, you are in Virtual Mode so events appended to the viewer are going to be lost at restart. This is to be expected and the errors you have listed should not cause concern UNLESS there is something unexpected happening related to those errors. From the entries you provide, I suspect that it is related more to the "gap" in the logs from the dropped changes at restart than anything else. In other words, there is something appended to the event viewer logs from a period where the Virtual Mode was not active and then at restart, Windows notices this discrepancy and then posts a warning message that an improper restart might have occurred...

    3. The most likely root cause here is with Windows locking the log files and thus preventing anything from copying the contents. A good analogy is where you perform a full system scan with an Antivirus (pick a scanner - its universal) and see notes in the scan logs indicating that some files could not be scanned because they were in use by Windows.

    One way to go at this might be to export the Event Viewer logs to a non-system disk prior to restart of the computer so they can be reviewed at a later time. This could be more of a manual process so some experimentation would be required to nail down the exact procedure...

    Mike
  3. discs
    Offline

    discs Registered Member

    Hi Mike,

    Thanks for your answers. Yes, the capitalisation issue isn't major (unless I do a lot of copying of created folders from virtual to real, which is unlikely) - and I understand the event viewer entries at Returnil startup.

    The other 2 points I brought up:

    POINT 1: Error Event shuts off access to Real system in RVS

    Events [Error] generated after accessing and then closing:
    - Browse Registry, in virtual mode, or accessing
    - File Manager > Define list > Files from all users on this computer
    (Both of these require elevated permission).
    I am able to browse the registry/file manager with the elevated permission, and to copy registry entries across. But when I close the registry (or file manager), after accessing them with the elevated permission required, then an error event is generated.

    The event generated is:
    Log Name: System; Source: Ntfs; Event ID:137; Task Category: (2); Level: Error; Keywords: Classic
    Description: The default transaction resource manager on volume \\?\Volume{0d5c1f99-072f-11e1-be36-b8ac6fa734ca} encountered a non-retryable error and could not start. The data contains the error code.

    This error does cause real problems. After it:
    - when I go in to: Access Real Disk > Browse Files, then for items on the left in the Real System Disk nothing is listed under Real System Disk (left) column; it is an absolute blank!
    - when I go into File Manager > Define List, then I cannot add any files or folders for exclusion because I get the message: 'The file(s) location cannot be added to Auto Save list because it does not exist on the real disk'.

    These messages are especially worrying because they indicate that, after the above error, the link/access to the real system has been lost by RVS. (I can only recover access to the real system disk in file manager and access to the real system disk under 'Access Real Disk' if I reboot the system).

    Could you please look into this for me because it is a worrisome scenario.

    POINT 2: Some Folders/Files are unlisted in Virtual system
    Just to clarify here: what I wanted to say is that some folders/files are simply not shown or listed
    - under File Manager (for saving to real disk) and ,
    - under Access Real Disk they are also not shown or listed for copying from virtual to real system; (in this latter scenario they are listed under the real system disk list, but not under the virtual system disk list).

    From what I see here both situations show RVS not showing or listing some virtual system folders/files. (The question of being able/unable to copy them across to the real system because they are locked, does not therefore arise).

    My question here was whether there is a reason for RVS not showing the user some virtual system files, like C:\Windows\System32\winevt?

    Final Thoughts
    Mike, point 1, above, is important for me to get resolved. Point 2 is not causing any inconvenience.

    Thank you again, for all your help.
    Last edited: Nov 8, 2011
  4. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi,
    Apologies for the delay in a reply as I needed to run your report regarding the Access Real Disk tool in point 1 by the lead QC engineer before I got back to you on this. He completed testing in the lab today and confirms your report on both points.

    From point 1:

    1. If you add the content to the FM without trying to go through the access tool (and trigger the error), are you able to define the targeted directory and have that content saved as expected?

    2. Regarding the second note above, the virtualization is not directly at issue as the Virtual Mode protection stays in effect regardless; just that your ability to manually save content or update the FM is lost.

    The lead has begun the process of getting these reports into the system and scheduling development for fixes as soon as possible in an upcoming build.

    Mike
  5. discs
    Offline

    discs Registered Member

    Thanks for looking into this for me Mike; the 'delay' is not an issue since I would rather you looked into something properly, even if it takes a few extra days.

    A. You asked a question:

    If you add the content to the FM without trying to go through the access tool (and trigger the error), are you able to define the targeted directory and have that content saved as expected?

    By access tool, if you mean the elevated permission required by File Manager > Define list > Files from all users on this computer, which triggers the error on closing - then yes I can define a targeted directory and have the content saved as expected.

    B. Something which may be important, Mike:

    When I wrote to you about Event ID:137 being generated on closing a dialogue requiring elevated rights i.e.
    i) Browse Registry and
    ii) File Manager > Define list > Files from all users on this computer

    in order to get the facts in detail for my posting to you, I purposely needed to generate the (137) error many times. When I rebooted out of Returnil I had lost access to the system completely - could not even access F8 for recovery options or safe mode.

    The error screen read:
    Windows Boot Manager
    - Windows failed to start. A recent hardware or software change might be the cause.
    - To fix the problem... use installer disk... and choose 'Repair your Computer'
    - Status: 0x0000000f
    - Info: the boot selection failed because a required device is inaccessible.


    This does suggest that RVS had caused a loss of link/access to the real system?!

    I used a pre-RVS Macrium Reflect system image backup from a week ago to recover the system. I have now reinstalled RVS. Needless to say I am somewhat wary now and will not, till you tell me the problem is fixed, be accessing Browse Registry or File Manager > Define list > Files from all users on this computer.

    Otherwise, RVS continues to work well, and I am pleased with the experience.
  6. Coldmoon
    Offline

    Coldmoon Returnil Moderator

    Hi,
    I have updated the engineering team and will update you on when the new build is ready for final field trials to ensure the issues are verified as corrected.

    Mike
  7. happysunny
    Offline

    happysunny Registered Member

    What happen?
  8. ichito
    Offline

    ichito Registered Member

    @Coldmoon
    I didn't know that you are the boss ;)
    I will be waiting for news :)
Thread Status:
Not open for further replies.