Clean Install's premature end: Load Failure [26] Security Violation

[InnerBrat]

What could be causing this?
Maybe you already have a certain guess if not a certainty and I don't have to go through all what I have changed to figure out what could this be.

FYI I created the ISO with NTLite and used Rufus to create a bootable USB with it.

Let me know

 

[garlin]

Your PC's UEFI has banned this version of the ISO bootloader, for whatever reason.

Some BIOS'es have rolled out the Black Lotus UEFI fixes to ban the older bootloader present in older Windows images before December 2023. Depending on how your UEFI is configured, it doesn't trust the new or old bootloader based on its current blacklist. Or it doesn't like Rufus' own bootloader.

For now, disable Secure Boot so Windows can install. Re-enable it after you're logged on.

 

[InnerBrat]

Depending on how your UEFI is configured, it doesn't trust the new or old bootloader based on its current blacklist. Or it doesn't like Rufus' own bootloader.

I've done tens of clean installs with 23H2 and a couple with 24H2, modded in MSMG and prepared with Rufus.
Never had this issue.

The only different thing now is NTLite as modding tool, and UUP Dump as source of the ISO (in the past I downloaded the ISO from Microsoft).

I've got confused last minute and forgot abbodi86 ' suggestion not to use cleanup.
Maybe that?
I've used the compatible one thought.

Anyway, disabling SecureBoot works but the installation got stuck at 55% for a loooooooong time.
Twice.
Something is definitely wrong with this image.

Thanks

 

[InnerBrat]

So, garlin , I had an emergency non-UUP and non-modded Windows and installed that and went again through the process of creating an ISO with NTLite.
As you write in another post, as a newbie I too completely missed the feature to export a preset and I had to start from zero but I am consistent so no problem there.
I used again UUP as a source so it's easier to narrow down the issue (vs changing too many thing at once).
Apart for a couple details the only major change was that I didn't use cleanup.

The issue with SecurBoot happened again, but this time the installation completed.
Unfortunately, instead of the welcome screen I had a completely black one, with only the white mouse pointer moving.
I've tried running scannow from the recovery (F5), and there were errors, but it still didn't solve the issue.

No idea why. Only thing I could think about: when I tried to recover from F5 I've noticed that what was supposed to be C, = where I've installed the OS, was called H, while C was the Data partition on the same disk which usually gets a D.

I'll keep trying.
Thanks

 

[InnerBrat]

So, I'm about to try again.
This time again UUP as source, but neither cleanup nor CU or other updates.
I also avoided some of the tweaks where I felt "who know, maybe...", no matter how improbable it felt that it could be the cause.

I noticed something this time while creating the bootable USB with Rufus, an warning message about SecureBoot.
No idea why I didn't notice before. I guess too many all-nighters.
Anyway I tried mounting directly the ISO from UUP instead of the one modded in NTLite and it's confirmed, the problem comes from UUP.


Look:
View attachment 13930


That said, there still is the black screen issue (former "stuck at 55%") to clear.
I will let you know if this third attempt works.
Thanks

 

[InnerBrat]

FFS...
This is NEVERENDING.
This time it all worked, but somehow I can't do ANY update, the download doesn't even start, neither in WU nor in Store.
In WU it gives Download error - 0x80248007
Internet works of course. All works.
But no downloads.

Btw, I had to go through a long process to reactivate the WinHTTP Auto Proxy blahblah service, which I had disabled in the image with NTLite, and without which there is NO CONNECTIVITY WHATSOEVER (might be worth explaining that in the description, some people go around claiming that this is not needed for a single PC configuration).
From what I realize now, the services where the status field in the properties is greyed out, or those with those funny suffixes like _4fede which give you an error if you try to disable them, cannot be changed back from Windows Services if you deactivate them from NTLite.
Maybe this could be explained too, so the less experts don't panic in case they disable the wrong thing.
I didn't know that it was easy to re-enable them in regedit, I was trying with PowerShell and it didn't work, so I was kind of stressed


This time I will try without UUP. Direct download from Microsoft.

If garlin didn't forget me, and wants to have a look at the preset for the attempt which got stuck at 55% and for this last one where updates don't work, I can provide both.
It would be nice not having to do another hundred attempts before getting it right.

 

[garlin]

Reading...
Reading...
Reading...

Preset? Nope don't see one.

 

[InnerBrat]

Reading...
Reading...
Reading...

Preset? Nope don't see one.

I was asking if you'd be interested in having them.
If you said no, which would be your sovereign right (specially considering that I'm still evaluating, I'm not a paying customer yet), I would have not bothered uploading.

Here you go:
ah FFS², I really need to sleep more.
I saved the last preset explicitly to eventually give it here but I didn't move it to the Data partition before doing the clean install.
Gone.
So I can only give you the preset of when it got stuck on 55% forever.
But afaik most things were the same in the next attempt, I mean most removals and tweaks.

 

[garlin]

Don't remove these components if you want a working desktop:

                <c>microsoft.windows.cloudexperiencehost 'Out-of-box Experience (OOBE)'</c>
                <c>microsoft.windowsappruntime.cbs.1.6 'Windows Application Runtime v1.6'</c>

Don't tweak these services:

                                <Tweak name="ClipSVC\ClipSVC">3</Tweak>
                                <Tweak name="CDPSvc\CDPSvc">2</Tweak>
                                <Tweak name="CDPUserSvc\CDPUserSvc">2</Tweak>
                                <Tweak name="StateRepository\StateRepository">2</Tweak>

 

[InnerBrat]

Don't remove these components if you want a working desktop:

Don't tweak these services:

Just that?
I thought I had fucked up more.

Do these relate to why it got stuck at 55% or did you also find something which can explain why the Download error - 0x80248007 when using WU?

- Is it safe to disable stuff in AutoLogger tracing (e.g. Diagtrack-Listener)?
- And in the Event Viewer channels? E.g. the App-V, AppLocker, AssignedAccess and other stuff which anyway I don't even have the corresponding features enabled?
When trying to understand the cause of WU Download error - 0x80248007 Copilot mentioned Windows Event Logger, so I was wondering about these logging-related things which I had disabled.

 

[garlin]

You probably effed up more, with so many changed Services. But I don't have time to go through a shopping list of tweaks.

When testing a new preset, make changes in small batches. So when you mess up, the last set of known changes is easier to sort through. If you can't explain to someone what your change does, maybe you shouldn't be trying that one first.

 

[InnerBrat]

You probably effed up more, with so many changed Services. But I don't have time to go through a shopping list of tweaks.

When testing a new preset, make changes in small batches. So when you mess up, the last set of known changes is easier to sort through. If you can't explain to someone what your change does, maybe you shouldn't be trying that one first.

I'm not the kind of person who just randomly removes everything.

The vast majority of the changes were well tried in tens and tens of clean installs with MSMG Toolkit.
I don't know how it came to WinHTTP this time, I guess I am simply too tired lately (literally falling asleep in front of the laptop) and I mistook it for something else.
For the rest, I researched EVERY SINGLE thing that I didn't know from MSMG, before changing them.
That's why I couldn't think at what could I possibly have changed to cause this.

But I get your point.

You still didn't tell me if it is safe to disable stuff in AutoLogger tracing (e.g. Diagtrack-Listener) and in the Event Viewer channels (e.g. the App-V, AppLocker, and AssignedAccess, and other entries related to services which I anyway always disable).
This was tbh the only thing where I didn't have much info, that's why it's the only that I'm asking.

Thanks

 

[garlin]

You have a preset with a freaking long list of disabled Services and Event Logs. From experience, everyone who jumps into that mode of operation breaks something and expects other users to troubleshoot it.

I will share the same advice I give to everyone. Load the preset, hit the Reset button under the Services toolbar. Process the image and confirm the baseline works.

There's too many permutations to expect a guide on what's safe to disable.

NTLite has compatibility protections on Component removals, but that doesn't extend to Services or Event Logs. Start in small batches, so you know which batch of edits borked your system and rollback to the previous set. NTLite provides users (even on free edition) with a lot of flexibility, but the responsibility is with the modder to track their changes and test often.

 

[InnerBrat]

I am not pushing my responsibility on NTLite, although I don't feel that it's a program that a less expert person should want to pay for, let alone 40 bucks, because it does not give enough means to guide less expert people to use its more advanced functions, and its less advanced ones are present in free software too.
That's why I'm suggesting a more encompassing documentation and integrated explanations (like those which popup when hovering on some service), in order to increase the usability/desirability of NTLite for a wider target audience.

But don't blame me for things which I shall not be blamed for.
As said, I'm not the kind of person who just randomly removes everything.

Where I do admit to have pushed myself further than before into experimentation is with the event logging.
I thought they're just logs. And in the past I even disabled event logger entirely as a service many times with no issue whatsoever.


But hit reset? If I do that I'm back to zero like I had not loaded the preset at all, am I not? What am I misunderstanding there?
Wait, I still would have the changes made to other things...
So you want me to test each section of the preset to find the bad removals? I see.

But what do you mean by "process the image and confirm"?
Do you refer to some sort of simulation? Or to test it on the live system?
I just can't make sense of what you mean, I am missing some info to understand what you're suggesting.

Thanks

 

[InnerBrat]

garlin , dude, those things you mentioned didn't sound like things I've removed.
I might be new to modding event logger entries, but I meddle into services since the times of Black Viper, I always only disable the same things, and I inform myself before disabling new things. I tend to remember the things which I decide to disable.
So I've checked.
I've loaded the preset on the UUP ISO that I've actually used with it, and then just in case also on the official Microsoft ISO which I'm going to use next time.
NONE of the 2 components and 3 services which you mentioned is marked for removal.

I can prove it, these are screenshots of how these things look like after I loaded the preset.

Maybe NTLite did a mistake during application?
But that's weird. I didn't save the preset before applying, I've obtained the preset afterwards by loading the ISO made with NTlite and extracting the current image state.
And I can see that the things which I remember having removed are indeed marked for removals.
Why does the preset say that I removed them even if I didn't, but then when I actually load the preset they aren't marked for removal?
What's going on?

 

[InnerBrat]

Please let me know.
If NTLite is autonomously removing things which I didn't select, it's pointless that I keep trying with a different configuration.

Eventually I could try with the original Microsoft ISO if there's the suspicion that UUP's one isn't working with NTLite.

 

[tistou77]

Removed Out-of-box Experience (OOBE) and Windows Application Runtime v1.x in image whitout problem
But need full "unattended" for remove OOBE (and the files that are needed are protected)

Better to keep CDPSvc and CDPUserSvc
ClipSVC can be deleted (or service disabled) in Live and after Windows activation too

For Event Viewer, etc... I don't know, I kept them at the time of Windows 10, but following discussions with nuhi, I deleted them since

 

[InnerBrat]

Removed Out-of-box Experience (OOBE) and Windows Application Runtime v1.x in image whitout problem
But need full "unattended" for remove OOBE

Better to keep CDPSvc and CDPUserSvc
ClipSVC can be deleted (or service disabled) in Live and after Windows activation too

For Event Viewer, etc... I don't know, I kept it at the time of Windows 10, but following discussions with nuhi, I deleted them since

Hey, thanks.
But as I already said, there is something wrong here.
I never removed any of what garlin said.

Btw I was right here writing another comment while you sent yours. Good timing.

garlin and nuhi
I am pretty sure that, unless I really didn't understand anything of how NTLite works compared to other modding software, there is a bug here.
I am posting two presets.
24H2 New Hope is the one which I manually extracted before applying the changes and burning the ISO.
The other one is an autosave which was generated when I applied.
So they should be identical, but as you can see they are NOT.

From what I see, the one which I saved manually does not faithfully mirror what I really tweaked.
While at a first glance the autosave seems correct.
I suppose that the manually generated preset which I sent previously was messed-up too.

So, what's happening here? What's causing this? And does this affect only the presets of also the final ISO (= does NTLite change things which we don't mark for removal?)?

Now for instance, I made other two attempts, this time with the ISO from Microsoft.
It worked MUCH better than with the ISO from UUP.
Actually, everything was good.
I only had one problem: File Explorer defaults to the legacy one.
It even has the typical old school blue accent color of older Windows.
Plus, it has a couple of oddities:
- the navigation arrows on the left of the address bar mostly don't work.
- the Home, which should show the Quick Access and the recent files, is completely blank. All the folders which by default are pinned to Quick Access correctly appear like always in the left panel, so they are indeed pinned to Quick Access.
As a test I pinned My PC to Quick Access and it also appeared there on the left. But the Home is still blanker than the look on my face when my first GF asked me if I would love her forever.

The CU KB5051987 solves it.
But nevertheless I'd like to understand WTF is going on, so I fix it in the image for future clean installs.
I can't think at anything that I removed which might cause this. As said, I don't remove things randomly.
Could it be some bug or incompatibility with 24H2?
Could it be related to whatever is messing up with the presets?


Thanx

 

[InnerBrat]

So, checking the autosave more thoroughly, those are definitely my tweaks.
I have no idea what NTLite did with the preset which I manually saved, but it doesn't look ok at all.

About the issue with Explorer defaulting to Legacy (although I had marked Legacy for removal!), to give you an idea, this is how Explorer looks like. Legacy Explorer with ribbon, and the Home is all blank.
I changed the color because the Windows Blue was making me feel old:

View attachment 13954


Here I'm inside the folder Music and you can see how the Level Up arrow is greyed out.
The back arrow looks active but when pressing it nothing happens (vs expected behavior: back home):

View attachment 13955


From what I could see, all the rest in Windows is working fine.
After all I have a tested routine of what I remove/disable, all things which I know that I don't need in my single PC configuration for personal use, with no gaming, no developing, no networking.
Well, NTLite offers more options than other similar software which I had tried before, so I did take a few risks in some cases where I was tweaking something for the first time, but I informed myself as much as I could and I played it as safe as possible.

Only this is wrong.

 

[tistou77]

Do you disable Copilot + Recall setting (Settings - Privacy) ?
It breaks the explorer if disabled in the image

With Home you should have Gallery at least (if you haven't disabled this option in NTLite)