Problem: Windows defender do not start

On my machine :-( Windows Defender stop working and on Event log I found this:

Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information

I started my troubleshooting running System File Checker.
Open CMD as Administrator:

sfc /scannow

The results of SFC can be these:
– Windows did not find any integrity violations (a good thing)
– Windows Resource Protection found corrupt files and repaired them (a good thing)
– Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

I was on third option :-(
If you get this message like me, run DISM as described below:

DISM /Online /Cleanup-Image /RestoreHealth

If the repair is successful you may want to re-run SFC just to check.

Unfortunately I get the error message “cannot find source files”.
Windows Installation ISO is then necessary (same build of installed OS). Mount the ISO file and rerun the command specifying  where it is located with the below command:

DISM /Online /Cleanup-Image /RestoreHealth /source:X:\Sources\Install.wim

Where “X” is the drive letter where the ISO is located.



How to prevent Multiple IP address DNS registration

If you add multiple IP addresses to a network card with “Register this connection’s address in DNS” flagged, you fill find all the IPs on your DNS. Sometime this is not nice and a workaround for that is to remove the flag and manage the DNS entry by hands.

I discovered that on Windows Server 2008 you can selectively decide which IP address can be dynamically registered from netsh setting the flag skipassource:

Netsh Int IPv4 Add Address <Interface Name> <IP Address> <Subnet mask> SkipAsSource=True

If you need to know the “Interface Name”:

Netsh Interface Show Interface

The only annoyance is that you can’t simply change this flag but you need to remove the IP address and add it again:

netsh int IPv4 delete Address "Local Area Connection"
netsh int IPv4 add Address "Local Area Connection" SkipAsSource=True

For showing the flag Status:

Netsh int ipv4 show ipaddresses level=verbose

For Windows Server 2012 you can also use powershell for setting skipassource flag:


PROBLEM: PIN Sign-in is disabled on domain joined W10 machine

On Local Group Policy Editor enable this GPO:

Computer Configuration -> Administrative Templates -> System -> Logon -> Turn on pin sign-in

Or add this Reg Key:


Enabling PIN is also necessary for user/enable Windows Hello. If Windows Hello is grey, add this key.

Problem: Windows 10 CU – Sync Settings not available

Starting from Windows 10 Build 1703 you can’t anymore sync settings with a Microsoft account if the computer is joined to an AD domain.

“If your machine is domain joined, you will notice your “Sync my settings” option is disabled for your MSA account. Thanks for submitting feedback regarding this! We’ve removed support for syncing of settings for MSA accounts on domain joined machines

I found a nice solution for that but you need a machine where the sync is working, so backup your reg for the future :-)

1- Export the key:
HKEY_USERS.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities[MSA account]
2- and import it to the new installed windows 10 CU machine.
3- Reboot


Problem: Can’t move the folder because there is a folder in the same location that can’t be redirected. Access is denied.

On a Windows 10 CU I was no more able to redirect “Documents” folder to default.

The error was:

Can’t move the folder because there is a folder in the same location that can’t be redirected. Access is denied.

Follow this KB for solve the problem: