SIRIS, ALTO, AND NAS: Datto Windows Agent: Blue screen following install or update

Follow

Issue

Following an installation, uninstallation, or update of the Datto Windows Agent, Windows protected machines fail to boot to login. You may experience errors like "0x0000007B (INACCESSIBLE_BOOT_DEVICE)" or similar blue screen stop states. This issue can also manifest as boot looping. 

Environment

  • Datto SIRIS
  • Datto ALTO
  • Datto Windows Agent

Cause

If the installation of the agent service succeeds, but one or more low-level drivers fail to install correctly, subsequent reboots may exhibit this behavior.

Resolution

Take the following steps to address the issue:

Open the Windows registry

1. Boot the protected machine to a Windows Recovery Environment and navigate to a command prompt.

2. Run regedit to open the registry.

Load the production SYSTEM hive

1. Expand Computer and click to highlight HKEY_USERS

fig1.pngFigure 1: Windows Registry (click to enlarge)

2. Click File → Load Hive in the top navigation menu

3. Locate and select the production C:\ volume (note: the recovery environment may have named this D:\ or some other drive letter) 

4. Navigate to the following path:

C:\Windows\System32\config\SYSTEM

5. Type TEMP to name the loaded hive in the Key Name popup

Edit the service keys

Note: the keys below may be under ControlSet002 in the loaded registry hive. If you do not locate the Datto keys in Computer\HKEY_USERS\TEMP\ControlSet001, check for the same paths under ControlSet002 before rebooting.

1. Navigate to the following registry path:

Computer\HKEY_USERS\TEMP\ControlSet001\Services

2. Locate any Datto service keys and either remove them or modify the Start key underneath them from 0 (start on boot) to 4 (disabled)

Edit the LowerFilters key

1. Navigate to the following registry path:

Computer\HKEY_USERS\TEMP\ControlSet001\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}

2. Edit the key LowerFilters to remove DattoFltrv2 (named DattoFltr in older versions of DWA).

Unload the Hive

1. Click to highlight Computer\HKEY_USERS\TEMP

2. Click File → Unload Hive in the top navigation menu

3. Reboot the protected machine

Should the above steps fail to solve the issue, boot back into the recovery environment, load the registry hive again, and then search the entire registry for all references to DattoFltrv2 (named DattoFltr in older versions of DWA). Remove them, unload the hive, and reboot.


Was this article helpful?

1 out of 1 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage