I have upgraded from
Windows Server 2008 R2 x64 to
Windows Server 2012 R2 x64.
In previous installation I had some issues with Windows Search after Security Roll-up (January or February 2020). It started to hang up till restarted. I’ve wrote a script and added it to Planner to start one time per night. After system upgrade problem occurred. Been solving it for a week already. What has been done:
- reinstalled role Windows Search
- cleaned registry path HKLMSoftwareMicrosoftWindows Search
- index rebuild
- tons of registry tweaks like CoreCount = 1 and so on.
Problem didn’t solved.
I’ve started SysInternals ProcessMon and filtered access to registry path and got some errors:
High Resolution Date & Time: 28.05.2020 14:11:17,9562745 Event Class: Registry Operation: RegQueryValue Result: BUFFER OVERFLOW Path: HKLMSOFTWAREMicrosoftWindows SearchCrawlScopeManagerWindowsSystemIndexDefaultRulesURL TID: 17260 Duration: 0.0000116 Length: 144
It’s usual path for crawler containing path for user to exclude – file:///C:[516392d7-8e63-47db-b92c-872191c3cd72]UserssomeuserAppData
Found some February CVE corresponding to BufferOverflow in IE Search, but they been fixed by security roll-ups in March 2020.
Current system been updated with all updates including latest May Security Rollup (May 12, 2020—KB4556846).
I don’t have any idea what to do next.