Share This Post

Main Slider / SCCM

Windows 10 Fall Creators Update – Issues with Wireless Adapter and with Intel Management Engine Interface

Windows 10 Fall Creators Update – Issues with Wireless Adapter and with Intel Management Engine Interface

Laptop Model:  Lenovo Yoga 370 but probably affects many other make and models.

Troubleshooting various issues with a Windows 10 Creators Update build (1703) on a Lenovo Yoga 370 laptop I decided to install Windows 10 Fall Creators Update (1709) to see if the issues would disappear.  Instead, a new one was introduced.

The Problem

Since installing Fall Creators Update:

  • Boot times increased significantly – Was taking around 3 minutes to get to the login screen
  • Shutting down and restart times also increased significantly – Was taking again around 3 minutes stuck on the “Restarting” screen and would sometimes get a Blue Screen of Death
  • The wireless network card was not loaded and thus we could not see or connect to any wireless networks

On looking in device manager, we could see that the following devices were not loading and had a Devices failed to load with Code 10 next to them.  These were:

  • Intel® Dual Band Wireless-AC8265 wireless network adapter
  • Intel® Management Engine Interface

Event Log

The System Eventlog Source MEIx64 was showing several entries with:
“Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x90000245, FWSTS1: 0x89118306).” as well as “The Intel(R) Management Engine Interface is being disabled.”

 

Solution (Workaround)

After troubleshooting the issue for a couple of hours and ensuring that the latest drivers were indeed installed for the two above problem devices, I was finally able to resolve the issue.  There is a Group Policy setting that was introduced in 1703 and that was being pushed out to the Windows 10 workstations.  The setting is Disable new DMA devices when this computer is locked and can be found in Computer > Administrative Templates > Windows Components > BitLocker Drive EncryptionThis policy was set to “Enabled” and it allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user log’s into Windows.  This policy setting is only enforced when BitLocker or device encryption is enabled which of course it was in this instance to help prevent DMA attacks.

It appears that this GPO setting does not play well with 1709 and thus may be a bug.  Until a patch is released, the workaround is to set this GPO setting to either “Disabled” or “Not Configured”. As soon as this was done, the laptops in question started up, restarted and shutdown very quickly and wireless networks were available again.

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Lost Password

Register