I've been experiencing a really bad Windows 10 bug since the 2004 update. I got so annoyed I spent my weekend debugging it. A specific type of scheduled task can break CryptUnprotectData(). If you've seen apps losing state, eventid 8198, or NTE_BAD_KEY_STATE, could be this.
Here is how to check, run this powershell as Admin:
Get-ScheduledTask | foreach { If ($_.Principal.LogonType -eq 'S4U') { $_ } }
If it lists tasks, whenever they run DPAPI will stop working until you reauthenticate. This will break everything using CryptProtectData().
The bug is the RPC UBPM (Unified Background Process Manager) uses to create the S4U (Services For User) Token for task scheduler will sometimes clobber your saved credentials in LSASS. That is used to derive your DPAPI User Encryption Key, so it changes and no longer works!
I guess not many things use S4U (It's that little checkbox in Task Scheduler that says "Do not store password")🤷♂️ This has caused so many confusing bugs with things signing out or losing state, and was a real nightmare to track down 😓
Lots of other users were affected too, but because it appears to happen randomly and to different applications, it was hard to figure out the common connection.😅
Anyway, I mailed repro steps to Microsoft, so hopefully a fix is on the way.
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.