NET-126 (Hands-On Microsoft Windows Server Chapter 12)
type
Shows a file's contents
Startup
This function is now deferred to Task Manager.
0x0000007B and the message Inaccessible_Boot_Device
Boot into Safe Mode or boot into the command prompt via the Windows Server 2016 installation DVD and check for a virus. Boot into Safe Mode or boot into the command prompt via the Windows Server 2016 installation DVD and run chkdsk /f to repair any damaged files.
A driver is missing, but you are not sure which one, or the operating system is having trouble recognizing all hardware components on the computer when it boots.
Access the Advanced Boot Options screen and use the Enable Boot Logging option to boot and examine the \Windows\ ntbtlog.txt file. (The ntbtlog.txt file is a log of drivers that are successfully loaded or not loaded when Windows Server 2016 boots.)
Admin logs
Admin logs are designed to help give the system administrator information about a specific problem and its causes and may suggest how to solve the problem.
Operational log
An operational log tracks occurrences of specific operations, such as when a disk drive is added.
Disable Early Launch Anti-Malware Driver
Anti-malware driver is disabled so that other drivers needed to boot the operating system can initialize without being scanned for malware
6. Name five elements that compose system state data.
Any Five Elements: System and boot files Protected system files Active Directory SYSVOL folder (when Active Directory is installed) Registry COM+ Class Registration information DNS zones (when DNS is installed) Certificate information (when certificate services are installed) Server cluster data (when server clustering is used) IIS metadirectory (if the Web Server role is installed)
0x00000023 NTFS File System
Boot into Safe Mode or the command prompt via the Windows Server 2016 Installation DVD and run chkdsk /f to repair any damaged files. If you have recently installed a virus scanner or a disk defragmenter that is not from Microsoft or compatible with Windows Server 2016, boot into Safe Mode or using Last Known Good Configuration (advanced) and remove that software.
0x000000BE and the message Attempted Write to Readonly Memory
Boot using the Enable Boot Logging option and then boot again into Safe Mode (or the command prompt) so you can examine the \Windows\ntbtlog.txt log for a driver that did not start or that is causing problems, then reinstall or replace the driver using the Safe Mode or by copying it into the system using the command prompt via the Windows Server 2016 installation DVD.
Safe Mode with Command Prompt
Boots the system into the command mode using the minimum prompt configuration of devices and drivers, and does not have network connectivity
Enable low-resolution video
Boots the system using the fewest resources for video
Last Known Good Configuration (advanced)
Boots the system using the last configuration before any changes to the configuration were made and implemented in the Registry
Safe Mode with Networking
Boots the system using the minimum configuration of devices and drivers, and does have network connectivity
Safe Mode
Boots the system using the minimum configuration of devices and drivers, and does not have network connectivity
Debugging Mode
Boots the system while transmitting debug data to be viewed at another computer over a serial or USB connection, which can be used by Microsoft technicians to troubleshoot problems
cd
Changes to a different directory (folder), to the parent directory, or shows the directory you are in
exit
Closes the Command Prompt window and returns to the Advanced Options box
md (mkdir)
Creates a new directory
Enables Boot Logging
Creates a record of devices and drivers that started, so you can check a log for points or failure----look for the log in the \Windows folder with the name ntbtlog.txt
Setup log
Contains a record of installation events, such as installing a role or feature through Server Manager. For example, if a software error occurs, it may be recorded in the log.
Forwarded events log
Contains events recorded by remote computers and forwarded to this computer, which is called the collector computer.
copy
Copies files
rd (rmdir)
Deletes a directory
del
Deletes files
arp
Displays Address Resolution Protocol (ARP) information, such as using the arp -a command to view the arp cache information at a computer (see Chapter 1)
netstat (-a, -e, -n, -s)
Displays information about the TCP/IP session from that computer (enter netstat /? to view all of the options for this command); netstat -a -n can be helpful in looking for malware vulnerability by enabling you to view which ports are listening
ipconfig
Displays information about the TCP/IP setup at that computer (enter ipconfig /? to view all of the options for this command)
Disable automatic restart on system failure
Does not automatically restart the system if it fails
Disable Driver Signature Enforcement
Enables drivers without the proper digital signature to be installed (which might be needed on older hardware or when you have a driver you know is safe, but does not have a digital signature)
Repair Your Computer
Enables you to access system recovery and restore tools as well as diagnostics
Tools
Enables you to open a range of diagnostic tools, such as the Windows Troubleshooting Diagnostic, the Computer Management tool, Event Viewer, Performance Monitor, Resource Monitor, Command Prompt, Registry Editor, and others. To open a tool, select it from the list and click Launch.
General
Enables you to perform one of three types of startups: normal, diagnostic, or selective. The diagnostic startup loads basic devices and services, so you can troubleshoot from a basic system. The selective startup enables you to select which elements to load at startup, including system services and startup programs, and whether to use the original boot configuration.
Boot
Enables you to specify which items to use to boot; no GUI, create a boot log, base video (minimal VGA mode), and display OS boot information (displays driver names as they are loaded). You can also select to boot using a Safe boot with options such as a minimal boot (Safe Mode with no networking), alternate shell (command prompt in Safe Mode), boot into Active Directory repair, and boot while also enabling network connectivity (Safe Mode with networking). Also, there are advanced options you can configure for booting, including the number of processors used (on a multiprocessor system), the maximum amount of RAM to use for the OS, and other options.
10. What information are you likely to find in the security log?
Events relating to logon accesses, file and folder accesses and changes, and system policy changes.
netstat -s command
For a more comprehensive listing of communication statistics, type netstat -s.
format
Formats a drive
0x000000B4 and the message Video Driver init Failure
If you have recently installed a new video system and associated drivers, remove the new hardware, and reboot into the Safe Mode to remove the new drivers (or boot using the Enable low-resolution video option on the Advanced Boot Options screen).
0x0000001E and the message Kmode_Exception_Not_Handled
If you have recently installed a new video system and associated drivers, remove the new hardware, and reboot into the Safe Mode to remove the new drivers (or boot using the Enable low-resolution video option on the Advanced Boot Options screen). Do the same if you have installed any new drivers. Verify the video setup in the computer's BIOS or install any updated BIOS software offered by the computer vendor. Reboot using Safe Mode or the command prompt from the Windows Server 2016 installation DVD and make sure that you are not out of disk space. (From the command prompt, type dir and press Enter to view if free disk space is available.)
The screen display goes blank or is jumbled as the computer begins booting into Windows Server 2016.
Immediately stop the boot process. Restart the computer, accessing the BIOS setup before starting Windows Server 2016. Check the video BIOS setup to make sure it is correct and restore any settings that are changed. Reboot the computer. If no BIOS problems are present, reboot using the Enable low-resolution video option on the Advanced Boot Options screen (press F8 when you boot). Once logged on, check and reinstall the display driver. Alternatively, boot into the command prompt repair mode from the Windows Server 2016 Installation DVD and reinstall the display driver.
dir
Lists the contents of a directory (folder)
19. What information is provided by the netstat command, including information about two protocols that work alongside IP?
It provides information about TCP and UDP connectivity, including sent and received data, information that helps to determine if a connection is hung, and information such as local address, foreign address, and state.
attrib
Manages folder and file attributes
ren (rename)
Modifies a file's name
15. When you use Remote Desktop client from Windows 10 to remotely access Windows Server 2016, plan to use it with __________ Authentication for stronger security.
Network Level Authentication
diskpart
Partitions a disk and manages multiple partitions on a system
pathping
Polls another TCP/IP node showing the path through routers along the way (including packet loss through routers; see Chapter 1)
ping
Polls another TCP/IP node to verify you can communicate with it (enter only ping to view all of the options for this command)
The system hangs when booting.
Power off and on the computer to reboot. Try rebooting a couple of times. If rebooting does not work, check the BIOS settings to be sure they have not changed and that the CMOS battery is working. If many of the BIOS settings are incorrect, replace the battery and restore the proper settings. For an SMP computer, the hal.dll file might be corrupted. Boot from the Windows Server 2016 installation DVD into the command prompt from the repair mode. Reinstall the hal.dll file from the manufacturer's CD/DVD or thumb drive.
DNS Server log
Provides information about instances in which (1) DNS information is updated, (2) there are problems with the DNS service, and (3) the DNS Server has started successfully after booting.
Directory Services Repair Mode
Reboots the server into a local mode so that the server is not available to users as a domain controller; enables the administrator to log on to validate, work on, or restore the Active Directory database (only available when AD DS is installed)
Security log
Records access and security information about logon accesses and file, folder, and system policy changes. If you have auditing set up, for instance, file auditing, use the security log to track each audited event, such as a successful or failed attempt to access a file. If you choose to audit an account or folder, the audit data is recorded in the security log.
Active Directory Web Services log
Records events associated with the Web Server role, such as when the server is started, when there are certificate problems, when there are problems loading a configuration file, and so on.
DFS Replication log
Records events for the Distributed File System Replication services, such as when DFS Replication service is started and records any events in which the service fails.
Internet Explorer
Records events related to Internet Explorer, including if it terminates unexpectedly or if there are problems accessing the Internet.
Hardware Events
Records events related to hardware including the CPU, disk drives, memory, and other hardware.
Directory Service log
Records events that are associated with Active Directory, such as updates to Active Directory, events related to the Active Directory database, replication events, and startup and shutdown events.
Application log
Records information about how software applications are performing, if the programmer has designed the software to write information into the log.
System log
Records information about system-related events such as hardware errors, driver problems, and hard drive errors.
cls
Reinitializes the display
Safe Mode
Safe Mode boots the server using the most generic default settings (for example, for the display, disk drives, and pointing device) and only those services needed to boot a basic configuration.
more
Shows a file's contents one screen at a time
nslookup
Shows information about DNS servers
Services
Shows the installed services that start when the server starts and which ones are running, paused, or stopped. You can enable or disable any of the services. Use caution when disabling a service, because an application you need might not work when you reboot.
tracert (server or host name)
Shows the number of hops and other routing information on the path to the specified server or host (enter only tracert to view all of the options for this command)
nbtstat (-n)
Shows the server and domain NetBIOS names registered to the network (enter only nbtstat to view all of the options for this command)
Start Windows Normally
Starts the system without any special options
Changes were made to the system configuration when last logged on and now the computer will not boot.
Stop the boot process immediately and reboot using the Last Known Good Configuration (advanced) option (press F8 when you boot) on the Advanced Boot Options screen. Once logged on, check the configuration and fix any problems, such as a bad or removed device driver.
0x0000000A and the message IRQL Not Less or Equal
Suspect a hardware resource conflict caused by a new device or card you have added. If you can boot using the Safe Mode, check the system log. If you cannot boot into Safe Mode, remove the new device or devices and boot using Last Known Good Configuration (advanced).
0x00000058 and the message Ftdisk Internal Error
Suspect that the main volume in a mirrored set has failed. Boot using the secondary volume and use the Disk Management tool to attempt to repair the main volume and resynchronize it with the secondary volume. If you cannot repair the volume, use the Disk Management tool to break the mirrored set, replace the damaged disk, and then recreate the mirrored set.
8. Name two options that are available when you boot into the repair mode from the Windows Server 2016 installation DVD.
System Image Recovery Command Prompt
Analytic logs
The analytic logs relate to how programs are operating and are typically used by application or system programmers.
A message appears when booting, such as one of the following: Inaccessible Boot Device; Invalid Partition Table; Hard Disk Error; Hard Disk Absent or Failed.
The boot sector on the NTFS partition is corrupted or the hard drive is damaged. This can be caused by a virus, a corrupted partition table, a BIOS setting change, or a corrupted disk. Check the BIOS setup to make certain it is correct. Correct any improper settings (also make sure the CMOS battery is working---it is not working if the BIOS settings are zero, null, or incorrect). If no BIOS problems are present, use the Windows Server 2016 installation DVD to boot the system into the command prompt, then run a virus scanner on the server or insert a virus scanner in an optical drive and attempt to scan the hard disk for viruses. If a virus is found, remove it. If the disk cannot be accessed, determine if the problem is the hard disk, disk controller, or a SCSI adapter and replace the defective part (if necessary, make sure to check that a SCSI adapter is properly terminated). If the hard disk must be replaced, reinstall the operating system.
Debug logs
The debug logs are used by application developers to help trace problems in programs so they can fix program code or program structures.
netstat -e command
The netstat -e command also provides a quick indication of the number of transmission errors and discarded packets detected at that computer's NIC.
System State Data
The system state data includes the operating system plus extra components and information that reflect the currently configured state of the server, depending on what features are installed.
Key Management Service
Tracks events related to Internet Explorer, including if it terminates unexpectedly or if there are problems accessing the Internet.
Windows PowerShell
Tracks events related to use of Windows PowerShell, including the state of the Windows PowerShell engine and information about certificates needed.
expand
Uncompresses a file
4. Name three problem-solving strategies for addressing a problem with Windows Server 2016.
Understanding how a server and the network interact Training your users to help you solve problems Solving problems step by step Tracking problems and solutions
0x0000002E and the message Data Bus Error Or 0x0000007F and the message Unexpected Kernel Mode Trap
Use a memory diagnostic tool and replace any defective memory.
chkdsk
Verifies and fixes files (requires access to the Autochk.exe file)
.csv file
Which is saved as a comma-delimited text file that can be imported into a spreadsheet
.txt file
Which is saved as a tab-delimited text file that can be imported into a spreadsheet
.xml file
Which is saved in XML format
.evtx file
Which is saved in event log format
16. Which of the following are Feature Administration Tools that can be installed as a part of Remote Server Administration Tools? (Choose all that apply.)
a. BitLocker Drive and Encryption Tools b. Network Load Balancing Tools c. Failover Clustering Tools d. Storage Replica Management Tools
17. Your server is not successfully using Windows Update to update the operating system when you try to do a manual update. It appears that it is connecting to the local network, but not to the Internet. Which of the following tools can you use to help diagnose the problem? (Choose all that apply.)
a. Network Connection window
9. Which of the following might be part of your problem-solving strategy? (Choose all that apply.)
a. Regularly check the logs. d. Look for the simple solutions first.
5. The system log contains hundreds of entries. However, you only want to track events that have happened in the last 24 hours. Which of the following can you use?
a. Set up a filter
3. What keyboard key or key combination enables you to boot into the Advanced Boot Options menu when initially booting Windows Server 2016?
b. F8
13. How can you manually empty the contents of an event log?
b. In the Event Log window, right-click the log and click Clear Log.
2. Which of the following options can be found on the Advanced Boot Options menu? (Choose all that apply.)
b. Safe Mode with Networking c. Disable Driver Signature Enforcement d. Repair Your Computer
7. After you boot a server, you see a message that SYSVOL may be damaged. What tool can you use to try to repair the damage?
c. Directory Services Restore Mode on the Advanced Boot Options menu.
11. Your Windows Server 2016 server is having trouble booting, and you suspect that it is related to a driver or service that is not properly starting. How can you track each of the startup actions of the server so that you can later go back and review each one for problems?
c. Select Enable Boot Logging from the Advanced Boot Options menu options when you boot.
18. You want to set up a command center for the server operators in your company so they can use one Windows Server 2016 server to monitor the other 28 servers in the operations room and spread throughout the company. Which of the following features should you make sure is installed at the command center server?
c. Remote Server Administration Tools
1. Your server has some damaged disk areas and won't boot or run chkdsk automatically when you try to boot. Which of the following options should you try to fix the disk?
d. Boot from a Windows Server 2016 installation DVD and access the command prompt to run chkdsk.
12. Your company's server won't boot. The Management Council just completed the 5-year strategic plan and placed the only copy on the server before it crashed. Which of the following can you do to try and retrieve the file containing the plan?
d. Boot into the command line and use the copy command to copy the file off of the disk.
14. Which of the following are components of a strong password? (Choose all that apply.)
d. Contains numbers, symbols, and upper- and lowercase characters.
20. Users report that they cannot sign in to a server because they are getting messages about a Kerberos error. Which of the following can best help you track down the problem?
d. Key Management Service log
netstat command
netstat is a utility available in Windows Server 2016, Windows 10, and other Windows operating systems and is a quick way to verify that a workstation or server has established a successful TCP/IP connection. This utility provides information about TCP and UDP connectivity. Sometimes a TCP/IP session to a server or other computer hangs.
Use another operating system
so that you can select to boot from another operating system on the same computer, when that computer is installed with multiple operating systems
Turn off your PC
to shut down the computer
Continue
which exits the repair options menu and continues to boot into Windows Server 2016
Troubleshoot
which goes to another menu with the selections: System Image Recovery (used to restore from an image backup). Command Prompt (from which to execute commands), and Startup Settings (to change startup actions)
