802 - Chapter 19: Troubleshooting Windows
3 ways to access WinRE in Windows 7
1. Boot from the installation media and select 'Repair' 2. Can use the 'Repair your computer' option from the Advanced Boot Options (F8) menu 3. Create a system repair disc before you have problems by going to Control Panel > System and Security > Backup and Restore > select 'Create a system repair disc'
WinRE Startup Repair abilities
1. Repairs a corrupted Registry by accessing the backup copy on your hard drive. 2. Restores critical system and driver files. 3. Runs the equivalent of the Recovery Console's fixboot and fixmbr 4. Rolls back any non-working drivers 5. Uninstalls any incompatible service packs and patches 6. Runs chkdsk 7. Runs a memory test to check your RAM
5 options within WinRE
1. Startup Repair (should be the first tool you use if having boot problems) 2. System Restore 3. System Image Recovery (7) or Windows Complete PC Restore (Vista) 4. Windows Memory Diagnostics (Tool) - only Vista includes 'Tool' in the name. 5. Command Prompt
2 ways to access WinRE in Windows Vista
1. Use the installation media and select 'Repair' 2. If you have SP1 or later, you can make a bootable repair disk.
diskpart command
A fully featured partitioning tool.
Windows 7 Action Center
A one-page aggregation of event messages, warnings, and maintenance messages from Windows utilities such as Event Viewer, Windows Update, Windows Firewall, and UAC. Separates issues into two sections: Security and Maintenance. Provides direct links to the tools to fix problems: UAC settings Performance Information and Tools Backup and Restore Windows Update Troubleshooting Wizard System Restore
Vista/7 Event Viewer
Accessed by Control Panel > System and Security > Administrative Tools > Event Viewer. Contains 4 main bars in the center pane: Overview, Summary of Administrative Events, Recently Viewed Nodes, and Log Summary. Summary of Administrative Events breaks events into different levels: Critical, Error, Warning, Information, Audit Success, Audit Failure.
WinRE Startup Repair log file
Accessed by clicking on 'View diagnostic and repair details' option at the end of the process. Text file is: srttrail.txt
Advanced Startup Options
Accessed by pressing F8 when prompted during boot. Safe Mode (all versions) Safe Mode with Networking (all versions) Safe Mode with Command Prompt (all versions) Enable Boot Logging (all versions) Enable VGA Mode (XP)/Enable Low-Resolution Mode (Vista/7) Last Known Good Configuration (all) Directory Service Restore Mode (all) Debugging Mode (all) Disable Automatic Restart on System Failure (all) Disable Driver Signature Enforcement (Vista/7) Start Windows Normally (all) Reboot (all) Return to OS choices menu (all)
XP Event Viewer
Accessed in the Administrative Tools applet in the Control Panel. By default has 3 sections: Application, Security, System If you have IE7, it will have a 4th section: Internet Explorer
WinRE System Image Recovery/Windows Complete PC Restore
Allows you to format and repartition disks while restoring from a backup copy of Windows.
Last Known Good Configuration (all)
Applies specifically to new device drivers that cause failures on reboot.
Directory Services Restore Mode (all)
Applies to only Active Directory domain controllers, and only Windows Server versions can be domain controllers. If chosen, you simply boot into Safe Mode.
Windows System Protection
Available on: Vista Business/Ultimate/Enterprise All editions of Windows 7 Is powered by Volume Shadow Copy Service (VSS), a feature introduced in XP and used by ntbackup. VSS enables the OS to make backups of any file, even one that is in use. In Vista/7, VSS is also used by System Protection, enabling you to access previous versions of any data file or folder. To use: Right click the file, and select 'Restore previous versions' which opens the file's Properties dialog box with the Previous Versions tab displayed. You will have at least one previous version if: -the file or folder was backed up using the backup program or -you created a restore point or -the file or folder was changed. System Protection runs by default.
BSoD Registry error
BSoD may show 'Registry File Failure' or text errors show 'Windows could not start'. Boot to the last known good configuration of Windows fromt the advanced boot options menu.
BCD
Boot configuration data files. Contain information about OSs installed on a computer. Referred to as a store or BCD store. Only applies to Vista/7.
Failure to boot in Windows XP
Boot errors take place after POST and before Windows XP starts to load. For XP to load, boot.ini, ntldr, ntdetect.com must reside in the root directory of the C: and boot.ini must point to the Windows boot files. Common error messages: No Boot device present NTLDR Bad or Missing Invalid Boot.ini
How to replace the Registry in XP
Boot to the XP install cd, go to Recovery Console. delete c:\Windows\system32\config\system delete c:\Windows\system32\config\software delete c:\Windows\system32\config\sam delete c:\Windows\system32\config\security delete c:\Windows\system32\config\default then to rebuild: copy c:\windows\repair\system c:\windows\system32\config\system copy c:\windows\repair\software c:\windows\system32\config\software copy c:\windows\repair\sam c:\windows\system32\config\sam copy c:\windows\repair\security c:\windows\system32\config\security copy c:\windows\repair\default c:\windows\system32\config\default
Windows XP Compatibility options for running older programs
Bring up the Properties dialog box of the program, then click on the Compatibility tab. Select which version of Windows you want XP to emulate. Can also choose to run it in 256 colors, run in 640 x 480 resolution, or disable Visual themes (Windows themes change a program window's title bar, fonts, and menus which might cause problems).
How to stop programs from Autoloading at Windows start
Can use the System Configuration utility to temporarily stop the autoloading. Load the program and uncheck the load on startup option. If the program doesn't have the load on startup option to disable, run the Registry editor and go to where most applications autoload: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Managing Services
Control Panel > Administrative Tools > Services. Verify the Service that you need is running, if not, turn it on. Each Service has a startup type: Automatic, Manual, Disabled. It is very common to find a Service set to Manual when it needs to be set to Automatic start.
CTD
Crash to desktop.
New Windows Vista/7 Compatibility options for running older programs
Disable desktop composition -disables all display features such as Aero Disable display scaling on high DPI settings -turns off automatic resizing of a program's windows if you 're using any high DPI font. Run this program as an administrator -if this option isn't available, log on as administrator to see it Change settings for all users -applies compatibility changes to a program to every user account on the machine.
GPF
General protection fault error. Occurs when a program tries to do something not permitted, like writing to protected memory or something else Windows doesn't like. You are very unlikely to encounter a GPF today.
Faulty device drivers
Goes to a BSoD and will show which file caused the BSoD, or hangs on the Windows loading screen.
Safe Mode with Networking (all)
Identical to Safe Mode except you get network support. Can be used to test issues with network drivers. If a PC can boot to Safe Mode, but not boot to Safe Mode with Networking, the problem is with the network drivers. Boot to regular Safe Mode and disable network components starting with the network adapter to find the problem.
Windows XP Mode in Windows 7
If you need to make things 100% compatible with XP, and you have Windows 7 (Pro, Enterprise, or Ultimate) installed on your system, you can download Windows XP Mode. It is a premade Windows XP SP3 virtual machine that runs under Microsoft's virtualization program, Windows Virtual PC.
Service errors
In a scenario where a critical service fails to load, Windows tell you at this point with an error message. If the service isn't critical, Windows will alert you with an error message when you try to use a program that uses that service.
WinRE Command Prompt
Includes and important command (bootrec) that can't be found in the regular command prompt. Used only for unique situations where the Startup Repair tool fails.
Failure to load the GUI
Indicates Registry problems or buggy device drivers.
To install the XP recovery console to the system so you don't need the disc\
Insert the disc, Start > Run > d:\i386\winnt\ /cmdcons (substitute d: with the optical drive letter if different). Now the system will show both your Windows OS an the Recovery Console each time you boot the system.
Vista Problem Reports and Solutions
Lists all Windows error reporting issues.
Privileges to install applications in all versions of Windows?
Local Administrator privileges.
Limitations of Logs
Maximum size, a location, and a behavior for when they get too big (such as overwrite themselves or make an error).
DLL file errors
May have become corrupted. Can use the System File Checker tool. Use it to replace a number of critical files, including the DLL cache. Newly installed DLLs must be entered into the Registry via a process called registration. In most cases DLLs will register themselves, but on rare occasions you may need to manually register a DLL using the command line tool regsvr32.
Return to OS Choices Menu (all)
On PCs with multiple OSs, this takes you back to the screen where you select which OS to boot.
Event Viewer
One of the first troubleshooting tools you should use to see what's causing problems on your computer.
bootrec command
Only can be used in the WinRE Command Prompt bootrec /fixboot (rebuilds the boot sector for the active system partition) bootrec /fixmbr (rebuilds the master boot record for the system partition) bootrec /scanos (looks for Windows installations not currently in the BCD store and shows you the results without doing anything) bootrec /rebuildmbr (looks for Windows installations not currently in the BCD store and allows you to add them to the BCD store)
Performance Information and Tools
Provides a relative feel for how your computer stacks up against other systems using the Windows Experience Index. Based on 5 components: Processor Memory Graphics Gaming Graphics Primary Hard Disk Rating Scale- Vista: 1 - 5.9 7: 1 -7.9
XP Event Viewer Security section
Records events called audits. Audits record anything that has to do with security, such as the number of logon events. All audits are listed as either successful or failed.
3 options to solve a failure to boot to XP
Repair Restore from a backup copy of Windows Rebuild (last step as it involves losing data)
Safe Mode with Command Prompt (all)
Safe Mode directly loads the cmd.exe shell for the OS, not the GUI. If GUI boot modes won't work but Command Prompt boot does, after you have eliminated a problem with graphics drivers, could then be caused by a corruption of explorer.exe. Need to copy in an undamaged version.
XP Event Viewer System section
Similar to the Application section in that it has 3 areas of Errors, Warnings, and Information. But all 3 are specific only to the OS.
Windows 7 Startup Repair
Started automatically if Windows detects a boot problem, brings you to the Windows Error Recovery screen first to tell you there's a probelm and to launch Startup Repair.
XP Recovery console
Started by inserting and booting to the XP installation disc. Hit 'r' to repair a Windows installation and choose the Windows installation. Can be used to manually restore Registries, stopping problem services, rebuilding partitions (other than the system partition), and using the expand program to extract copies of corrupted files from an optical disc or floppy disk.
Enable Boot Logging (all)
Starts Windows normally and creates a log file of the drivers as they load into memory. File is named ntbtlog.txt and is saved in the %SystemRoot% folder. If the startup failed because of a bad driver, check the ntbtlog.txt file, and the last driver listed could be the problem. To check the ntbtlog.txt file: -Boot to Recovery Console or WinRE -use the tools there to read the boot log by typing ntbtlog.txt -disable or enable problematic devices or services
Enable VGA Mode (XP) / Enable Low-Resolution Mode (Vista/7)
Starts Windows normally, but only loads a default VGA driver. If this mode works, it means you have may have a bad driver, or it may mean you are using the correct video driver but it is configured incorrectly (perhaps with wrong refresh rate and/or resolution). This mode loads the driver Windows is configured to use (not a basic driver) but starts it up in standard VGA mode rather than using the settings for which it is configured.
Start Windows Normally (all)
Starts Windows normally.
Debugging Mode (all)
Starts in kernel debug mode. To do this, the computer must be connected to another computer via serial cable and the other computer must be running a debugging program.
Disable Automatic Restart on System Failure (all)
Stops the computer from rebooting after stop/BSoD errors. Want to use this when the computer reboots too quickly and you aren't able to catch what the error was.
XP Event Viewer Application section
Stores events specific to applications. 3 types of events recorded: Errors, Warnings, Information Errors events(marked with a red X) -are the most serious, prevent the application from running Warnings events (marked with an exclamation point over a triangle) -for events that aren't preventing the application from running, but could in the future. Information events: -Merely for record keeping, letting you know that a program, driver, or service ran successfully.
WinRE Windows Memory Diagnostics (Tool)
Tests the RAM to see if its bad or not. Gives you 3 options: 1. Basic 2. Standard 3. Extended Can also be accessed by going into an administrator command prompt and typing: mdsched OR Control Panel > System and Security > Administrative Tools
WinRE System Restore
This tool allows you to roll back to previous restore points.
fsutil command
Tool that handles file systems. fsinfo -provides a detailed query about the drives and volumes fsutil dirty [drive name] -tells you if Windows considers the drive to be "dirty" - meaning you need to run autochk at the next reboot. fsutil repair initiate [drive letter] -runs a basic version of chkdsk without rebooting
bcdedit tool
Used to see how Windows boots when run without switches. Has two sections, Windows Boot Manager (describes location of bootmgr) and Windows Boot Loader (describes location of the winload.exe file)
Who can make changes to log files in Event Viewer?
Users with Administrator privileges
XP: No Boot Device error
Usually indicates a bad boot sector. Can be fixed by using the fixmbr command.
XP: NTLDR bad or missing error
Usually indicates missing system files. Fixed by going to the root directory and typing: copy d:\i386\ntldr then copy d:\i386\ntdetect.com Then a rebuild of the boot.ini will need to take place: bootcfg /rebuild
Disable Driver Signature Enforcement (Vista/7)
Vista & 7 require that all very low-level drivers (kernel drivers) must have a Microsoft driver signature. If you are using an older driver to connect to your hard drive controller or some other low-level feature, you must use this option to get Windows to load the driver.
Reboot (all)
Will do a soft reboot of the system.
Vista/7 Windows PE
Windows Preinstallation Environment. The graphical interface of the Windows installation process. Allows you to boot directly to the Windows DVD which loads the OS directly to the RAM.
Vista/7 Windows RE
Windows Recovery Environment (also called by Microsoft, System Recovery Options), also abbreviated WinRE. This is the repair tools that run within Windows PE.
How to replace the Registry in Vista/7
Windows keeps a backup copy of the Registry every 10 days automatically (the RegIdleBackup task). Found in: \Windows\System32\config\RegBack To replace: Boot to the Windows DVD Access WinRE Go to the command prompt Run the 'reg' command and use the 'copy' command to copy from the backup location to the config subfolder.
Safe Mode (all)
Windows starts but loads only very basic, non-vendor specific drivers for mouse, 640 x 480 resolution monitor (in XP) or 800 x 600 resolution monitor (in Vista/7), keyboard, mass storage, and system services. Can use Device Manager to locate and correct issues.
XP Recovery Console helpful commands
attrib chkdsk copy disable (disables a service or driver) diskpart (creates/deletes partitions) enable (enables a service or driver) extract (extracts components from .cab files) fixboot (writes new partition boot sector on system partition) fixmbr (writes new master boot record for partition boot sector) format listsvc (lists all services on the system) logon (enables you to choose which Windows installation to log on to if you have more than one) map (displays current drive letter mappings) more/type (displays contents of a text file) systemroot (makes current directory system root of drive you're logged on to)
bcdedit switches
bcdedit /export [filename] -exports a copy of the BCD store to a file. bcdedit /import [filename] -imports a copy of the BCD store back into the store bcdedit /displayorder [OS name] /addfirst -to rearrange the order of OSs to boot to bcdedit /default {current} -to set the default OS bededit /delete -remove one of the identifiers, preventing others from booting to that OS
To disable an automatic start to Safe Mode that someone has configured
msconfig > Boot tab > deselect the 'Safe Boot' or 'Safe Mode' checkbox