Operating Systems Domains
OS Diagnosing & Troubleshooting part 1
Domain 3.0 Diagnosing and Troubleshooting This domain requires the ability to apply knowledge to diagnose and troubleshoot common problems relating to Windows 9x and Windows 2000. This includes understanding normal operation and symptoms relating to common problems.
3.1 Recognize and interpret the meaning of common error codes and startup messages from the boot sequence, and identify steps to correct the problems.
Windows automatically initiates Safe Mode if it detects that system startup failed , or if the registry is corrupted.
Safe Mode bypasses startup files, including the registry, Config.sys, Autoexec.bat, and the [Boot] and [386Enh] sections of System.ini, and provides you with access to the Windows configuration files. You can make any necessary configuration changes, and then restart Windows normally.
Windows in Safe Mode, only the mouse, keyboard, and standard VGA device drivers are loaded.
Safe Mode With Networking is not supported in Windows 98.
Safe Mode Command Prompt Only loads the Command.com and DoubleSpace or DriveSpace files (if present). It does not load Himem.sys, Ifshlp.sys, or Windows .
Step-by-step Confirmation allows you to specify which commands and drivers the system should process by confirming each line of the startup files.
Safe Mode and Windows 2000
Safe Mode - Starts Windows 2000 using only basic files and drivers (mouse, except serial mice; monitor; keyboard; mass storage; base video; default system services; and no network connections).
Safe mode with Networking - Starts Windows 2000 using only basic files and drivers, plus network connections.
Safe Mode with Command Prompt - Starts Windows 2000 using only basic files and drivers. After logging on, the command prompt is displayed instead of the Windows desktop.
Enable Boot Logging - Starts Windows 2000 while logging all the drivers and services that were loaded (or not loaded) by the system to a file. This file is called ntbtlog.txt and it is located in the windir directory. Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt add to the boot log a list of all the drivers and services that are loaded. The boot log is useful in determining the exact cause of system startup problems.
Enable VGA Mode - Starts Windows 2000 using the basic VGA driver. The basic video driver is always used when you start Windows 2000 in Safe Mode (either Safe Mode, Safe Mode with Networking, or Safe Mode with Command Prompt).
Last Known Good Configuration - Starts Windows 2000 using the registry information that Windows saved at the last shutdown. Use only in cases of incorrect configuration. Last known good configuration does not solve problems caused by corrupted or missing drivers or files. Also, any changes made since the last successful startup will be lost.
Debugging Mode - Starts Windows 2000 while sending debug information through a serial cable to another computer.
No operating system found
This could mean
The hard drive is physically damaged or has a disconnected/damaged cable
The system or the boot files have been corrupted or missing.
The master boot record is damaged/changed
Boot from a start up disk, and type sys c: and/or run windows setup to replace the system and boot files. If the MBR partition is damaged you will have to run fdisk /mbr first. If you can not write to disk then it could be a damaged hard drive or loose/broken cable
Error in CONFIG.SYS line XX
Usually caused by a missing/corrupted file or device driver, or typing error.
Bad or missing COMMAND.COM
Any one of the following reasons could be the cause of this message
COMMAND.COM file was deleted or renamed.
COMMAND.COM wrong version
COMMAND.COM has a damaged header.
Use a Startup floppy (must be the same version or later as the system your trying to boot).
Type sys c: at the A:\> prompt and press enter.
HIMEM.SYS not loaded
The HIMEM.SYS command line in your config.sys file must appear before any commands that start programs or device drivers that use extended memory. If any of these other programs or devices try to load before HIMEM.SYS is loaded you could receive this error message.
Missing or corrupt HIMEM.SYS
The file may have been deleted from the C:\WINDOWS\COMMAND directory, or there is a line in CONFIG.SYS calling on a different version of HIMEM.SYS.
The SCSI and CD-ROM support built into Windows requires that CD-ROM drives provide SCSI parity to function properly. For many drives, this is a configurable option or is active by default.
The ends of the SCSI bus must have installed. In addition to the requirement that the last external and the last internal SCSI device be terminated, some hardware have additional requirements for where it must be placed in the SCSI chain.
If Setup does not automatically detect a SCSI CD-ROM drive, try the following:
Try loading real-mode drivers for the SCSI controller, the CD-ROM driver, and Mscdex.exe, and see if the CD-ROM drive works in MS-DOS.
If the drive does work in MS-DOS, in Device Manager, examine the SCSI controller’s properties to make sure it was detected correctly.
Check your physical connections.
Check the SCSI IDs for all devices to make sure they are unique.
A SCSI or IDE tape drive or scanner does not show up in Device Manager. Windows does not assign drive letters to tape drives and scanners, because they have no drive to assign a letter to. Therefore, they might appear as Unknown Devices in Device Manager. After you start Windows, it asks if you have a driver for these devices. If you have Windows drivers, click Yes, and then type the path to where the drivers are located. To use existing real-mode drivers, click No. Windows will continue to recognize and support these devices although they are listed as Unknown Devices.
If you do not have much free hard disk space your swap file will not be able to expand which can cause your computer run slow. Not enough free space also causes your swap file to swap between physical memory and the hard disk more frequently, which increases the chances of general protection faults.
NT boot issues
The boot menu disappears
If you want to set up a dual-boot system, you must install the alternate operating system before you install Windows NT. If you install Windows NT first and then install another operating system, it will overwrite the boot sector, and the PC will no longer look for the NTLDR file. To correct this problem install a new copy of Windows NT to a different directory. Doing so will make NT bootable. You can then edit your BOOT.INI file and remove any references to the new copy.
BOOT: Couldn't find NTLDR Please insert another disk
Your boot sector is okay because it still points to the NTLDR file. However, your NTLDR file is either missing or damaged. To correct this problem, replace the NTLDR file with a backup file or install a new copy of Windows NT to a different directory
Windows NT could not start because the following file is missing or corrupt: \\system32\ntoskrnl.exe Please reinstall a copy of the above file.
This problem usually occurs because the BOOT.INI file points to the wrong location for the Windows NT operating system or NTOSKRNL.EXE is missing or damaged. Copy the file from a backup or install a new copy of Windows NT to a different directory and copy file.
NTDETECT Checking Hardware 'E
The NTDETECT.COM file is missing or damaged. To correct the problem, copy the file from a backup or install a new copy of Windows NT to a different directory
I/O Error accessing boot sector file ulti(0)disk(0)rdisk(0)partition(1):\bootsect.dos
This error indicates that the BOOT.INI file either points to the wrong location for the BOOTSECT.DOS file or that the BOOTSECT.DOS file is corrupt.
OS Loader V4.00 Windows NT could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. Please check the Windows NT documentation about hardware disk configuration and your hardware reference manuals for additional information.
This message means that the location BOOT.INI points to doesn't contain a valid file system This error can be caused by an incorrect location specified in BOOT.INI. For example, if the BOOT.INI file points to a volume that's unformatted, you'll receive this error. It can also be caused by a crashed hard disk, or a hardware-implemented RAID device that's dropped off-line.
Windows 98 drwatson.exe
To start Dr. Watson On the Start menu, click Run, and then type Drwatson. Click OK or Click Start, point to Programs, Accessories, and System Tools, and then click System Information. Select the Tools menu and click Dr. Watson
Dr. Watson collects detailed information about the state of your system at the time of and slightly before an application fault. Dr. Watson intercepts the software faults, identifying the software that faulted and offering a detailed description of the cause. When enabled, this tool automatically logs this information to the disk (\Windows\Drwatson\*.wlg), and can display it on screen. Dr. Watson indicates the program that caused the application fault, the program the fault occurred in, and the memory address at which the fault occurred.
Windows 2000 drwtsn32.exe
If a program error occurs, Dr. Watson will start automatically. To start Dr. Watson, click Start, click Run, and then type drwtsn32. To start Dr. Watson from a command prompt, change to the root directory, and then type drwtsn32.
Dr. Watson for Windows 2000 is a program error debugger. The information obtained and logged by Dr. Watson is to diagnose a program error for a computer running Windows 2000. A text file (Drwtsn32.log) is created whenever an error is detected. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger.
Failure to start GUI
Explorer.exe could be missing or corrupted
Windows Protection Errors
General protection errors
Is caused when a program tries to access a portion of memory that is has not been allocated by Windows or is already being used by another program or TSR. When this happens the screen turns blue with the GPF error message.
Run scandisk / defrag
Remove any TSRs or programs which were running before the GPF.
Remove and reinstall the program that caused the GPF.
Disable power management and screen savers
If you frequently receive GPF errors from different programs you may have to reinstall windows
Invalid Page Fault
Is caused when Windows or a program attempts to store or call a segment or block of memory that does not exist. This could happen because of bad memory or the program is incompatible or corrupt
Is an operation requested, which is not understood by Windows or the CPU. Illegal Operations can be caused by
Data that can not be read properly
Bad hard drive sectors
Invalid page faults
Are generally caused by program incompatibility, overheating such as the CPU cooling fan not operating or other hardware / software issues
Event Viewer – Event log is full
When a log is full, it stops recording new events.
You must be logged on as an administrator or a member of the Administrators group to free an event log.
To free an event log when it is full
Open Event Viewer, click Start, point to Settings, and click Control Panel. Double-click Administrative Tools, and then double-click Event Viewer.
In the console tree, click the log you want to free.
On the Action menu, click Clear all Events.
You can also free a log and start recording new events by overwriting events. To overwrite events, on the Action menu, click Properties, and then click Overwrite events as needed. This ensures that all new events are written to the log, even when the log is full.
You can also start logging new events by increasing the maximum log size. To increase the log size, on the Action menu, click Properties, and then increase the Maximum log size.
A device referenced in SYSTEM.INI, WIN.INI, Registry is not found
The referenced device is no longer installed, or its drivers are missing/corrupted. Try installing then reinstalling the device, or remove the referenced lines from the above files.