Chapter 36. Troubleshooting Microsoft Windows
This chapter covers the following A+ 220-1002 exam objective:
• 3.1 – Given a scenario, troubleshoot Microsoft Windows OS problems.
Welcome to the first chapter of Domain 3.0: Software Troubleshooting.
Now for the toughest part of working with Windows: troubleshooting. Before beginning this chapter, I recommend that you review the six-step troubleshooting process in Chapter 17, “Computer Troubleshooting 101.” As I mentioned in Chapter 17, troubleshooting is probably the most important skill for a computer technician to possess. There are many different things that can go wrong in a computer; the majority of them are software-related. This chapter endeavors to give you the tools, utilities, and skills necessary to troubleshoot the various boot errors, stop errors, and other Windows problems that you might encounter.
We’ll start with Windows Recovery Environment that you should be able to access and use. The we’ll move into some boot issues and stop errors and demonstrate how to fix those. And throughout the chapter we’ll discuss various issues and symptoms and the techniques and tools used to combat them. It’s a super-important chapter, so let’s get right to it.
3.1 – Given a scenario, troubleshoot Microsoft Windows OS problems.
ExamAlert
Objective 3.1 concentrates on: common symptoms including: slow performance, limited connectivity, failure to boot, no OS found, application crashes, blue screens, black screens, printing issues, services fail to start, slow bootup, and slow profile load; and common solutions including: defragment the hard drive, reboot, kill tasks, restart services, update network settings, reimage/reload OS, roll back updates, roll back devices drivers, apply updates, repair application, update boot order, disable Windows services/applications, disable application startup, Safe boot, and rebuild Windows profiles.
Windows Recovery
There are many tools included with Windows designed to help you troubleshoot and repair just about any issue that might come up. Before getting into the exact issues you might face, let’s discuss some of these advanced repair and preinstallation environment repair tools, what they do, and where you can access them. We’ll start with the Windows Recovery Environment.
Windows Recovery Environment (Windows RE)
Windows RE (or WinRE) is a set of tools included in Windows whose purpose is to recover Windows from errors that prevent it from booting; these tools can also be instrumental in fixing issues that cause a computer to “freeze up.” There are several possible ways to access Windows RE; each method varies according to the version of Windows being used.
In Windows 10 and 8, Windows RE is accessed through the Boot Options menu. You can get to Boot Options in a variety of ways, including the following:
• Right-click the Start button, select Shut down or sign out, and while holding the Shift key, select Restart.
• In the Command Prompt, type shutdown /r /o and then press Enter.
• In Windows 10, go to Start > Settings > Update & security > Recovery, and under Advanced Startup click Restart now.
• Boot to various recovery or boot media. For example, a recovery partition, a Windows DVD or USB flash drive, or the Windows Preinstallation Environment (WinPE) which can be booted from flash drive, disc, and via PXE. WinPE can be used to run recovery tools such as WinRE and Winternals, as well as for running drive-cloning utilities. To use WinPE you must first download the Windows ADK, and then the Windows PE add-on. You can get them from this link:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/download-winpe--windows-pe.
Note
In Windows 7, you either boot from the installation media or boot to a special partition on the hard drive that had Windows RE installed. We’ll be focusing on Windows 10 and 8 for this section.
Once the system has rebooted, you should see the “Choose an option” screen. Selecting Troubleshoot will present several options, including:
• Refresh your PC (Windows 8 only), which saves personal files but removes all programs installed to the desktop and resets PC settings,
• Reset your PC, which in Windows 8 removes all files and essentially performs a factory reset. In Windows 10 it allows you to keep personal files or remove everything.
• Advanced Options. Selecting Advanced Options brings up the main tools that a technician will use to troubleshoot a system.
Figure 36.1 shows the Advanced options screen in Windows 10 (version 1803), where the main recovery tools are available. In Windows 7 the equivalent is called System Recovery Options. Table 36.1 describes these options in more depth.
Figure 36.1 The Windows 10 Advanced options screen
Table 36.1 Description of the Windows Recovery Options
ExamAlert
Memorize the different Windows RE options in Windows.
Note
To learn more about WinRE for Windows 10, see this link:
To learn more about WinRE for Windows 8, see this link:
One thing to keep in mind is that Windows will attempt to do a self-repair if it senses a boot issue. This will occur first when you start, or restart, the system. If this automatic repair does not fix the problem, the Windows Recovery Environment is your next stop. But in some cases, you need to boot the system in a different way in order to fix a problem. Let’s discuss advanced booting now.
Startup Settings and Advanced Booting
If Windows is not functioning properly, the culprit might be a video driver, new configuration, or other system issues. There are several startup options—such as Safe Mode—that can aid in fixing these problems. Historically, these options were accessed by pressing the F8 key immediately after the computer starts up. When you do so it displays the Windows Advanced Boot Options menu, which is what you need to use in Windows 7. These are effectively the same options as shown in the WinRE Startup Settings in Windows 10/8, with slight name changes and rearrangement.
While the F8 keypress is still supported by Microsoft, and it works in Windows 7 by default, it does not work in Windows 10/8 by default. To enable it in Windows 10 and 8, type the following into the Command Prompt (as an admin):
bcdedit /set {default} bootmenupolicy legacy
That effectively replaces the Startup Settings version. To disable it, and go back to the Startup Settings version, use the same command but replace legacy with standard.
The Startup Settings window and the Advanced Boot Options menu have essentially the same options, with one difference—the Advanced Boot Options menu includes the Repair Your Computer option, which will automatically attempt to fix Windows issues for you. That’s not included in the Startup Settings window because there are several automated repair options elsewhere in WinRE. You will most likely use Startup Settings more often, so let’s show and describe that. Figure 36.2 shows an example of the Startup Settings window as displayed in Windows 10. Table 36.2 describes the options as listed in the Startup Settings window. Note that you can use the F1-F9 function keys to select the startup option.
Figure 36.2 The Windows 10 Startup Settings screen
Table 36.2 Description of the Windows Startup Settings
ExamAlert
Know the various Startup Settings (such as Safe Mode) and know what they do.
Boot Errors
There are various reasons why a computer will fail to boot. If it is operating system-related, you usually get some type of message that can help you to troubleshoot the problem. Windows uses the bootmgr and BCD files during the startup process. If these files are corrupted or missing, you will get a corresponding error message. Two common errors are “Bootmgr is missing” and “The Windows Boot Configuration Data file is missing required information.” Let’s talk about each of these now.
BOOTMGR is missing
This message displays if the Windows Boot Manager file (bootmgr) is missing or corrupt. This black screen probably also says Press Ctrl+Alt+Del to Restart; however, doing so will probably produce the same results.
By default, the bootmgr file should be located in the root of C:. There are a few methods to repair this error. The first is to boot to the Windows Recovery Environment and select the Startup Repair option. This should automatically repair the system and require you to reboot. If this doesn’t work, try the second method, which is to rebuild the Boot Configuration Data (BCD) store. Again, boot to the Windows RE, select the Command Prompt option, and then type the command bootrec /rebuildbcd. That rebuilds the data store and might fix the problem. You might also need to run System Restore from the Windows Recovery Environment to fix the problem.
Sometimes, you might find that the C: partition needs to be set to active. Or the 100 MB special partition (which houses important boot information) is missing. Check these as well when troubleshooting this error.
Finally, in some cases the commands bootrec /fixboot and bootrec /fixmbr can help. These rewrite the boot sector and master boot record, respectively. (One scenario in which you might need to do this is when the Windows computer was configured to dual-boot with an older version of Windows.) Note that bootrec /fixmbr is ineffective on GPT-based systems because they do not use a master boot record.
Note
For more information about fixing this error visit the following links. They are written for Windows 7, but most of the information applies to newer versions of Windows as well.
ExamAlert
Make sure you understand that bootrec can be used to troubleshoot and repair a boot sector, a Boot Configuration Data (BCD) store, and less commonly, the master boot record.
The Windows Boot Configuration Data file is missing required information
This message means that either the Windows Boot Manager (bootmgr) entry is not present in the BCD store or the Boot\BCD file on the active partition is damaged or missing. Additional information you might see on the screen includes File: \Boot\BCD and Status: 0xc0000034. Unfortunately, this means that the BCD store needs to be repaired or rebuilt. Hold on to your hat; there are three methods of repair for this error. The first two are the same as with our “bootmgr is missing” error. Let’s review those again. Chances are you’ll be called on to perform these in the field or perhaps on the exam, so know them well.
The first method of repair is to boot to the System Recovery Options and select the Startup Repair option. This should automatically repair the system and require you to reboot. If not, move on to the second method.
The second method of repair is to boot to the System Recovery Options and select the Command Prompt option. Type bootrec /rebuildbcd. At this point, the bootrec.exe tool either succeeds or fails. If the Bootrec.exe tool runs successfully, it displays an installation path to a Windows directory. To add this entry to the BCD store, type Yes. A confirmation message appears that indicates the entry was added successfully.
If the Bootrec.exe tool can’t locate any missing Windows installations, you have to remove the BCD store and then re-create it. To do this, type the following commands:
Bcdedit /export C:\BCD_Backup ren c:\boot\bcd bcd.old Bootrec /rebuildbcd
These methods usually work, but if not, there is another method that is more in depth and requires rebuilding the BCD store manually.
Note
For more information, you can find this step-by-step process and learn more about fixing BCD store issues at:
ExamAlert
Know how to recover from Windows boot errors!
Improper and Spontaneous Shutdowns
You’ve probably seen a Windows computer fail and reboot with the message Windows Was Shut Down Improperly. Improper shutdowns and spontaneous shutdowns could happen for a variety of reasons: brownouts or blackouts, power surges, hardware failures, a user inadvertently unplugging the computer, or perhaps a virus or other malware. It can be a disturbing phenomenon to users and one that could be going on for a while, so be patient with the user (and the computer) when troubleshooting this problem.
Some of the methods you can use to troubleshoot these issues include:
• Check Event Viewer: Look in the System log to see if there are any alerts about hardware failures, service failures, and so on. If there are, consider upgrading the driver for the affected hardware or upgrading the software that the service is dependent on. Ensure the computer is running the latest updates.
• Use Msconfig (System Configuration utility): On the General tab, select the Selective Startup checkbox and the Load startup items checkbox. To weed out third-party program issues, click the Services tab, click the Hide All Microsoft Services checkbox, and then click Disable All. Restart the system and see if the same issues return or if events are still written to Event Viewer. Remember to restore Normal startup in msconfig when finished troubleshooting.
• Boot into Safe Mode: Use Safe Mode to further investigate the problem. Safe Mode uses only the most basic drivers, so if it is a driver issue, this could help you find out about it. Don’t forget, you can also use Safe boot in msconfig.
• Run a virus scan: Run a scan for malware and quarantine anything unusual. Update the antivirus software when you are finished.
• Check power: Make sure the AC outlet is wired properly and is supplying clean power. Verify that the power plug is firmly secured to the computer. If necessary, you might have to check the power supply. Intermittent and unexplainable shutdowns can sometimes be linked to power supplies or other hardware failures.
• Use Windows RE: If necessary, use the Windows Recovery Environment to troubleshoot spontaneous shutdowns.
Stop Errors
A stop error (also known as a Blue Screen of Death [BSOD]) is the worst type of error that can happen while Windows is operating. It completely halts the operating system and displays a blue screen with various text and code. (In Window 10, you might see a sad face with a QR code among other things.) Anything you were working on is, for the most part, lost. In some cases, it reboots the computer after a memory dump has been initiated. (This is also known as auto-restart.) If not, you need to physically turn the computer off at the Power button and turn it back on. Some BSODs happen only once, and if that is the case, you need not worry too much. But if they happen two or three times or more, you should investigate. Quite often they are due to a hardware issue, such as improperly seated memory or a corrupt driver file. If you see two columns of information with a list of drivers and other files, a driver issue could be the culprit. Look at the bottom of the second (or last) column and identify the driver that has failed (for example, ntfs.sys). These drivers can become corrupt for a variety of reasons and would need to be replaced when you boot into Windows. Or if you can’t boot into Windows and Windows does not auto-repair the file, you can replace them from within Windows RE’s Command Prompt. Less commonly, a BSOD might be caused by a memory error that will have additional code that you can research on Microsoft’s websites (Microsoft support and TechNet).
By default, three things happen when a stop error occurs:
1. An event will usually be written to the System log within Event Viewer, if that option has been selected in the Startup and Recovery window, as shown in Figure 36.3. When a stop error is written to the System log, it may be listed as an Information entry, not as an Error entry. The stop error will be listed as The System Has Rebooted from a Bugcheck. The Bugcheck was (Error Number). Use the error number to look up the problem—and hopefully find a solution—on Microsoft Support and/or TechNet.
Figure 36.3 The Startup and Recovery window
The settings shown in Figure 36.3 can be accessed on the Advanced tab in the System Properties dialog box. (You could also open the Run prompt and type SystemPropertiesAdvanced.exe). Click the Settings button in the Startup and Recovery area to access the Startup and Recovery window.
2. Windows will write debugging information to the hard drive for later analysis with memory dump debugging programs; this debugging information is essentially the contents of RAM. The default setting in Windows is to only write a portion of the contents of RAM, known as a Kernel memory dump. The Kernel memory dump is saved as the file %systemroot\MEMORY.DMP. You can also select a Small Memory Dump; this is written to %systemroot%\Minidump. Windows supports the option for a Complete Memory Dump, which dumps the entire contents of RAM to a file again named MEMORY.DMP. To support the Complete Memory Dump, the paging file must be large enough to hold all the physical RAM plus 1 megabyte.
Note
For more information about the various dump files, visit:
3. The computer automatically restarts (if that option is selected, which is the default in Windows).
ExamAlert
Know how stop errors occur and how memory dumps function.
Restoring Windows
Beyond even stop errors, a complete system failure is when a system cannot be repaired. When this happens, the only options are to reinstall or to restore Windows. There are several methods for restoring Windows, including
• All Windows: Boot to the Windows installation media (USB flash drive, DVD, etc.…), then click the repair option. At the main Windows RE (or System Recovery Options) window, select System Image Recovery. Provide backup media.
• Windows 7: Boot to the Windows installation media, then click the repair option, and at the first System Recovery Options window (with the possible list of operating systems), select the Restore Your Computer Using a System Image That You Created Earlier option (you will be required to provide the backup media).
• All Windows: Reset the system to a factory image stored on a separate partition of the hard drive. This is common on laptops, especially ones that do not have optical drives. Or use third-party tools such as Symantec Ghost or Acronis True Image. Remember, the image needs to be created before the disaster!
There are various other ways to access the utilities mentioned. Refer to earlier parts of this chapter for details or refer to the documentation that came with your third-party software.
Common Windows Symptoms and Solutions
We mentioned a lot of issues and solutions already, but there are a good number of other symptoms that you will encounter when working on Windows. What makes troubleshooting difficult is that there are often several potential solutions to a problem. Let’s fill the gaps by listing some of those symptoms and potential solutions in Table 36.3.
ExamAlert
You will likely be tested on the common symptoms and solutions listed in Table 36.3. Given a scenario, know how to troubleshoot Windows OS problems well for the exam and in the field!
Table 36.3 Windows Symptoms and Solutions
Cram Quiz
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. Which option starts the system with a minimal set of drivers?
A. Windows RE
B. System Restore
C. Safe Mode
D. Debugging Mode
2. Which tool should be used if you want to do Startup Repair in Windows?
A. File History
B. Windows RE
C. System Restore
D. Safe Mode
3. Which command repairs the bootmgr file in Windows? (Select the best answer.)
A. msconfig
B. bootrec /fixboot
C. bootrec /rebuildbcd
D. boot\bcd
4. One of your customers updated the software for a wireless adapter on a PC. After rebooting, the user logged in and the computer displayed a blue screen. What should you do?
A. Install the device on a known good computer.
B. Reboot the computer and access debugging mode.
C. Purchase a new wireless adapter.
D. Roll back the device drivers in Safe Mode.
5. You are running Windows 8.1 and want to save personal files and remove all programs installed to the desktop while resetting PC settings. Which of the following should you select?
A. Reset your PC
B. Refresh your PC
C. System Recovery Options
D. Command Prompt
6. A stop error could manifest itself as what?
A. A BSOD
B. An Event Viewer error
C. An Action Center notification
D. An Internet Explorer error
7. Which tools can be used to restore a computer? (Select all that apply.)
A. File History
B. System Restore
C. System Image Recovery
D. Msconfig
8. Which of the following might cause a blue screen?
A. A faulty DVD-ROM
B. A CPU without a fan
C. Bad drivers
D. A program compatibility issue
9. An application is frozen and cannot be closed. However, the rest of the operating system works fine. Which tool can be used to close the application?
A. tasklist
B. taskkill
C. shutdown
D. convert
10. You are tasked with repairing an issue with a Windows client computer that is attempting to log on to a domain. The user informs you that it takes 5 minutes to log on to the domain, but logging into the local machine only takes 15 seconds. What steps should you take to fix the problem? (Select the two best answers.)
A. Cleanup temp files.
B. Disable unnecessary services in msconfig.
C. Update the BIOS boot order.
D. Synchronize the Windows client’s time to the domain.
E. Run and ipconfig /release and ipconfig /renew
Cram Quiz Answers
1. C. Safe Mode starts the operating system with a minimal set of drivers.
2. B. Windows RE includes Startup Repair. File History is the backup and restore feature of Windows 10 and 8. Safe Mode is part of the Startup Settings screen (Windows 10 and 8) and the Advanced Boot Options menu (Windows 7). System Restore is a different tool that is also available in Windows RE; it can be used to restore the computer’s settings to a previous point in time.
3. C. bootrec /rebuildbcd is one of the methods you can try to repair bootmgr in Windows. Msconfig is used to modify how the OS starts up but cannot repair bootmgr.exe. Bootrec /fixboot is used to repair the boot sector. In rare cases, it might be able to fix the bootmgr file. Boot\bcd is where the boot configuration store is located.
4. D. You should boot into Safe Mode and roll back the drivers of the device in Device Manager. The drivers that the customer installed were probably corrupt and caused the stop error. No need to remove the device and install it anywhere just yet. Debugging mode probably won’t be necessary for this; it is more commonly used to analyze issues during boot. Never purchase new equipment until you have exhausted all other ideas!
5. B. You should select Refresh your PC. In Windows 8.1 this removes programs that were installed and resets PC settings but it saves personal files. When you select Reset your PC (in Windows 8.1), all files are removed and the system is reset to the original state. In Windows 10, Reset your PC gives you both options. System Recovery Options in Windows 7 is where the Windows Recovery Environment tools are found. The Command Prompt is used to run specific commands (either from within the OS or from Windows RE) and isn’t the best answer for this scenario.
6. A. A BSOD (blue screen of death) is what results from a stop error in Windows. The proper name for it is a stop error.
7. B and C. System Restore is the tool used to restore a computer to an earlier point in time. While this doesn’t completely restore from an image, it is still a form of restoration. System Image Recovery is the Windows 7 solution for restoring an image. File Historyis used in Windows 10 and 8 to locate files from backup and restore them to the system. Msconfig is used to modify how Windows boots and which services are run.
8. C. Bad drivers could cause a blue screen error (stop error). Blue screens could also be caused by improperly seated RAM, among other hardware issues. A faulty DVD-ROM drive would not cause a blue screen. A CPU installed without a fan would overheat, causing the system to shut down. Incompatible programs simply don’t run.
9. B. Taskkill ends the underlying process of an application, closing the application. Tasklist is used to view which processes are running, their process IDs, and the memory used by each. Shutdown is a command used to turn off the computer in a variety of ways. Convert is used to alter a FAT32 partition to NTFS.
10. A and D. Try cleaning up temp files and cookies (either with a cleanup program or manually). Then, make sure that the client computer’s time is synchronized to the domain controller. Disabling unnecessary services is always a good idea, but it is unlikely that that will slow the logon process to the domain that much. Especially if the local logon is quick. Updating the BIOS boot order isn’t necessary because the system is booting to Windows just fine. Releasing and renewing the IP address shouldn’t be necessary in this scenario, but it can be helpful when troubleshooting no (or limited) connectivity issues. Remember, troubleshooting is what we do. It’s all about persistence—keep searching for the answer!