H AN : I DENTIFYING & M ITIGATING OPERATING SYSTEM …ca.cyanna.com/Courses/comptia/CT-008/5/Handout-Identifying_and... · Restore the NTLDR and ntdetect.com files form the installation

H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S

Revision Date: 5/31/2013

Time 1.0 Hour

Cyanna Education Services, 2013 Page 1

KEY PO INT S

There are a number of Operating System Issues that you could encounter.

These are discussed in the table below along with how to troubleshoot the problem and fix it.

Several tools included in Windows to help resolve problems and these are discussed as well.

OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS

OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS

BSOD – Blue Screen of Death Also called a STOP Error. This will appear when a system issue occurs and is so serious that Windows must stop completely.

Note: A Blue Screen of Death is usually hardware or driver related. Most BSODs show a STOP code that can be used to help figure out the root cause of the Blue Screen of Death.

1. What did you do? Install new software/hardware, Update drivers. If yes, Undo the change you made:

Use System Restore

Startup using Last Known Working Configuration

Roll back device driver

2. Verify there is enough free space on your primary partition (15% is recommended)

3. Scan for viruses with software that scans the Master Boot Record MBR and boot sector

4. Update drivers for your hardware – this is the main culprit of BSOD

5. Check system logs

6. Make sure all hardware is seated properly

7. Perform diagnostics on all hardware

8. Update the BIOS

Failure to boot 1. Check your BIOS is set in the correct sequence

2. Check that all cables are plugged in.

3. The MBR may be damaged, use bootrec /FixMbr

Improper shutdown - Manually shutting down the computer by holding the power button until it shuts off or unplugging it from the power source are improper ways of shutting down your PC. Doing so can:

Corrupt data on your hard drive and, possibly, damage hardware.

Interrupt the disk drive in the middle of writing a sector of information to the hard disk.

Incompletely writing a file to the disk causing a loss of data

Cause files too not close properly and may become corrupted

The effects of improper shutdown will become apparent upon the next time you turn your computer on. By:

Going through a long file system check procedure on the next reboot.

Entering REPAIR/SAFE mode where only someone physically in front of the PC can control it.

To repair the problem:

Run in safe mode and at the command prompt type chkdsk /f /r

Perform a

Check Disk to defrag the disk or check for errors.

Train users to use proper technique: StartShutdown





Most operating systems allow you to begin the proper shut down procedure simply by pressing the power button once.

Spontaneous shutdown/restart – can be a sign of a virus or hardware failure

Go to Computer ManagementDevice Manager and systematically click on devices to verify they are working properly.

Device fails to start is a message returned by the Device Manager in the Device Properties dialog box

Go to Device Manager

Open System Devices and scroll through the list until you see the device

Double click the device, go to the Driver tab, here you can update the driver





Missing dll message - Regsvr32.dll error messages might appear while using or installing certain programs, when Windows starts or shuts down, or maybe even during a Windows installation.

A DLL file, short for Dynamic Link Library, is a type of file that contains instructions that other programs can call upon to do certain things. This way, multiple programs can share the abilities programmed into a single file.

"Regsvr32.dll Not Found"

"Cannot find [PATH]\regsvr32.dll"

regsvr32.dll errors could indicate a registry problem, a virus or malware issue or even a hardware failure.

If you can access Windows normally:

Obtain a copy of regsvr32.dll from a legitimate source

If you cannot access Windows normally:

1. Start windows in safe mode

2. Restore regsvr32.dll from the Recycle Bin. The easiest possible cause of a "missing" regsvr32.dll file is that you've mistakenly deleted it.

3. Run a virus/malware scan of your system

4. Use System Restore to undo recent system changes

5. Reinstall the program that uses the regsvr32.dll file

6. Update the driver related to the hardware device that is giving the regsvr32.dll error

7. Run System File Checker (SFC)

8. Install Windows updates

9. Test memory and hard drive and replace them if necessary

10. Perform a clean install

Services fails to start - The issue may occur if the service is started by the Local System account instead of by the Local Service account (NT

1. Click Start, type Services.msc in the Search programs and files box, and then press ENTER,

2. Locate and double click the Windows Firewall service.

3. Click the Log On tab,

http://pcsupport.about.com/od/termsf/g/file-definition.htm





AUTHORITY\LocalService). The Local System account may have insufficient permissions to start the service.

4. In the This account text box, type Local Service

5. Set both Password fields blank,

6. Click Apply and then OK

Compatibility error The following steps can help you with programs that aren't working properly:

Open the Program Compatibility troubleshooter by clicking StartControl Panel TroubleshootingUnder Programs choose Run programs made for previous versions of Windows click Next

Choose the program giving you an error, click Next button

Follow the wizard to fix the problem

Go to the Windows Compatibility Center: http://www.microsoft.com/en-us/windows/compatibility/win8/CompatCenter/Home?Language=en-US

Boots To Safe Mode - Safe Mode is a special way for Windows to load when there is a system-critical problem that interferes with the normal operation of Windows. This will allow you to troubleshoot Windows to try and find the problem.

Use Recover Console to scan for problems

Determine what has changed on your system that could have caused Windows to fail to boot properly.

Uninstall any software or drivers

File Fails To Open – files that become corrupt will not open and no longer work properly

Most corrupt files cannot be recovered. You can try running a program to repair them. If this doesn’t work, delete the file and replace it with a backup.

Missing NTLDR error message - The "NTLDR is missing" error displays

The most common reason for this error is when your PC is trying to boot from a non-bootable source. This occurs when the hard drive or flash

http://www.microsoft.com/en-us/windows/compatibility/win8/CompatCenter/Home?Language=en-US%20







very shortly after the computer is first started, immediately after the Power On Self-Test (POST) is complete.

NTLDR is missing Press any key to restart"

"NTLDR is missing Press Ctrl Alt Del to restart"

"Boot: Couldn't find NTLDR Please insert another disk"

drive is not properly configured to be booted from. To correct this error try the following:

Restart the PC

Check your (CD/DVD/BD) drives for media and disconnect any external drives

Check the hard drive and other drive settings in BIOS and ensure they are correct

Repair or replace the boot.ini file

Restore the NTLDR and ntdetect.com files form the installation CD

Missing Boot.ini – Boot.ini is used in Windows XP to identify the Operating System that is installed

Type Msconfig in Start, and run it. If the Boot.ini file is missing, there will be no Boot.ini tab displayed in the "System Configuration Utility" panel as the image below.

Right click on My Computer -> Properties -> Advanced -> Startup and Recovery

click Settings

Click Edit button

Then your boot.ini file will be open, but if there isn't one, you can click "OK" to create a new one.





Now copy and paste the following code in it. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional"/fastdetect

Missing operating system error 1. Check if there is a disk in your DVD drive that is not a Windows Operating System Disk. If there is, remove it and try to reboot again.

If there is no disk in the drive:

1. Inset your Windows OS disc into the drive and boot your Windows from it.

2. Choose Repair your computer, not Install now, remember this.

3. Select the operating system after the installer searches for Windows installation, and click Next.

4. Then click Startup Repair. It will automatically fix problems that are preventing Windows from starting.

Missing Graphical Interface - in Windows 7, you will have a blank black boot screen instead of the animated dots turning into a Windows flag.

1. Go to MSCONFIG, click the Boot tab, verify that the No GUI boot check box is not checked

2. If it is clicked, unclick it and click Apply button then OK button

3. You will need to restart the computer for the change to be applied.

Graphical Interface fails to load – if you don’t even get to the screen or if the fix from Missing Graphical Interface does not resolve the problem

1. Insert the Windows Repair CD

2. Choose System Recover

3. Startup Repair

TO O LS



MSCONFIG

Built into Windows is a special tool called the "Microsoft System

Configuration Utility" or simply "MSCONFIG." Designed to help

you troubleshoot problems with your computer, MSCONFIG can

also be used to ensure that your computer boots faster and

crashes less.

1. Click on the Windows 7 start icon in the bottom left

corner of your screen.

2. Type MSCONFIG in the search box and then either

press enter on your keyboard or double-click on the

MSCONFIG program that appears in the search

results.

3. Windows 7 will launch Microsoft's System

Configuration Utility. Click on the Startup tab.

4. This takes you to a page with a list of "startup items."

Startup items are programs that are automatically

loaded every time you turn on your computer.

DEFRAG

Fragmentation makes your hard disk do extra work that can slow down your computer. Disk Defragmenter rearranges

fragmented data so your hard disk can work more efficiently. Disk Defragmenter runs on a schedule, but you can also

defragment your hard disk manually.

With this tool you can:

Analyze disk - determine if the disk needs to be defragmented or not

Defragment disk

Setup a configure schedule

Open Disk Defragmenter by clicking the Start, clicking All Programs, clicking Accessories, clicking System Tools, and

then clicking Disk Defragmenter. If you are prompted for an administrator password or confirmation, type the password

or provide confirmation.

REGSRV32.DLL

This command-line tool registers .dll files as command components in the registry.

Syntax: regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname

Parameters:

/u : Unregisters server.

/s : Specifies regsvr32 to run silently and to not display any message boxes.

/n : Specifies not to call DllRegisterServer. You must use this option with /i.

/i :cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u, it calls dll uninstall.



D L L N A M E : Specifies the name of the dll file that will be registered.

/? : Displays help at the command prompt.

SYSTEM RESTORE

System Restore regularly tracks changes to your computer's system files, and uses a feature called System Protection to create

restore points of selected hard disks in your computer. These restore points allow you to reverse installations that may be

causing system problems.

Click Start, right-click Computer, click Properties, click System Protection link, click System Restore button

Choose a restore point, click Next, confirm your selection and press Finish.

REGEDIT

Registry Editor is a tool intended for advanced users. It's used to view and change settings in the system registry, which contains

information about how your computer runs.

To open the Registry Editor, type regedit in the Windows 7 Start menu box and hit enter click the regedit program

1. Before any changes are done on the registry, you MUST create a backup by either using System Restore tool to create a restore point to roll back to or exporting the registry key or subkey:

Locate the key, click it to highlight

Click the File menu, and then click Export.

In the Save in box, select the location where you want to save the backup copy to, and then type a name for the backup

file in the File name box.

Click Save.

2. Make only one registry edit at a time.

EVENT VIEWER

Enables you to:

Browse and manage event logs

View events from multiple event logs

Save useful event filters as custom views that can be reused

Schedule a task to run in response to an event

Create and manage event subscriptions

. To Run a Task in Response to a Given Event

1. Start Event Viewer: Click the Start button, click Control Panel, click System and Security, click Administrative Tools, and then double-click Event Viewer

2. In the console tree, navigate to the log that contains the event you want to associate with a task.

3. Right-click the event and select Attach Task to This Event.

4. Perform each step presented by the Create Basic Task Wizard.

5. Follow the Task Wizard to complete the actions you want to take. You can choose to:

Start a program

Note: Regedit has no Undo function.



Send an email

Display a message

EMERGENCY REPAIR DISK (ERD)

If you don’t have a Windows 7 installation disc, can’t find your Windows installation disc, or can’t access the recovery options

provided by your computer manufacturer, Microsoft has a Microsoft Diagnostics and Recovery Toolset (MSDaRT). MSDaRT

helps diagnose and repair a system that has trouble starting or has other issues.

When you start the system using the Emergency Repair Disk (ERD), also referred to as Boot CD for MSDaRT, a System

Recovery Options dialog box appears.

BOOTREC.EXE

Bootrec.exe tool in the Windows Recovery Environment (Windows RE) is used to troubleshoot and repair the following items in

Windows Vista or Windows 7:

A master boot record (MBR)

A boot sector

A Boot Configuration Data (BCD) store

To run the Bootrec.exe tool you need a system recovery disk.

This is covered in the Lab: Creating and Using System

Repair Disks

Startup Repair - Fixes problems, such as missing or

damaged system files that might prevent Windows

from starting correctly. Startup Repair scans your

computer for the problem and then tries to fix it so

your computer can start correctly.

System Restore – Restores your computer’s system

files to an earlier point in time. It is a way to undo

system changes to your computer without affecting

your personal files, such as email, documents, or photos.

System Image Recovery – You need to have created a system image beforehand to use this option. A system image is

a personalized backup of partition that contains Windows, includes programs and user data, like documents, pictures,

and music.



Windows Memory Diagnostic Tool – Scans your computer’s memory for errors.

Command Prompt – Advanced users can use Command Prompt to perform recovery-related operations and also run

other command line tools for diagnosing and troubleshooting problems.

Microsoft Diagnostics and Recovery Toolset opens the ERD Commander, which provides a launch platform for all of

the DaRT tools that you included in the boot media.

M ICROSOFT D IAGNOSTICS AND RECOVERY TOOLSET

OVERV IEW : The following table lists some of the problems that can be solved using the utilities and wizards that are

provided in the Microsoft Diagnostics and Recovery Toolset.

TASK SOLUTI ON

Edit the Registry The ERD Registry Editor utility on the MSDaRT Tools menu provides information about the registry that can help you repair a system.

Regain access to a system The Locksmith wizard can be used to list the local user accounts and change passwords.

Diagnose a system failure The Crash Analyzer can be used to diagnose the cause of a system crash and identify the driver that caused the failure.

Salvage and repair partitions or volumes

The Disk Commander can be used to salvage or repair partitions, or volumes.

Recover deleted files The File Restore utility can be used to find and restore deleted files from any supported Windows-based file system.

Erase disks or volumes The Disk Wipe utility can be used to erase disks or volumes.

Search for particular files The Search utility allows you to restrict the scope of your search by specifying part of the name, search location, estimated size of the file, or the time when the file was modified.

Browse drives The Explorer utility allows you to browse folders and files that are stored on various drives.

Perform administrative tasks to manage the computer

The Computer Management utility provides recovery tools to help you:

Disable problematic drivers or services.

View event logs.

Partition and format hard disk drives.

Get information about Autoruns.

Get information about the computer.

Configure TCP/IP The TCP/IP Config utility helps you to display and set a TCP/IP configuration.

Uninstall Windows hotfixes and service packs

Hotfix Uninstall can be used to remove Windows hotfixes or service packs from a system that cannot be started.

Check and repair system files The SFC Scan utility helps you check system files and repair any that are corrupt or missing.

Use an anti-malware tool The Standalone System Sweeper utility helps detect malware or other unwanted software, and alerts you to potential risks.



BOOTREC.EXE OPTIONS FROM THE COMMAND PROMPT

BOOTREC /FIXMBR

The bootrec /fixmbr option writes a Windows 7 or Windows Vista-compatible MBR to the system partition. This option does not

overwrite the existing partition table. Use this option when you must resolve MBR corruption issues, or when you have to remove

nonstandard code from the MBR.

Choose the Command Prompt and enter bootrec /fixmbr. If successful, you should be greeted with the message “The

operation completed successfully. “

BOOTREC /FIXBOOT

The bootrec /fixboot option writes a new boot sector to the system partition by using a boot sector that is compatible with

Windows Vista or Windows 7. Use this option if one of the following conditions is true:

The boot sector was replaced with a nonstandard Windows Vista or Windows 7 boot sector.

The boot sector is damaged.

An earlier Windows operating system was installed after Windows Vista or Windows 7 was installed. In this scenario, the

computer starts by using Windows NT Loader (NTLDR) instead of Windows Boot Manager (Bootmgr.exe).

Choose the Command Prompt and enter bootrec /fixboot.

SYSTEM FILE CHECKER (SFC)

SFC allows users to scan for and restore corruptions in Windows system files. The integrity of the file system can be checked

using the command line utility SFC.

1. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click

Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a

confirmation, type the password, or click Allow.

2. At the command prompt, type sfc /scannow the following command, and then press ENTER

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft

versions.

SAFE MODE



Safe Mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers

necessary to run Windows are started such as VGA monitor, Microsoft mouse driver, no network connections, and the minimum

device drivers required to start Windows.

1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

2. Click Start; click the arrow next to the Shut Down button, then click Restart.

3. If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

4. A black menu screen appears.

5. Use the arrow keys to highlight SAFE MODE option

6. The words Safe Mode appear in the corners of your monitor to identify which Windows mode you're using.

AUTOMATED SYSTEM RECOVERY

W INDOW S XP / V I STA

The simplest way to back up your system with

ASR is to use the Backup or Restore Wizard

that starts by default when you select

AccessoriesSystem ToolsBackup.

Simply start the wizard, select "Back up files and

settings," and choose the option to back up "All

information on this computer." Then, specify the

remaining backup job parameters as usual. The

result is that all information on your hard drives

is backed up, including the boot, system, and

data volumes. Later, should a disaster occur,

you can restore your system by using the ASR

restore process to the exact configuration it had

earlier.



W INDOW S 7

Control PanelBackup and RestoreBack up Now button

Follow the wizard to create a backup

PRE-INSTALLATION ENVIRONMENTS

Windows Recovery Environment (WinRE) is a set

of tools based on Windows PE to help diagnose and

recover from serious errors which may be preventing

Windows from booting successfully. It can

Troubleshoot and recover a copy of Windows that did

not start. In Windows 7, it’s built right into the

operating system. WinRE provides a useful startup

repair wizard designed to repair the most common

boot-up problems. It also includes recovery tools such

as the System Restore and the System Image

Recovery toolset.

STARTI NG W I NRE

There are three methods to access the WinRE toolset.

1. Use the integrated WinRE partition. During the initial

Windows 7 installation, the setup wizard creates a

100MB partition that includes the entire Windows

Recovery Environment. This partition is hidden by

default, to prevent any virus (or curious users) from

making any changes to WinRE. If Windows 7 fails to

start, the boot loader should automatically offer to start

WinRE from the hard disk, suggesting that you select

“Launch Startup Repair (recommended).”

Use the Windows 7 Setup DVD. To access WinRE,

insert the Windows 7 DVD and wait for the setup to

load. But instead of clicking “Install now,” choose the

tiny “Repair your computer” entry.



2. Use a Windows 7 Recovery Disk. Create a bootable Windows 7 Recovery Disk just in case WinRE partition gets

damaged or you misplaced the Setup DVD. When WinRE starts, select “Use recovery tools that can help fix problems

starting Windows…” and select your Windows installation.

CHECK DISK

1. Press Start, click Computer

2. Right-click on the drive in question

3. Click Properties

4. Select the "Tools" tab

5. In the Error-checking area, click Check Now button.

Documents

H AN : I DENTIFYING & M ITIGATING OPERATING SYSTEM …ca.cyanna.com/Courses/comptia/CT-008/5/Handout-Identifying_and... · Restore the NTLDR and ntdetect.com files form the installation