H AN : I DENTIFYING & M ITIGATING OPERATING SYSTEM …ca.cyanna.com/Courses/comptia/CT-008/5/Handout-Identifying_and... · Restore the NTLDR and ntdetect.com files form the installation
Post on 25-Feb-2019
217 Views
Preview:
Transcript
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
Revision Date: 5/31/2013
Time 1.0 Hour
Cyanna Education Services, 2013 Page 1
KEY PO INT S
There are a number of Operating System Issues that you could encounter.
These are discussed in the table below along with how to troubleshoot the problem and fix it.
Several tools included in Windows to help resolve problems and these are discussed as well.
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
BSOD – Blue Screen of Death Also called a STOP Error. This will appear when a system issue occurs and is so serious that Windows must stop completely.
Note: A Blue Screen of Death is usually hardware or driver related. Most BSODs show a STOP code that can be used to help figure out the root cause of the Blue Screen of Death.
1. What did you do? Install new software/hardware, Update drivers. If yes, Undo the change you made:
Use System Restore
Startup using Last Known Working Configuration
Roll back device driver
2. Verify there is enough free space on your primary partition (15% is recommended)
3. Scan for viruses with software that scans the Master Boot Record MBR and boot sector
4. Update drivers for your hardware – this is the main culprit of BSOD
5. Check system logs
6. Make sure all hardware is seated properly
7. Perform diagnostics on all hardware
8. Update the BIOS
Failure to boot 1. Check your BIOS is set in the correct sequence
2. Check that all cables are plugged in.
3. The MBR may be damaged, use bootrec /FixMbr
Improper shutdown - Manually shutting down the computer by holding the power button until it shuts off or unplugging it from the power source are improper ways of shutting down your PC. Doing so can:
Corrupt data on your hard drive and, possibly, damage hardware.
Interrupt the disk drive in the middle of writing a sector of information to the hard disk.
Incompletely writing a file to the disk causing a loss of data
Cause files too not close properly and may become corrupted
The effects of improper shutdown will become apparent upon the next time you turn your computer on. By:
Going through a long file system check procedure on the next reboot.
Entering REPAIR/SAFE mode where only someone physically in front of the PC can control it.
To repair the problem:
Run in safe mode and at the command prompt type chkdsk /f /r
Perform a
Check Disk to defrag the disk or check for errors.
Train users to use proper technique: StartShutdown
Cyanna Education Services, 2013 Page 2
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
Most operating systems allow you to begin the proper shut down procedure simply by pressing the power button once.
Spontaneous shutdown/restart – can be a sign of a virus or hardware failure
Go to Computer ManagementDevice Manager and systematically click on devices to verify they are working properly.
Device fails to start is a message returned by the Device Manager in the Device Properties dialog box
Go to Device Manager
Open System Devices and scroll through the list until you see the device
Double click the device, go to the Driver tab, here you can update the driver
Cyanna Education Services, 2013 Page 3
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
Missing dll message - Regsvr32.dll error messages might appear while using or installing certain programs, when Windows starts or shuts down, or maybe even during a Windows installation.
A DLL file, short for Dynamic Link Library, is a type of file that contains instructions that other programs can call upon to do certain things. This way, multiple programs can share the abilities programmed into a single file.
"Regsvr32.dll Not Found"
"Cannot find [PATH]\regsvr32.dll"
regsvr32.dll errors could indicate a registry problem, a virus or malware issue or even a hardware failure.
If you can access Windows normally:
Obtain a copy of regsvr32.dll from a legitimate source
If you cannot access Windows normally:
1. Start windows in safe mode
2. Restore regsvr32.dll from the Recycle Bin. The easiest possible cause of a "missing" regsvr32.dll file is that you've mistakenly deleted it.
3. Run a virus/malware scan of your system
4. Use System Restore to undo recent system changes
5. Reinstall the program that uses the regsvr32.dll file
6. Update the driver related to the hardware device that is giving the regsvr32.dll error
7. Run System File Checker (SFC)
8. Install Windows updates
9. Test memory and hard drive and replace them if necessary
10. Perform a clean install
Services fails to start - The issue may occur if the service is started by the Local System account instead of by the Local Service account (NT
1. Click Start, type Services.msc in the Search programs and files box, and then press ENTER,
2. Locate and double click the Windows Firewall service.
3. Click the Log On tab,
Cyanna Education Services, 2013 Page 4
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
AUTHORITY\LocalService). The Local System account may have insufficient permissions to start the service.
4. In the This account text box, type Local Service
5. Set both Password fields blank,
6. Click Apply and then OK
Compatibility error The following steps can help you with programs that aren't working properly:
Open the Program Compatibility troubleshooter by clicking StartControl Panel TroubleshootingUnder Programs choose Run programs made for previous versions of Windows click Next
Choose the program giving you an error, click Next button
Follow the wizard to fix the problem
Go to the Windows Compatibility Center: http://www.microsoft.com/en-us/windows/compatibility/win8/CompatCenter/Home?Language=en-US
Boots To Safe Mode - Safe Mode is a special way for Windows to load when there is a system-critical problem that interferes with the normal operation of Windows. This will allow you to troubleshoot Windows to try and find the problem.
Use Recover Console to scan for problems
Determine what has changed on your system that could have caused Windows to fail to boot properly.
Uninstall any software or drivers
File Fails To Open – files that become corrupt will not open and no longer work properly
Most corrupt files cannot be recovered. You can try running a program to repair them. If this doesn’t work, delete the file and replace it with a backup.
Missing NTLDR error message - The "NTLDR is missing" error displays
The most common reason for this error is when your PC is trying to boot from a non-bootable source. This occurs when the hard drive or flash
Cyanna Education Services, 2013 Page 5
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
very shortly after the computer is first started, immediately after the Power On Self-Test (POST) is complete.
NTLDR is missing Press any key to restart"
"NTLDR is missing Press Ctrl Alt Del to restart"
"Boot: Couldn't find NTLDR Please insert another disk"
drive is not properly configured to be booted from. To correct this error try the following:
Restart the PC
Check your (CD/DVD/BD) drives for media and disconnect any external drives
Check the hard drive and other drive settings in BIOS and ensure they are correct
Repair or replace the boot.ini file
Restore the NTLDR and ntdetect.com files form the installation CD
Missing Boot.ini – Boot.ini is used in Windows XP to identify the Operating System that is installed
Type Msconfig in Start, and run it. If the Boot.ini file is missing, there will be no Boot.ini tab displayed in the "System Configuration Utility" panel as the image below.
Right click on My Computer -> Properties -> Advanced -> Startup and Recovery
click Settings
Click Edit button
Then your boot.ini file will be open, but if there isn't one, you can click "OK" to create a new one.
Cyanna Education Services, 2013 Page 6
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
OPERATING SYSTEM ISSUES AND TROUBLESHOOTING TOOLS
OPERATI NG SYSTEM ISSU E TROU BLE SHOOTI NG STEP S OR TOOLS
Now copy and paste the following code in it. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional"/fastdetect
Missing operating system error 1. Check if there is a disk in your DVD drive that is not a Windows Operating System Disk. If there is, remove it and try to reboot again.
If there is no disk in the drive:
1. Inset your Windows OS disc into the drive and boot your Windows from it.
2. Choose Repair your computer, not Install now, remember this.
3. Select the operating system after the installer searches for Windows installation, and click Next.
4. Then click Startup Repair. It will automatically fix problems that are preventing Windows from starting.
Missing Graphical Interface - in Windows 7, you will have a blank black boot screen instead of the animated dots turning into a Windows flag.
1. Go to MSCONFIG, click the Boot tab, verify that the No GUI boot check box is not checked
2. If it is clicked, unclick it and click Apply button then OK button
3. You will need to restart the computer for the change to be applied.
Graphical Interface fails to load – if you don’t even get to the screen or if the fix from Missing Graphical Interface does not resolve the problem
1. Insert the Windows Repair CD
2. Choose System Recover
3. Startup Repair
TO O LS
Cyanna Education Services, 2013 Page 7
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
MSCONFIG
Built into Windows is a special tool called the "Microsoft System
Configuration Utility" or simply "MSCONFIG." Designed to help
you troubleshoot problems with your computer, MSCONFIG can
also be used to ensure that your computer boots faster and
crashes less.
1. Click on the Windows 7 start icon in the bottom left
corner of your screen.
2. Type MSCONFIG in the search box and then either
press enter on your keyboard or double-click on the
MSCONFIG program that appears in the search
results.
3. Windows 7 will launch Microsoft's System
Configuration Utility. Click on the Startup tab.
4. This takes you to a page with a list of "startup items."
Startup items are programs that are automatically
loaded every time you turn on your computer.
DEFRAG
Fragmentation makes your hard disk do extra work that can slow down your computer. Disk Defragmenter rearranges
fragmented data so your hard disk can work more efficiently. Disk Defragmenter runs on a schedule, but you can also
defragment your hard disk manually.
With this tool you can:
Analyze disk - determine if the disk needs to be defragmented or not
Defragment disk
Setup a configure schedule
Open Disk Defragmenter by clicking the Start, clicking All Programs, clicking Accessories, clicking System Tools, and
then clicking Disk Defragmenter. If you are prompted for an administrator password or confirmation, type the password
or provide confirmation.
REGSRV32.DLL
This command-line tool registers .dll files as command components in the registry.
Syntax: regsvr32 [/u] [/s] [/n] [/i[:cmdline]] dllname
Parameters:
/u : Unregisters server.
/s : Specifies regsvr32 to run silently and to not display any message boxes.
/n : Specifies not to call DllRegisterServer. You must use this option with /i.
/i :cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u, it calls dll uninstall.
Cyanna Education Services, 2013 Page 8
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
D L L N A M E : Specifies the name of the dll file that will be registered.
/? : Displays help at the command prompt.
SYSTEM RESTORE
System Restore regularly tracks changes to your computer's system files, and uses a feature called System Protection to create
restore points of selected hard disks in your computer. These restore points allow you to reverse installations that may be
causing system problems.
Click Start, right-click Computer, click Properties, click System Protection link, click System Restore button
Choose a restore point, click Next, confirm your selection and press Finish.
REGEDIT
Registry Editor is a tool intended for advanced users. It's used to view and change settings in the system registry, which contains
information about how your computer runs.
To open the Registry Editor, type regedit in the Windows 7 Start menu box and hit enter click the regedit program
1. Before any changes are done on the registry, you MUST create a backup by either using System Restore tool to create a restore point to roll back to or exporting the registry key or subkey:
Locate the key, click it to highlight
Click the File menu, and then click Export.
In the Save in box, select the location where you want to save the backup copy to, and then type a name for the backup
file in the File name box.
Click Save.
2. Make only one registry edit at a time.
EVENT VIEWER
Enables you to:
Browse and manage event logs
View events from multiple event logs
Save useful event filters as custom views that can be reused
Schedule a task to run in response to an event
Create and manage event subscriptions
. To Run a Task in Response to a Given Event
1. Start Event Viewer: Click the Start button, click Control Panel, click System and Security, click Administrative Tools, and then double-click Event Viewer
2. In the console tree, navigate to the log that contains the event you want to associate with a task.
3. Right-click the event and select Attach Task to This Event.
4. Perform each step presented by the Create Basic Task Wizard.
5. Follow the Task Wizard to complete the actions you want to take. You can choose to:
Start a program
Note: Regedit has no Undo function.
Cyanna Education Services, 2013 Page 9
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
Send an email
Display a message
EMERGENCY REPAIR DISK (ERD)
If you don’t have a Windows 7 installation disc, can’t find your Windows installation disc, or can’t access the recovery options
provided by your computer manufacturer, Microsoft has a Microsoft Diagnostics and Recovery Toolset (MSDaRT). MSDaRT
helps diagnose and repair a system that has trouble starting or has other issues.
When you start the system using the Emergency Repair Disk (ERD), also referred to as Boot CD for MSDaRT, a System
Recovery Options dialog box appears.
BOOTREC.EXE
Bootrec.exe tool in the Windows Recovery Environment (Windows RE) is used to troubleshoot and repair the following items in
Windows Vista or Windows 7:
A master boot record (MBR)
A boot sector
A Boot Configuration Data (BCD) store
To run the Bootrec.exe tool you need a system recovery disk.
This is covered in the Lab: Creating and Using System
Repair Disks
Startup Repair - Fixes problems, such as missing or
damaged system files that might prevent Windows
from starting correctly. Startup Repair scans your
computer for the problem and then tries to fix it so
your computer can start correctly.
System Restore – Restores your computer’s system
files to an earlier point in time. It is a way to undo
system changes to your computer without affecting
your personal files, such as email, documents, or photos.
System Image Recovery – You need to have created a system image beforehand to use this option. A system image is
a personalized backup of partition that contains Windows, includes programs and user data, like documents, pictures,
and music.
Cyanna Education Services, 2013 Page 10
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
Windows Memory Diagnostic Tool – Scans your computer’s memory for errors.
Command Prompt – Advanced users can use Command Prompt to perform recovery-related operations and also run
other command line tools for diagnosing and troubleshooting problems.
Microsoft Diagnostics and Recovery Toolset opens the ERD Commander, which provides a launch platform for all of
the DaRT tools that you included in the boot media.
M ICROSOFT D IAGNOSTICS AND RECOVERY TOOLSET
OVERV IEW : The following table lists some of the problems that can be solved using the utilities and wizards that are
provided in the Microsoft Diagnostics and Recovery Toolset.
TASK SOLUTI ON
Edit the Registry The ERD Registry Editor utility on the MSDaRT Tools menu provides information about the registry that can help you repair a system.
Regain access to a system The Locksmith wizard can be used to list the local user accounts and change passwords.
Diagnose a system failure The Crash Analyzer can be used to diagnose the cause of a system crash and identify the driver that caused the failure.
Salvage and repair partitions or volumes
The Disk Commander can be used to salvage or repair partitions, or volumes.
Recover deleted files The File Restore utility can be used to find and restore deleted files from any supported Windows-based file system.
Erase disks or volumes The Disk Wipe utility can be used to erase disks or volumes.
Search for particular files The Search utility allows you to restrict the scope of your search by specifying part of the name, search location, estimated size of the file, or the time when the file was modified.
Browse drives The Explorer utility allows you to browse folders and files that are stored on various drives.
Perform administrative tasks to manage the computer
The Computer Management utility provides recovery tools to help you:
Disable problematic drivers or services.
View event logs.
Partition and format hard disk drives.
Get information about Autoruns.
Get information about the computer.
Configure TCP/IP The TCP/IP Config utility helps you to display and set a TCP/IP configuration.
Uninstall Windows hotfixes and service packs
Hotfix Uninstall can be used to remove Windows hotfixes or service packs from a system that cannot be started.
Check and repair system files The SFC Scan utility helps you check system files and repair any that are corrupt or missing.
Use an anti-malware tool The Standalone System Sweeper utility helps detect malware or other unwanted software, and alerts you to potential risks.
Cyanna Education Services, 2013 Page 11
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
BOOTREC.EXE OPTIONS FROM THE COMMAND PROMPT
BOOTREC /FIXMBR
The bootrec /fixmbr option writes a Windows 7 or Windows Vista-compatible MBR to the system partition. This option does not
overwrite the existing partition table. Use this option when you must resolve MBR corruption issues, or when you have to remove
nonstandard code from the MBR.
Choose the Command Prompt and enter bootrec /fixmbr. If successful, you should be greeted with the message “The
operation completed successfully. “
BOOTREC /FIXBOOT
The bootrec /fixboot option writes a new boot sector to the system partition by using a boot sector that is compatible with
Windows Vista or Windows 7. Use this option if one of the following conditions is true:
The boot sector was replaced with a nonstandard Windows Vista or Windows 7 boot sector.
The boot sector is damaged.
An earlier Windows operating system was installed after Windows Vista or Windows 7 was installed. In this scenario, the
computer starts by using Windows NT Loader (NTLDR) instead of Windows Boot Manager (Bootmgr.exe).
Choose the Command Prompt and enter bootrec /fixboot.
SYSTEM FILE CHECKER (SFC)
SFC allows users to scan for and restore corruptions in Windows system files. The integrity of the file system can be checked
using the command line utility SFC.
1. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click
Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a
confirmation, type the password, or click Allow.
2. At the command prompt, type sfc /scannow the following command, and then press ENTER
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft
versions.
SAFE MODE
Cyanna Education Services, 2013 Page 12
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
Safe Mode is a troubleshooting option for Windows that starts your computer in a limited state. Only the basic files and drivers
necessary to run Windows are started such as VGA monitor, Microsoft mouse driver, no network connections, and the minimum
device drivers required to start Windows.
1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
2. Click Start; click the arrow next to the Shut Down button, then click Restart.
3. If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
4. A black menu screen appears.
5. Use the arrow keys to highlight SAFE MODE option
6. The words Safe Mode appear in the corners of your monitor to identify which Windows mode you're using.
AUTOMATED SYSTEM RECOVERY
W INDOW S XP / V I STA
The simplest way to back up your system with
ASR is to use the Backup or Restore Wizard
that starts by default when you select
AccessoriesSystem ToolsBackup.
Simply start the wizard, select "Back up files and
settings," and choose the option to back up "All
information on this computer." Then, specify the
remaining backup job parameters as usual. The
result is that all information on your hard drives
is backed up, including the boot, system, and
data volumes. Later, should a disaster occur,
you can restore your system by using the ASR
restore process to the exact configuration it had
earlier.
Cyanna Education Services, 2013 Page 13
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
W INDOW S 7
Control PanelBackup and RestoreBack up Now button
Follow the wizard to create a backup
PRE-INSTALLATION ENVIRONMENTS
Windows Recovery Environment (WinRE) is a set
of tools based on Windows PE to help diagnose and
recover from serious errors which may be preventing
Windows from booting successfully. It can
Troubleshoot and recover a copy of Windows that did
not start. In Windows 7, it’s built right into the
operating system. WinRE provides a useful startup
repair wizard designed to repair the most common
boot-up problems. It also includes recovery tools such
as the System Restore and the System Image
Recovery toolset.
STARTI NG W I NRE
There are three methods to access the WinRE toolset.
1. Use the integrated WinRE partition. During the initial
Windows 7 installation, the setup wizard creates a
100MB partition that includes the entire Windows
Recovery Environment. This partition is hidden by
default, to prevent any virus (or curious users) from
making any changes to WinRE. If Windows 7 fails to
start, the boot loader should automatically offer to start
WinRE from the hard disk, suggesting that you select
“Launch Startup Repair (recommended).”
Use the Windows 7 Setup DVD. To access WinRE,
insert the Windows 7 DVD and wait for the setup to
load. But instead of clicking “Install now,” choose the
tiny “Repair your computer” entry.
Cyanna Education Services, 2013 Page 14
H A N D O U T : I D E N T I F Y I N G & M I T I G A T I N G O P E R A T I N G S Y S T E M I S S U E S
2. Use a Windows 7 Recovery Disk. Create a bootable Windows 7 Recovery Disk just in case WinRE partition gets
damaged or you misplaced the Setup DVD. When WinRE starts, select “Use recovery tools that can help fix problems
starting Windows…” and select your Windows installation.
CHECK DISK
1. Press Start, click Computer
2. Right-click on the drive in question
3. Click Properties
4. Select the "Tools" tab
5. In the Error-checking area, click Check Now button.
top related