2. Startup Troubleshooting After the Starting Windows Logo AppearsIf your computer displays the graphical Starting Windows logo before failing, as shown in Figure 5, the Windows kernel was successfully loaded. Most likely, the startup failure is caused by a faulty driver or service. Use the process illustrated in Figure 6
to identify and disable the failing software feature to allow Windows
to start successfully. After Windows starts, you can perform further troubleshooting
to resolve the problem with the feature if necessary. If the startup
problem occurs immediately after updating or installing a startup
application, try troubleshooting the startup application. The sections that follow describe each of these steps in more detail. How to Run Startup RepairStartup
Repair can automatically fix many common startup problems, even if the
problem occurs after the Starting Windows logo is displayed. Because
Startup Repair is easy to use and has a very low likelihood of causing
additional problems, it should be your first troubleshooting step. After running Startup Repair, attempt to start your computer normally and continue with the troubleshooting process only if Windows fails to start. How to Restore the Last Known Good ConfigurationLast
Known Good Configuration is usually used to enable the operating system
to start if it fails after the Starting Windows logo is displayed.
Using Last Known Good Configuration helps to correct instability or
startup problems by reversing the most recent system, driver, and
registry changes within a hardware profile. When you use this feature,
you lose all configuration changes that were made since you last
successfully started your computer. Using
the Last Known Good Configuration restores previous drivers and also
restores registry settings for the subkey
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet. Windows Vista does not
update the LastKnownGood control set until you successfully start the
operating system in normal mode and log on. When you are
troubleshooting, it is recommended that you use Last Known Good
Configuration before you try other startup options, such as safe mode.
However, if you decide to use safe mode first, logging on to the
computer in safe mode does not update the LastKnownGood control set.
Therefore, Last Known Good Configuration remains an option if you cannot
resolve your problem by using safe mode. To access the Last Known Good Configuration startup option, follow these steps: Remove all floppy disks, CDs, DVDs, and other bootable media from your computer and then restart your computer. Press
F8 at the operating system menu. If the operating system menu does not
appear, press F8 repeatedly after the firmware POST process completes
but before the Starting Windows logo appears. The Advanced Boot Options
menu appears. On the Advanced Boot Options menu, select Last Known Good Configuration (Advanced), as shown in Figure 7.
When Windows starts, it reads status information from the file %WinDir%\Bootstat.dat. If Windows detects that the last startup
attempt was unsuccessful, it automatically displays the startup
recovery menu, which provides startup options similar to the Advanced
Boot Options menu, without requiring you to press F8. NoteIf
you suspect that changes made since you last successfully restarted the
computer are causing problems, do not start Windows and log on
normally—logging on overwrites the LastKnownGood control set. Instead,
restart the computer and use the Last Known Good Configuration. You can
also log on in safe mode without overwriting the Last Known Good
Configuration. How to Use System RestoreIf
Last Known Good Configuration fails to resolve the problem, you can
manually perform a system restore if Startup Repair did not initiate it.
However, Startup Repair would typically have taken this step already if
it might have solved the problem. How to Enable Boot LoggingBoot logging is useful for isolating the cause of a startup problem that occurs after the operating system menu appears. You can enable boot logging by following these steps: Remove all floppy disks, CDs, DVDs, and other bootable media from your computer and then restart your computer. Press
F8 at the operating system menu. If the operating system menu does not
appear, press F8 repeatedly after the firmware POST process completes
but before the Starting Windows logo appears. The Advanced Boot Options
menu appears. On the Advanced Boot Options menu, select Enable Boot Logging, as shown in Figure 8.
Windows
starts and creates a log file at %WinDir%\Ntbtlog.txt. The log file
starts with the time and version information and then lists every file
that is successfully loaded, as shown here. Microsoft (R) Windows (R) Version 6.1 (Build 7100)
5 27 2009 17:57:37.500
Loaded driver \SystemRoot\system32\ntoskrnl.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\mcupdate_GenuineIntel.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\drivers\wdf0100.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Did not load driver \SystemRoot\system32\drivers\serial.sys
Loaded driver \SystemRoot\system32\drivers\acpi.sys The following sections will provide additional information about viewing and analyzing the boot log file. How to Start in Safe ModeSafe
mode is a diagnostic environment that runs only a subset of the drivers
and services that are configured to start in normal mode. Safe mode is
useful when you install software or a device driver that causes
instability or problems with starting in normal mode. Often, Windows can start in safe mode even if hardware failure prevents it from starting
in normal mode. In most cases, safe mode allows you to start Windows
and then troubleshoot problems that prevent startup. Logging on to
the computer in safe mode does not update the LastKnownGood control
set. Therefore, if you log on to your computer in safe mode and then
decide you want to try Last Known Good Configuration, this option is
still available to you. In safe mode, Windows uses the minimum set
required to start the GUI. The following registry subkeys list the
drivers and services that start in safe mode: To access safe mode, follow these steps: Remove all floppy disks and CDs from your computer and then restart your computer. Press
F8 at the operating system menu. If the operating system menu does not
appear, press F8 repeatedly after the firmware POST process completes
but before the Starting Windows logo appears. The Advanced Boot Options
menu appears. On the Advanced Boot
Options menu, select Safe Mode, Safe Mode With Networking, or Safe Mode
With Command Prompt. Select Safe Mode if you do not require networking
support. Select Safe Mode With Networking if you require access to the
network for your troubleshooting—for
example, if you must download an updated driver. Select Safe Mode With
Command Prompt if you want to work at a command prompt.
When
Windows starts, it reads status information from the file
%SystemRoot%\Bootstat.dat. If Windows detects that the last startup
attempt was unsuccessful, it automatically displays the startup recovery
menu, which provides startup options similar to the Advanced Boot
Options menu, without requiring you to press F8. How to Identify Failing Drivers and ServicesWhen you are troubleshooting,
the method for determining which services and processes to temporarily
disable varies from one computer to the next. The most reliable way to
determine what you can disable is to gather more information about the
services and processes enabled on your computer. The following Windows tools and features generate a variety of logs that can provide you with valuable troubleshooting information: Event Viewer Sc.exe System Information Error reporting service Boot logs
Of
these tools, only the boot logs are available when using System
Recovery tools. All tools are available when using safe mode, however. HOW TO ANALYZE STARTUP PROBLEMS IN SAFE MODESafe mode gives you access to all standard graphical troubleshooting tools, including those described in the following sections. Event Viewer (Eventvwr.msc) You
can use Event Viewer (Eventvwr.msc) to view logs that can help you to
identify system problems when you are able to start the system in safe
or normal mode. When you are troubleshooting, use these logs to isolate
problems by application, driver, or service and to identify frequently
occurring issues. You can save these logs to a file and specify
filtering criteria. Event Viewer provides a minimum of three logs, as follows: Application logs
The Application log contains events logged by applications or programs.
For example, a database program might record read or write errors here. Security logs
The security log holds security event records, such as logon attempts
and actions related to creating, opening, or deleting files. An
administrator can specify what events to record in the security log. System logs
The system log contains information about system features. Event Viewer
logs an entry when a driver or other system feature does not load
during startup. Therefore, you can use Event Viewer to search for
information about drivers or services that did not load.
To use Event Viewer to obtain driver and service error information from the system log, follow these steps: Click Start, right-click Computer, and then click Manage. Under System Tools, expand Event Viewer, expand Windows Logs, and then click System. Click the Action menu and then click Filter Current Log. Under Event Level, select the Critical and Error check boxes. In the Event source list, click Service Control Manager and then click OK. Double-click an event entry to view details.
Not all startup problems
result in an entry being added to the event log. Therefore, you might
not find any related information. System Information If
a startup problem occurs inconsistently and if you can start Windows in
safe or normal mode, you can use System Information to view driver and
service name, status, and startup information. Using System
Information, you can create lists of drivers that were processed during
safe and normal mode startups. By comparing the differences between the
two lists, you can determine which features are not required to start
Windows. For diagnostic purposes, you can use this list of differences
to help you determine which services to disable. In safe mode, disable a
service and then try to restart the operating system in normal mode.
Repeat this process for each service until you are able to start in
normal mode. To view service or driver information, follow these steps: Click Start, type msinfo32, and then press Enter. Depending on the information you want, do one or more of the following: To view service information, expand Software Environment and then click Services. To
view the state of a driver, expand Software Environment and then click
System Drivers. Information for each driver is in the right pane. To view driver information arranged by category, expand Components and then select a category, such as Display. To
view problem devices, expand Components and then click Problem Devices.
Examine the Error Code column for information relating to the source of
the problem. To view shared and
conflicting resources (which do not always indicate a critical problem),
expand Hardware Resources and then click Conflicts/Sharing. Examine the
Resource and Device columns for devices that are incorrectly assigned
overlapping resources. Remove or disable one of the devices or use
Device Manager to change the resources assigned to the devices.
Error Reporting Service The
Windows error reporting service monitors your computer for problems
that affect services and applications. When a problem occurs, you can
send a problem report to Microsoft and receive an automated response
with more information, such as news about an update for an application
or device driver. HOW TO USE DEVICE MANAGER TO VIEW OR CHANGE RESOURCESInstalling
new hardware or updating drivers can create conflicts, causing devices
to become inaccessible. You can use Device Manager to review resources
used by these devices to identify conflicts manually. To use Device Manager (Devmgmt.msc) to view or change system resource usage information, follow these steps: Click Start, right-click Computer, and then click Manage. Click Device Manager and then double-click a device. Click the Resources tab to view the resources used by that device. Clear the Use Automatic Settings check box. Click Change Setting and specify the resources assigned to the device.
Boot logging lists the files that successfully and unsuccessfully processed during startup.
You use boot logging to log the Windows features that are processed
when you start your computer in safe mode and also in normal mode. By
comparing the differences between the two logs, you can determine which
features are not required to start. Windows
records the name and path of each file that runs during startup in a
log, %WinDir%\Ntbtlog.txt. The log marks each file as successful
("Loaded Driver…") or unsuccessful ("Did Not Load Driver…"). Boot
logging appends entries to Ntbtlog.txt when you start Windows in safe
mode. Comparing normal mode and safe mode entries enables you to
determine which services run in normal mode only—one of which must be
the cause of the startup problem if Windows is able to start in safe
mode successfully. The following lines are sample Ntbtlog.txt entries. Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys
Did not load driver \SystemRoot\System32\DRIVERS\sflpydisk.SYS Note
that not every "Did Not Load Driver" message necessarily indicates an
error that would prevent Windows from booting, because many drivers are
not required for Windows to start. To repair problems caused by
problematic drivers when you can start safe mode, follow these steps: Restart the computer and enable boot logging. Restart the computer after it fails and then start safe mode. Click Start and then type %WinDir%\ntbtlog.txt. The boot log file opens in Notepad. Compare
the list of drivers loaded in normal mode to the list of drivers loaded
in safe mode. The driver that is causing the system to fail is one of
the drivers listed with "Loaded Driver…" in the normal mode boot log, but listed with "Did Not Load Driver…" in the safe mode boot log. In safe mode, use Device Manager to replace or roll back potentially problematic drivers. Start by replacing drivers that have been recently installed or updated. After replacing a driver, repeat this process until the system starts successfully in normal mode.
For
the services that run only in normal mode, disable those services one
at a time, trying to restart your computer in normal mode after you
disable each service. Continue to disable services individually until
your computer starts in normal mode. To repair problems caused by problematic drivers when the computer does not start in safe mode, follow these steps: Restart the computer and then load System Recovery tools. Click Command Prompt. At the command prompt, type Notepad %WinDir%\ ntbtlog.txt. Notepad opens and displays the boot log. Compare
the boot log created when the system failed to start in safe mode to a
boot log created when the system started successfully in safe mode. If
you do not have a boot log that was created when the system started
successfully in safe mode, create a boot log on a similarly configured
computer by starting it in safe mode. The driver that is causing safe
mode to fail is one of the drivers that is not listed in the boot log
that was created when the system failed but is listed with "Loaded
Driver…" in the boot log created when safe mode started successfully. Replace the driver file
with a working version, using the Copy command at the command prompt.
Start by replacing or deleting drivers that have been recently installed
or updated. After replacing a driver, repeat this process until the
system starts successfully in normal mode.
When
you update a device driver, your computer might have problems that it
did not have with the previous version. For example, installing an
unsigned device driver might cause the device to malfunction or cause
resource conflicts with other installed hardware. Installing faulty
drivers might cause Stop errors that prevent the operating system from
starting in normal mode. Typically, the Stop message text displays the
file name of the driver that causes the error. Windows provides a feature called Device Driver Roll Back that might help you restore system stability by rolling back a driver update. NoteYou can use System Information or the Sigverif
tool to determine whether a driver on your computer is signed and to
obtain other information about the driver, such as version, date, time,
and manufacturer. This data, combined with information from the
manufacturer's Web site, can help you decide whether to roll back or
update a device driver. To roll back a driver, follow these steps: Click Start, right-click Computer, and then click Manage. Under System Tools, click Device Manager. Expand a category (Network Adapters, for example) and then double-click a device. Click
the Driver tab and then click Roll Back Driver. You are prompted to
confirm that you want to overwrite the current driver. Click Yes to roll
back the driver. The rollback process proceeds, or else you are
notified that an older driver is not available.
How to Temporarily Disable a ServiceMany
services automatically run at startup, but others are started only by
users or by another process. When you troubleshoot startup issues that
are related to system services, a useful technique is to simplify your
computer configuration so that you can reduce system complexity and
isolate operating system services. To decrease the number of variables,
temporarily disable startup applications or services and re-enable them
one at a time until you reproduce the problem. Always disable
applications first before attempting to disable system services. The
System Configuration utility allows you to disable system services
individually or several at a time. To disable a service by using the
System Configuration utility, follow these steps: Click Start, type msconfig, and then press Enter. Do one of the following: To disable all services, on the General tab, click Selective Startup and then clear the Load System Services check box. To
disable specific services, on the Services tab, click to clear the
check boxes that correspond to the items you want to disable. You can
also click Disable All to disable all items.
If
you change any startup setting by using the System Configuration
utility, Windows prompts you to return to normal operations the next
time you log on. The System Configuration Utility prompt will appear
each time you log on until you restore the original startup settings by
clicking Normal Startup under Startup Selection on the General tab. To
change a startup setting permanently, use the Services console, change a
Group Policy setting, or uninstall the software that added the service. |
