Logo
programming4us
programming4us
programming4us
programming4us
Windows XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
 
programming4us
Windows 7

Configuring Startup and Troubleshooting Startup Issues : Understanding the Startup Process

5/23/2013 5:57:13 PM

To diagnose and correct a startup problem, you need to understand what occurs during startup. Figure 1 provides a high-level overview of the different paths startup can take.

The Windows Boot Manager provides several different startup paths.

Figure 1. The Windows Boot Manager provides several different startup paths.

The normal startup sequence for Windows 7 is:

  1. Power-on self test (POST) phase.

  2. Initial startup phase.

  3. Windows Boot Manager phase.

  4. Windows Boot Loader phase.

  5. Kernel loading phase.

  6. Logon phase.

This sequence will vary if the computer is resuming from hibernation or if a non–Windows 7 option is selected during the Windows Boot Manager phase. The following sections describe the phases of a normal startup process in more detail.

Power-on Self Test Phase

As soon as you turn on a computer, its processor begins to carry out the programming instructions contained in the BIOS or EFI. The BIOS and EFI, which are types of firmware, contain the processor-dependent code that starts the computer regardless of the operating system installed. The first set of startup instructions is the POST, which is responsible for the following system and diagnostic functions:

  • Performs initial hardware checks, such as determining the amount of memory present

  • Verifies that the devices needed to start an operating system, such as a hard disk, are present

  • Retrieves system configuration settings from nonvolatile memory, which is located on the motherboard

The contents of the nonvolatile memory remain even after you shut down the computer. Examples of hardware settings stored in the nonvolatile memory include device boot order and Plug and Play (PnP) information.

After the motherboard POST completes, add-on adapters that have their own firmware (for example, video and hard drive controllers) carry out internal diagnostic tests.

If startup fails before or during POST, your computer is experiencing a hardware failure. Generally, the BIOS or EFI displays an error message that indicates the nature of the problem. If video is not functioning correctly, the BIOS or EFI usually indicates the nature of the failure with a series of beeps.

To access and change system and peripheral firmware settings, consult the system documentation provided by the manufacturer. 

Initial Startup Phase

After the POST, computers must find and load the Windows Boot Manager. Older BIOS computers and newer EFI computers do this slightly differently, as the following sections describe.

Initial Startup Phase for BIOS Computers

After the POST, the settings that are stored in the nonvolatile memory, such as boot order, determine the devices that the computer can use to start an operating system. In addition to floppy disks or hard disks attached to Advanced Technology Attachment (ATA), Serial ATA, and small computer system interface (SCSI) controllers, computers can typically start an operating system from other devices, such as the following:

  • CDs or DVDs

  • Network adapters

  • Universal serial bus (USB) flash drives

  • Removable disks

  • Secondary storage devices installed in docking stations for portable computers

It is possible to specify a custom boot order, such as CDROM, Floppy, Hard Disk. When you specify CDROM, Floppy, Hard Disk as a boot order, the following events occur at startup:

  1. The computer searches the CD-ROM for bootable media. If a bootable CD or DVD is present, the computer uses the media as the startup device. Otherwise, the computer searches the next device in the boot order. You cannot use a non-bootable CD or DVD to start your system. The presence of a non-bootable CD or DVD in the CD-ROM drive can add to the time the system requires to start. If you do not intend to start the computer from CD, remove all CDs from the CD-ROM drive before restarting.

  2. The computer searches the floppy disk for bootable media. If a bootable floppy is present, the computer uses the floppy disk as the startup device and loads the first sector (sector 0, the floppy disk boot sector) into memory. Otherwise, the computer searches the next device in the boot order or displays an error message.

  3. The computer uses the hard disk as the startup device. The computer typically uses the hard disk as the startup device only when the CD-ROM drive and the floppy disk drive are empty.

There are exceptions in which code on bootable media transfers control to the hard disk. For example, when you start your system by using the bootable Windows DVD, Windows Setup checks the hard disk for Windows installations. If one is found, you have the option of bypassing DVD startup by not responding to the Press Any Key To Boot From CD Or DVD prompt that appears. This prompt is actually displayed by the startup program located on the Windows DVD, not by your computer's hardware.

If startup fails during the initial startup phase, you are experiencing a problem with the BIOS configuration, the disk subsystem, or the file system. The following error message is common during this phase. It indicates that none of the configured bootable media types was available.

Non-system disk or disk error
Replace and press any key when ready

If you changed the disk configuration recently, verify that all cables are properly connected and jumpers are correctly configured. If booting from the hard disk, verify that all removable media have been removed. If booting from a CD or DVD, verify that the BIOS is configured to start from the CD or DVD and that the Windows medium is present. If the disk subsystem and BIOS are configured correctly, the problem may be related to the file system. 

If you boot from the hard disk, the computer reads the boot code instructions located on the MBR. The MBR is the first sector of data on the startup hard disk. The MBR contains instructions (called boot code) and a table (called a partition table) that identify primary and extended partitions. The BIOS reads the MBR into memory and transfers control to the code in the MBR.

The computer then searches the partition table for the active partition, also known as a bootable partition. The first sector of the active partition contains boot code that enables the computer to do the following:

  • Read the contents of the file system used.

  • Locate and start a 16-bit stub program (Bootmgr) in the root directory of the boot volume. This stub program switches the processor into 32- or 64-bit Protected mode and loads the 32- or 64-bit Windows Boot Manager, which is stored in the same Bootmgr file. After the Windows Boot Manager loads, startup is identical for both BIOS and EFI computers.

Note

The stub program is necessary because 32-bit and 64-bit computers first start in Real mode. In Real mode, the processor disables certain features to allow compatibility with software designed to run on 8-bit and 16-bit processors. The Windows Boot Manager is 32-bit or 64-bit, however, so the stub program sets up the BIOS computer to run the 32-bit or 64-bit software properly.

If an active partition does not exist or if boot sector information is missing or corrupt, a message similar to any of the following might appear:

  • Invalid partition table

  • Error loading operating system

  • Missing operating system

If an active partition is successfully located, the code in the boot sector locates and starts Windows Boot Loader (WinLoad) and the BIOS transfers execution to it.

Initial Startup Phase for EFI Computers

Startup for EFI computers initially differs from startup for BIOS computers. EFI computers have a built-in boot manager that enables the computer's hardware to choose from multiple operating systems based on user input. When you install Windows 7 on an EFI computer, Windows adds a single entry to the EFI boot manager with the title Windows Boot Manager. This entry points to the \Efi\Microsoft\Boot\Bootmgfw.efi 32-bit or 64-bit EFI executable program—the Windows Boot Manager. This is the same Windows Boot Manager that is eventually loaded on BIOS-based computers. Windows configures the EFI boot manager to display the EFI startup menu for only 2 seconds and then load the Windows Boot Manager by default to minimize complexity and startup time.

If you install a different operating system or manually change the EFI boot manager settings, EFI might no longer load the Windows Boot Manager. To resolve this problem, use the Startup Repair tool. Alternatively, you might be able to update the EFI boot manager settings manually using your computer's built-in EFI tools. For more information about configuring EFI, consult your computer's documentation.

Windows Boot Manager Phase

The Windows Boot Manager is capable of natively reading supported file systems, and it uses that capability to parse the BCD registry file without fully loading the file system.

For computers that have a single operating system, Windows Boot Manager never displays a user interface. It does, however, wait for a few moments to allow the user to press a key to display the standard boot menu, as shown in Figure 2, or to press F8 to choose Advanced Boot Options, as shown in Figure 3. If the user does not press a key within a few seconds of POST completing, Windows Boot Manager starts the Windows Boot Loader, which in turn starts Windows 7.

Windows Boot Manager enables you to choose from multiple operating systems or start Windows Memory Diagnostics.

Figure 2. Windows Boot Manager enables you to choose from multiple operating systems or start Windows Memory Diagnostics.

During startup, you can interrupt the default behavior of Windows Boot Manager to view the Advanced Boot Options.

Figure 3. During startup, you can interrupt the default behavior of Windows Boot Manager to view the Advanced Boot Options.

For computers with multiple operating systems installed (such as both Windows 7 and Windows XP), Windows Boot Manager displays a menu of operating system choices at startup. Depending on what you choose, Windows Boot Manager will start a different process:

  • If you choose Windows Vista or Windows 7, Windows Boot Manager starts the Windows Boot Loader to open Windows.

  • If you choose Earlier Version Of Windows or another entry for Windows Server 2003, Windows XP Professional, Microsoft Windows 2000, or Microsoft Windows NT 4.0, Windows Boot Manager starts Ntldr, which then proceeds with the hardware detection phase.

  • If you select another operating system, control is passed to the boot sector for the other operating system.

  • If you choose Windows Memory Diagnostic by pressing the Tab key, Windows Boot Manager starts the diagnostic tool without first opening Windows.

Windows Boot Loader Phase

The Windows Boot Manager starts the Windows Boot Loader phase when the user chooses to load Windows Vista or Windows 7. The Windows Boot Loader does the following:

  1. Loads the operating system kernel, Ntoskrnl.exe, but does not yet run it.

  2. Loads the Hardware Abstraction Layer (HAL), Hal.dll. This will not be used until the kernel is run.

  3. Loads the system registry hive (System32\Config\System) into memory.

  4. Scans the HKEY_LOCAL_MACHINE\SYSTEM\Services key for device drivers and loads all drivers that are configured for the boot class into memory. The Windows Boot Loader does not, however, initiate the drivers. Drivers are not initiated until the kernel loading phase.

  5. Enables paging.

  6. Passes control to the operating system kernel, which starts the next phase.

Kernel Loading Phase

The Windows Boot Loader is responsible for loading the Windows kernel (Ntoskrnl.exe) and the HAL into memory. Together, the kernel and the HAL initialize a group of software features that are called the Windows executive. The Windows executive processes the configuration information stored in the registry in HKLM\SYSTEM\CurrentControlSet and starts services and drivers. The following sections provide more detail about the kernel loading phase.

Control Sets

The Windows Boot Loader reads control set information from the registry key HKEY_LOCAL_MACHINE\SYSTEM, which is stored in the file %SystemRoot%\System32\Config\System, so that the kernel can determine which device drivers need to be loaded during startup. Typically, several control sets exist, with the actual number depending on how often system configuration settings change.

The HKEY_LOCAL_MACHINE\SYSTEM subkeys used during startup are:

  • \CurrentControlSet, a pointer to a ControlSetxxx subkey (where xxx represents a control set number, such as 001) designated in the \Select\Current value.

  • \Select, which contains the following entries:

    • Default Points to the control set number (for example, 001=ControlSet001) that the system has specified for use at the next startup. If no error or manual invocation of the LastKnownGood startup option occurs, this control set number is designated as the value of the Default, Current, and LastKnownGood entries (assuming that a user is able to log on successfully).

    • Current Points to the last control set that was used to start the system.

    • Failed Points to a control set that did not start Windows Vista successfully. This value is updated when the LastKnownGood option is used to start the system.

    • LastKnownGood Points to the control set that was used during the last user session. When a user logs on, the LastKnownGood control set is updated with configuration information from the previous user session.

The Windows Boot Loader uses the control set identified by the \Select\Default value unless you choose the Last Known Good Configuration from the Advanced Boot Options menu.

The kernel creates the registry key HKEY_LOCAL_MACHINE\HARDWARE, which contains the hardware data collected at system startup. Windows supports an extensive set of devices, with additional drivers not on the Windows operating system DVD provided by hardware manufacturers. Drivers are kernel-mode features required by devices to function within an operating system. Services are features that support operating system and application functions and act as network servers. Services can run in a different context than user applications and typically do not offer many user-configurable options.

For example, the Print Spooler service does not require a user to be logged on to run and functions independently of the user who is logged on to the system. Drivers generally communicate directly with hardware devices, whereas services usually communicate with hardware through drivers. Driver and service files are typically stored in the %SystemRoot%\System32 and %SystemRoot%\System32\Drivers folders and use .exe, .sys, or .dll file name extensions.

Drivers are also services. Therefore, during kernel initialization, the Windows Boot Loader and Ntoskrnl use the information stored in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename registry subkeys to determine both the drivers and services to load. In the Servicename subkeys, the Start entry specifies when to start the service. For example, the Windows Boot Loader loads all drivers for which Start is 0, such as device drivers for hard disk controllers. After execution is transferred to the kernel, the kernel loads drivers and services for which Start is 1.

Table 1 lists the values (in decimal) for the registry entry Start. Boot drivers (those for which Start is 0) and file system drivers are always loaded regardless of the value of Start because they are required to start Windows.

Table 1. Values for the Start Registry Entry

VALUE

START TYPE

VALUE DESCRIPTIONS FOR START ENTRIES

0

Boot

Specifies a driver that is loaded (but not started) by the boot loader. If no errors occur, the driver is started during kernel initialization prior to any non-boot drivers being loaded.

1

System

Specifies a driver that loads and starts during kernel initialization after drivers with a Start value of 0 have been started.

2

Auto load

Specifies a driver or service that is initialized at system startup by Session Manager (Smss.exe) or the Services Controller (Services.exe).

3

Load on demand

Specifies a driver or service that the Service Control Manager (SCM) will start only on demand. These drivers have to be started manually by calling a Win32 SCM application programming interface (API), such as the Services snap-in.

4

Disabled

Specifies a disabled (not started) driver or service.

5

Delayed start

Specifies that less-critical services will start shortly after startup to allow the operating system to be responsive to the user sooner. This start type was first introduced in Windows Vista.

Table 2 lists some of the values (in decimal) for the Type registry entry.

Table 2. Type Registry Values

VALUE

VALUE DESCRIPTIONS FOR TYPE ENTRIES

1

Specifies a kernel device driver

2

Specifies a kernel-mode file system driver (also a kernel device driver)

4

Specifies arguments passed to an adapter

8

Specifies a file system driver, such as a file system recognizer driver

16

Specifies a service that obeys the service control protocol, runs within a process that hosts only one service, and can be started by the Services Controller

32

Specifies a service that runs in a process that hosts multiple services

256

Specifies a service that is allowed to display windows on the console and receive user input

Some drivers and services require that conditions, also known as dependencies, be met. You can find dependencies listed under the DependOnGroup and DependOnService entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename subkey for each service or driver. The Services subkey also contains information that affects how drivers and services are loaded. Table 3 lists some of these other entries.

Table 3. Other Registry Entries in the Servicename Subkeys

ENTRY

DESCRIPTION

DependOnGroup

At least one item from this group must start before this service is loaded.

DependOnService

Lists the specific services that must load before this service loads.

DisplayName

Describes the feature.

ErrorControl

Controls whether a driver error requires the system to use the LastKnownGood control set or to display a Stop message.

If the value is 0x0 (Ignore, No Error Is Reported), it does not display a warning and proceeds with startup.

If the value is 0x1 (Normal, Error Reported), it records the event to the System Event Log and displays a warning message but proceeds with startup.

If the value is 0x2 (Severe), it records the event to the System Event Log, uses the LastKnownGood settings, restarts the system, and proceeds with startup.

If the value is 0x3 (Critical), it records the event to the System Event Log, uses the LastKnownGood settings, and restarts the system. If the LastKnownGood settings are already in use, it displays a Stop message.

Group

Designates the group that the driver or service belongs to. This allows related drivers or services to start together (for example, file system drivers). The registry entry List in the subkey HKEY_LOCAL_MACHINE\SYSTEM \CurrentControlSet\Control\ServiceGroupOrder specifies the group startup order.

ImagePath

Identifies the path and file name of the driver or service if the ImagePath entry is present.

ObjectName

Specifies an object name. If the Type entry specifies a service, it represents the account name that the service uses to log on when it runs.

Tag

Designates the order in which a driver starts within a driver group.

Session Manager

After all entries that have Boot and Startup data types are processed, the kernel starts the Session Manager (Smss.exe), a user process that continues to run until the operating system is shut down. The Session Manager performs important initialization functions, such as:

  • Creating system environment variables.

  • Starting the kernel-mode portion of the Win32 subsystem (implemented by %SystemRoot%\System32\Win32k.sys), which causes Windows to switch from text mode (used to display the Windows Boot Manager menu) to graphics mode (used to display the Starting Windows logo). Windows-based applications run in the Windows subsystem. This environment allows applications to access operating system functions, such as displaying information to the screen.

  • Starting the user-mode portion of the Win32 subsystem (implemented by %SystemRoot%\System32\Csrss.exe). The applications that use the Windows subsystem are user-mode processes; they do not have direct access to hardware or device drivers. Instead, they have to access Windows APIs to gain indirect access to hardware. This allows Windows to control direct hardware access, improving security and reliability. User-mode processes run at a lower priority than kernel-mode processes. When the operating system needs more memory, it can page to disk the memory used by user-mode processes.

  • Starting the Logon Manager (%SystemRoot%\System32\Winlogon.exe).

  • Creating additional virtual memory paging files.

  • Performing delayed rename operations for files specified by the registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations. For example, you might be prompted to restart the computer after installing a new driver or application so that Windows can replace files that are currently in use.

Session Manager searches the registry for service information contained in the following subkeys:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager contains a list of commands to run before loading services. The Autochk.exe tool is specified by the value of the registry entry BootExecute and virtual memory (paging file) settings stored in the Memory Management subkey. Autochk, which is a version of the Chkdsk tool, runs at startup if the operating system detects a file system problem that requires repair before completing the startup process.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems stores a list of available subsystems. For example, Csrss.exe contains the user-mode portion of the Windows subsystem.

If startup fails during the kernel loading phase after another operating system was installed on the computer, the cause of the problem is likely an incompatible boot loader. Boot loaders installed by versions of Windows prior to Windows Vista cannot be used to start Windows Vista or Windows 7. Use System Recovery to replace startup files with Windows startup files.

Otherwise, if startup fails during the kernel loading phase, use boot logging to isolate the failing feature. Then use safe mode to disable problematic features (if possible) or use System Recovery to replace problematic files. 

Logon Phase

The Windows subsystem starts Winlogon.exe, a system service that enables you to log on and log off. Winlogon.exe then does the following:

  • Starts the Services subsystem (Services.exe), also known as the SCM. The SCM initializes services that the registry entry Start designates as Autoload in the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Servicename.

  • Starts the Local Security Authority (LSA) process (Lsass.exe).

  • Parses the Ctrl+Alt+Delete key combination at the Begin Logon prompt (if the computer is part of an AD DS domain).

The logon user interface (LogonUI) feature and the credential provider (which can be the standard credential provider or a third-party credential provider) collect the user name and password (or other credentials) and pass this information securely to the LSA for authentication. If the user supplied valid credentials, access is granted by using either the default Kerberos V 5 authentication protocol or Windows NT LAN Manager (NTLM).

Winlogon initializes security and authentication features while PnP initializes auto-load services and drivers. After the user logs on, the control set referenced by the registry entry LastKnownGood (located in HKLM\SYSTEM\Select) is updated with the contents in the CurrentControlSet subkey. By default, Winlogon then starts Userinit.exe and the Windows Explorer shell. Userinit may then start other processes, including:

  • Group Policy settings take effect Group Policy settings that apply to the user and computer take effect.

  • Startup programs run When not overridden by Group Policy settings, Windows starts logon scripts, startup programs, and services referenced in the following registry subkeys and file system folders:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

    • SystemDrive\Documents and Settings\All Users\Start Menu\Programs\Startup

    • SystemDrive\Documents and Settings\username\Start Menu\Programs\Startup

Several applications might be configured to start by default after you install Windows, including Windows Defender. Computer manufacturers or IT departments might configure other startup applications.

Windows startup is not complete until a user successfully logs on to the computer. If startup fails during the logon phase, you have a problem with a service or application configured to start automatically.

Other -----------------
- Configuring Startup and Troubleshooting Startup Issues : What's New with Windows Startup
- Windows 7 Mobility Features : Using Windows 7 with a Netbook
- Windows 7 Mobility Features : Other Mobile Features
- Windows 7 Mobility Features : Presentations A-Go-Go
- Windows 7 Mobility Features : Windows Mobility Center
- Evaluating Applications for Windows 7 Compatibility : The Application Compatibility Toolkit (part 4) - Resolving Application Compatibility Issues with Shims
- Evaluating Applications for Windows 7 Compatibility : The Application Compatibility Toolkit (part 3) - Using the Application Compatibility Manager
- Evaluating Applications for Windows 7 Compatibility : The Application Compatibility Toolkit (part 2) - Installing ACT
- Evaluating Applications for Windows 7 Compatibility : The Application Compatibility Toolkit (part 1) - Choosing an ACT Architecture
- Using COM to Develop UMDF Drivers : Basic Infrastructure Implementation
 
 
Video tutorials
- How To Install Windows 8 On VMware Workstation 9

- How To Install Windows 8

- How To Install Windows Server 2012

- How To Disable Windows 8 Metro UI

- How To Change Account Picture In Windows 8

- How To Unlock Administrator Account in Windows 8

- How To Restart, Log Off And Shutdown Windows 8

- How To Login To Skype Using A Microsoft Account

- How To Enable Aero Glass Effect In Windows 8

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
 
programming4us
Women
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone