MCSE Top-Rated Sites


 

Domain 3.0 Diagnosing and Troubleshooting This domain requires the ability to apply knowledge to diagnose and troubleshoot common problems relating to Windows 9x and Windows 2000. This includes understanding normal operation and symptoms relating to common problems.

3.1 Recognize and interpret the meaning of common error codes and startup messages from the boot sequence, and identify steps to correct the problems.

Safe Mode

Windows automatically initiates Safe Mode if it detects that system startup failed , or if the registry is corrupted.

Safe Mode bypasses startup files, including the registry, Config.sys, Autoexec.bat, and the [Boot] and [386Enh] sections of System.ini, and provides you with access to the Windows configuration files. You can make any necessary configuration changes, and then restart Windows normally.

Windows in Safe Mode, only the mouse, keyboard, and standard VGA device drivers are loaded.

Safe Mode With Networking is not supported in Windows 98.

Safe Mode Command Prompt Only loads the Command.com and DoubleSpace or DriveSpace files (if present). It does not load Himem.sys, Ifshlp.sys, or Windows .

Step-by-step Confirmation allows you to specify which commands and drivers the system should process by confirming each line of the startup files.

Safe Mode and Windows 2000

Options

• Safe Mode - Starts Windows 2000 using only basic files and drivers (mouse, except serial mice; monitor; keyboard; mass storage; base video; default system services; and no network connections).
• Safe mode with Networking - Starts Windows 2000 using only basic files and drivers, plus network connections.
• Safe Mode with Command Prompt - Starts Windows 2000 using only basic files and drivers. After logging on, the command prompt is displayed instead of the Windows desktop.
• Enable Boot Logging - Starts Windows 2000 while logging all the drivers and services that were loaded (or not loaded) by the system to a file. This file is called ntbtlog.txt and it is located in the windir directory. Safe Mode, Safe Mode with Networking, and Safe Mode with Command Prompt add to the boot log a list of all the drivers and services that are loaded. The boot log is useful in determining the exact cause of system startup problems.
• Enable VGA Mode - Starts Windows 2000 using the basic VGA driver. The basic video driver is always used when you start Windows 2000 in Safe Mode (either Safe Mode, Safe Mode with Networking, or Safe Mode with Command Prompt).
• Last Known Good Configuration - Starts Windows 2000 using the registry information that Windows saved at the last shutdown. Use only in cases of incorrect configuration. Last known good configuration does not solve problems caused by corrupted or missing drivers or files. Also, any changes made since the last successful startup will be lost.
• Debugging Mode - Starts Windows 2000 while sending debug information through a serial cable to another computer.

No operating system found

This could mean

• The hard drive is physically damaged or has a disconnected/damaged cable
• The system or the boot files have been corrupted or missing.
• The master boot record is damaged/changed
• Computer Virus

Boot from a start up disk, and type sys c: and/or run windows setup to replace the system and boot files. If the MBR partition is damaged you will have to run fdisk /mbr first. If you can not write to disk then it could be a damaged hard drive or loose/broken cable

Error in CONFIG.SYS line XX

Usually caused by a missing/corrupted file or device driver, or typing error.

Bad or missing COMMAND.COM

Any one of the following reasons could be the cause of this message

• COMMAND.COM file was deleted or renamed.
• COMMAND.COM wrong version
• COMMAND.COM has a damaged header.

SOLUTION:

• Use a Startup floppy (must be the same version or later as the system your trying to boot).
• Type sys c: at the A:\> prompt and press enter.
• Reboot

HIMEM.SYS not loaded

The HIMEM.SYS command line in your config.sys file must appear before any commands that start programs or device drivers that use extended memory. If any of these other programs or devices try to load before HIMEM.SYS is loaded you could receive this error message.

Missing or corrupt HIMEM.SYS

The file may have been deleted from the C:\WINDOWS\COMMAND directory, or there is a line in CONFIG.SYS calling on a different version of HIMEM.SYS.

SCSI

The SCSI and CD-ROM support built into Windows requires that CD-ROM drives provide SCSI parity to function properly. For many drives, this is a configurable option or is active by default.

The ends of the SCSI bus must have installed. In addition to the requirement that the last external and the last internal SCSI device be terminated, some hardware have additional requirements for where it must be placed in the SCSI chain.

If Setup does not automatically detect a SCSI CD-ROM drive, try the following:

• Try loading real-mode drivers for the SCSI controller, the CD-ROM driver, and Mscdex.exe, and see if the CD-ROM drive works in MS-DOS.
• If the drive does work in MS-DOS, in Device Manager, examine the SCSI controller’s properties to make sure it was detected correctly.
• Check your physical connections.
• Check the SCSI IDs for all devices to make sure they are unique.

A SCSI or IDE tape drive or scanner does not show up in Device Manager. Windows does not assign drive letters to tape drives and scanners, because they have no drive to assign a letter to. Therefore, they might appear as Unknown Devices in Device Manager. After you start Windows, it asks if you have a driver for these devices. If you have Windows drivers, click Yes, and then type the path to where the drivers are located. To use existing real-mode drivers, click No. Windows will continue to recognize and support these devices although they are listed as Unknown Devices.

Swap file

If you do not have much free hard disk space your swap file will not be able to expand which can cause your computer run slow. Not enough free space also causes your swap file to swap between physical memory and the hard disk more frequently, which increases the chances of general protection faults.

NT boot issues

The boot menu disappears

If you want to set up a dual-boot system, you must install the alternate operating system before you install Windows NT. If you install Windows NT first and then install another operating system, it will overwrite the boot sector, and the PC will no longer look for the NTLDR file. To correct this problem install a new copy of Windows NT to a different directory. Doing so will make NT bootable. You can then edit your BOOT.INI file and remove any references to the new copy.

BOOT: Couldn't find NTLDR Please insert another disk

Your boot sector is okay because it still points to the NTLDR file. However, your NTLDR file is either missing or damaged. To correct this problem, replace the NTLDR file with a backup file or install a new copy of Windows NT to a different directory

Windows NT could not start because the following file is missing or corrupt: \\system32\ntoskrnl.exe Please reinstall a copy of the above file.

This problem usually occurs because the BOOT.INI file points to the wrong location for the Windows NT operating system or NTOSKRNL.EXE is missing or damaged. Copy the file from a backup or install a new copy of Windows NT to a different directory and copy file.

NTDETECT Checking Hardware 'E

The NTDETECT.COM file is missing or damaged. To correct the problem, copy the file from a backup or install a new copy of Windows NT to a different directory

I/O Error accessing boot sector file ulti(0)disk(0)rdisk(0)partition(1):\bootsect.dos

This error indicates that the BOOT.INI file either points to the wrong location for the BOOTSECT.DOS file or that the BOOTSECT.DOS file is corrupt.

OS Loader V4.00 Windows NT could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. Please check the Windows NT documentation about hardware disk configuration and your hardware reference manuals for additional information.

This message means that the location BOOT.INI points to doesn't contain a valid file system This error can be caused by an incorrect location specified in BOOT.INI. For example, if the BOOT.INI file points to a volume that's unformatted, you'll receive this error. It can also be caused by a crashed hard disk, or a hardware-implemented RAID device that's dropped off-line.

Dr. Watson

Windows 98 drwatson.exe

To start Dr. Watson On the Start menu, click Run, and then type Drwatson. Click OK or Click Start, point to Programs, Accessories, and System Tools, and then click System Information. Select the Tools menu and click Dr. Watson

Dr. Watson collects detailed information about the state of your system at the time of and slightly before an application fault. Dr. Watson intercepts the software faults, identifying the software that faulted and offering a detailed description of the cause. When enabled, this tool automatically logs this information to the disk (\Windows\Drwatson\*.wlg), and can display it on screen. Dr. Watson indicates the program that caused the application fault, the program the fault occurred in, and the memory address at which the fault occurred.

Windows 2000 drwtsn32.exe

If a program error occurs, Dr. Watson will start automatically. To start Dr. Watson, click Start, click Run, and then type drwtsn32. To start Dr. Watson from a command prompt, change to the root directory, and then type drwtsn32.

Dr. Watson for Windows 2000 is a program error debugger. The information obtained and logged by Dr. Watson is to diagnose a program error for a computer running Windows 2000. A text file (Drwtsn32.log) is created whenever an error is detected. You also have the option of creating a crash dump file, which is a binary file that a programmer can load into a debugger.

Failure to start GUI

Explorer.exe could be missing or corrupted

Windows Protection Errors

General protection errors

Is caused when a program tries to access a portion of memory that is has not been allocated by Windows or is already being used by another program or TSR. When this happens the screen turns blue with the GPF error message.

Solutions

• Run scandisk / defrag
• Remove any TSRs or programs which were running before the GPF.
• Remove and reinstall the program that caused the GPF.
• Disable power management and screen savers
• If you frequently receive GPF errors from different programs you may have to reinstall windows

Invalid Page Fault

Is caused when Windows or a program attempts to store or call a segment or block of memory that does not exist. This could happen because of bad memory or the program is incompatible or corrupt

Illegal Operation

Is an operation requested, which is not understood by Windows or the CPU. Illegal Operations can be caused by

• Corrupt files
• Bad Memory
• Data that can not be read properly
• Incorrect Drivers
• TSRs
• Bad hard drive sectors

Invalid page faults

Are generally caused by program incompatibility, overheating such as the CPU cooling fan not operating or other hardware / software issues

Event Viewer – Event log is full

When a log is full, it stops recording new events.

You must be logged on as an administrator or a member of the Administrators group to free an event log.

To free an event log when it is full

• Open Event Viewer, click Start, point to Settings, and click Control Panel. Double-click Administrative Tools, and then double-click Event Viewer.
• In the console tree, click the log you want to free.
• On the Action menu, click Clear all Events.

You can also free a log and start recording new events by overwriting events. To overwrite events, on the Action menu, click Properties, and then click Overwrite events as needed. This ensures that all new events are written to the log, even when the log is full.

You can also start logging new events by increasing the maximum log size. To increase the log size, on the Action menu, click Properties, and then increase the Maximum log size.

A device referenced in SYSTEM.INI, WIN.INI, Registry is not found

The referenced device is no longer installed, or its drivers are missing/corrupted. Try installing then reinstalling the device, or remove the referenced lines from the above files.

3.2 Recognize common problems and determine how to resolve them.

Troubleshooting Windows-specific printing problems

Print spool is stalled This can be solved by clicking on the File menu from the Printer Properties and selecting Restart Printing.

Incorrect/incompatible driver for printer First make sure that this is the proper driver for the printer if it is, try removing then reinstalling the driver.

Try using the Generic/Text Only printer driver for your printer. This can help determine whether or not your printing problem is related to your printer driver. If the Generic driver works try getting a new driver from the manufacturers web site.

Incorrect parameter

Use Device Manager to Verify Port Settings Use Device Manager to verify that your printer port settings are correct and that no resource conflicts exist.

General Protection Faults

General protection faults (GPIs) are caused when a program tries to access a portion of memory that is has not been allocated by Windows or is already being used by another program or TSR. When this happens the screen turns blue with the GPF error message.

Solutions

• Run scandisk / defrag
• Remove any TSRs or programs which were running before the GPF.
• Remove and reinstall the program that caused the GPF.
• Disable power management and screen savers
• If you frequently receive GPF errors from different programs you may have to reinstall windows

Illegal operation

This program has performed an illegal operation or This program has produced a General Protection Fault . Both of these messages refer to the same type of error. Windows has attempted to write information to a space in its memory that is already in use by the program. Reboot the computer, if problem persists run scandisk.

Invalid working directory

Ensure that the path in Working Directory is correct, or make sure the CD is in the drive and that the drive is mapped, windows loaded without logging you into the network and mapping the appropriate drive letter specified in the application shortcut properties.

System lock up

Problems with applications or hardware can lock up a system for many reasons. When the system locks up reboot the computer this usually corrects the problem. If lock ups occur with a certain application frequently try removing and reinstalling the application. In the event that your computer continually locks up with different applications, try running Scandisk and Defrag if this does not help it could be a hardware problem such as an overheated CPU.

Option (Sound card, modem, input device) or will not function

Check Device Manager to see if the device is listed and working properly if not reinstall drivers, if this does not work:

• Check for conflicting IRQ's
• Check that card is seated in the mother board properly

Application will not start or load

If an application does not start, you should first restart the system . If this does not solve the problem, try reinstalling the application. Some applications require certain DLL or runtime files which are not included with windows or they may be the wrong versions.

Cannot log on to network (option – NIC not functioning)

The most common network adapter problems are interrupt conflict and transceiver setting.

Things to Check:

• Do the setting on the card match the setting in the network software you using
• Is there a conflict between IRQ's
• Is there an I/O address conflict
• Is there a memory conflict
• Is the cable attached securely
• Is the adapter card set to the correct speed setting for the network

TSR (Terminate Stay Resident) programs and virus

These programs start when you first turn on your computer and stay in memory, ready for your use, even if they are not active on your screen. These programs can take system resources. These stay resident programs may include screen savers, anti-virus protection, and any DOS or Windows programs that were opened but never shut off.

Terminate and Stay Resident. "Memory Resident" viruses go into memory and stay there while the computer is still running. TSR viruses usually design a method by which they are put into memory when the computer is booted, and then run until the computer is shut down.

Applications don’t install

How Windows 9x Accommodates Application Problems

Some Windows-based and MS-DOS-based applications may not run well under Windows 9x because they were written to take advantage of characteristics of older operating systems. For example, certain applications use a portion of the title bar to include items other than the title, such as a Quick Help button. Because Windows 9x title bars are not formatted in the same way as Windows 3.x title bars, some information may be overwritten when you run these old applications.

In addition, some applications use interrupts that are not automatically supported by Windows 9x. Others do not handle long file names well, or they incorrectly check for the operating system’s version number.

Windows 9x provides the Make Compatible utility to make compatible an application that is initially incompatible with Windows 9x. You can use this utility to troubleshoot if you have trouble printing from an application, or if an application stalls or has other performance problems. This utility provides the means to increase stack memory to an application, emulate earlier versions of Windows, and solve other common problems that cause an application not to run with Windows 9x. Click the Start button, click Run, and then type mkcompat.exe.

Running Terminate-and-Stay-Resident Programs

Some older terminate-and-stay-resident programs (TSRs) rely on MS-DOS interrupts to monitor everything that happens on the system. However, because of its protected-mode file system, Windows 98 does not use MS-DOS interrupts. If Windows 9x detects that a TSR is trying to monitor these interrupts, it will accommodate the application and send all system information through MS-DOS interrupts. In this way, the TSR can monitor system events successfully. However, doing this will significantly slow the performance of the operating system.

Fixing Version-Checking Errors

Some applications incorrectly check the version number of Windows 9x. Incorrect version-checking techniques sometimes invert the two bytes that record the version number; thus, version 3.10 would be reported as 10.3. Windows 9x tries to accommodate this possible version-checking error by reporting 3.98 as the version. In this way, if an application looks for a version greater than 3.10 or its inverse, 10.3, the new Windows 98 version proves to be greater.

If the application looks for an exact match for the version number, such as Windows version 3.10, it may not run under Windows 9x. To resolve this problem, add the following line to the [Compatibility] section of Win.ini:

compiled_module_name=0x00200000

To determine the compiled module name, right-click an executable file in Windows Explorer, and then click QuickView. The Module Name line provides this information. After you have obtained the module name, the section you add to Win.ini should look similar to the following entry for cc:Mail:

CCMAIL=0x00200000

Running Applications That Replace System Dynamic-Link Libraries

Some setup applications do not check the version of the system files they are installing and overwrite the newer Windows 98 versions of those dynamic-link libraries (DLLs). Windows 98 restores its original DLLs after every setup application runs and for the first three startups thereafter. If an application stops running or behaves erratically after you install it, you may need to obtain an updated version of the application that does not overwrite Windows 98 system files.

If your application must run with a replacement file, you can add that file to the \Windows\System\Vmm32 directory (which is initially empty after you set up Windows 98).

Windows 2000 Windows Installer

Windows Installer is a component of the Windows 2000 operating system that simplifies the application installation process.

With Windows Installer and the .msi package file format, software installation and removal has become more reliable and resilient while providing a larger set of installation options. Windows Installer performs the following tasks:

• Restores original computer state upon installation failure: Windows Installer keeps track of all changes made to the system during the application installation process. If the installation fails, Windows Installer can restore, or roll back, the system to its initial state.
• Helps prevent certain forms of inter-application conflicts: Windows Installer enforces installation rules that help to prevent conflicts with shared resources between existing applications. Such conflicts can be caused when an install operation makes updates to a dynamic link library (.dll) shared by an existing application, or when an operation deletes a dynamic link library shared by another application.
• Reliably removes existing programs: Windows Installer can reliably uninstall any program it previously installed. It removes all the associated registry entries and application files, except for those shared by other installed software. You can uninstall an application at any time after a successful installation. (Removal should not be confused with rollback, which restores a computer to its initial state when an installation failure has occurred.)
• Diagnoses and repairs corrupted applications: An application can query Windows Installer to determine whether an installed application has missing or corrupted files. If any are detected, Windows Installer repairs the application by recopying only those files found to be missing or corrupted.

Network connection

• Is the correct user name and password being used
• Are the proper protocols installed
• Are network cables loose, damaged, connected or to long
• Is the network adapter card working properly

Viruses and virus types

What they are

A computer virus is a program designed to spread itself by first infecting executable files or the system areas of hard and floppy disks and then making copies of itself.

Types of Viruses

• Boot Sector Stays resident by infecting the boot sector of the computer. Each time the system is booted, it is re-infected from its own boot sector. Any time a floppy disk is inserted into the drive, the floppy’s boot sector is infected. If a machine is booted from or even if an infected floppy disk is left in the floppy drive when the system is rebooted, that computer will then be infected.
• FAT Virus infects the File Allocation Table of a hard drive, these usually cause a loss of files that are on a hard drive.
• Memory viruses are viruses that execute and stay resident in memory.
• Macro viruses are viruses that attach themselves to documents in the form of macros. Usually in Microsoft Word and Microsoft Excel documents
• CMOS viruses are viruses that make themselves resident in the CMOS . These viruses can damage the hardware of the computer.
• Benign virus might do nothing more than display a message.
• Malignant virus cause damage to a computer system, such as corrupting files or destroying data.
• In the Wild virus A virus that has been found in more than one organization or company.
• Worms instead of spreading from file to file, they spread from computer to computer, infecting an entire system. After the initial infection, the worm attempts to spread to other machines on a network.
• Trojan Horse designed to cause damage or do something malicious to a system, but are disguised as something useful. Unlike viruses, these don't make copies of themselves.

Sources (floppy, emails, etc.)

Virus code must be executed to have any effect, files that are pure data, such as graphics, sound, and plain text files are usually safe. The virus code has to be in a form, such as an .exe, .com, bat or a Word .doc file, that the computer will try to execute.

If your computer is infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies.

You can't get a virus by reading a plain-text E-mail message, it is only when you open an attachment containing an executable program.

How to determine presence

In most cases, it is difficult to detect a virus, erratic system behavior, frequent lock ups, system won't boot all these could be caused by a virus. The only way to know for sure if a virus present is to use Antivirus software

Removal

Antivirus applications have the ability to remove most viruses, but there will be some which can not be removed. For those that can not, you will have to boot the system with a start disk then use FDISK with the /mbr option ( to over write the boot sector) and FORMAT the drive.