Export (0) Print
Expand All
852 out of 970 rated this helpful - Rate this topic

Troubleshooting the Startup Process

Published: November 03, 2005

Diagnosing and correcting hardware and software problems that affect the startup process is an important troubleshooting skill. Resolving startup issues requires a clear understanding of the startup process and core operating system components.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see http://www.microsoft.com/mspress/books/6795.asp.

Bb457123.3squares(en-us,TechNet.10).gif
On This Page

Related Information
Understanding the Startup Process
Recovering from Hardware-Related Problems
Additional Resources

Related Information

  • For more information about troubleshooting concepts, see Chapter 27, “Understanding Troubleshooting.”

  • For more information about enabling, disabling, and managing devices, see Chapter 9, “Managing Devices.”

  • For more information about troubleshooting disk or file system problems, see Chapter 28, “Troubleshooting Disks and File Systems” and Chapter 12, “Organizing Disks.”

  • For more information about Microsoft Windows XP Professional troubleshooting tools, see Appendix C, “Tools for Troubleshooting.”

Understanding the Startup Process

To diagnose and correct a startup problem, you need to understand what occurs during startup. The first step in isolating startup problems is for you to determine whether the problem occurs before, during, or after Microsoft Windows XP Professional starts up.

The root cause of startup failure, including contributing factors, can stem from a variety of problems, such as user error, application faults, hardware failures, or virus activity. If the condition is serious enough, you might need to reinstall Windows XP Professional or restore files from backup media.

In x86-based systems, startup failures that occur before the operating system loader (Ntldr) starts could indicate missing or deleted files, or it could indicate damage to the hard disk master boot record (MBR), partition table, or boot sector. If a problem occurs during startup, the system might have incompatible software or drivers, incompatible or improperly configured hardware, or corrupted system files.

The startup process for x64-based computers is the same as that of x86-based computers.

Startup Phases

The Windows XP Professional startup process closely resembles that of Microsoft Windows NT version 4.0, Microsoft Windows 2000, and Microsoft Windows Server™ 2003, but it significantly differs from Microsoft MS-DOS, Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Windows Me).

All computers running Windows XP Professional share the same startup sequence:

  • Power-on self test (POST) phase

  • Initial startup phase

  • Boot loader phase

  • Detect and configure hardware phase

  • Kernel loading phase

  • Logon phase

The preceding startup sequence applies to systems started or restarted after a normal shutdown, and it does not apply when you bring your computer out of hibernation or standby. See “Resolving Power Management Problems” later in this chapter for more information about problems that might occur when you bring your computer out of standby or hibernation.

For Windows XP Professional to start, the system and boot partitions must contain the files listed in Table 29-1.

Table 29-1 Windows XP Professional Startup Files

File Name

Disk Location

Description

Ntldr

Root of the system partition

The operating system loader.

Boot.ini

Root of the system partition

A file that specifies the paths to Windows XP Professional installations. For multiple-boot systems, Boot.ini contains the operating system choices that display on the startup menu.

Bootsect.dos (multiple-boot systems only)

Root of the system partition

A hidden system file that Ntldr loads for a Windows XP Professional multiple-boot configuration that includes MS-DOS, Windows 95, Windows 98, or Windows Me. Bootsect.dos contains the boot sector for these operating systems.

Ntdetect.com

Root of the system partition

The file that passes information about the hardware configuration to Ntldr.

Ntbootdd.sys

Root of the system partition (required for SCSI or Advanced Technology Attachment [ATA]controllers with firmware disabled or that do not support extended INT-13 calls).

The device driver used to access devices attached to a SCSI or ATA hard disk whose adapter is not using BIOS. The contents of this file depend on the startup controller used.

Ntoskrnl.exe

systemroot\System32

The core (also called the kernel) of the Windows XP Professional operating system. Code that runs as part of the kernel does so in privileged processor mode and has direct access to system data and hardware.

During installation on single processor systems, Windows XP Professional Setup copies Ntoskrnl.exe from the operating system CD. During installation on multiprocessor systems, Windows XP Professional Setup copies Ntoskrnlmp.exe and renames it Ntoskrnl.exe.

Hal.dll

systemroot\System32

The hardware abstraction layer (HAL) dynamic-link library file. The HAL abstracts low-level hardware details from the operating system and provides a common programming interface to devices of the same type (such as video adapters).

The Microsoft Windows XP Professional operating system CD contains several Hal files. Setup copies to your computer the file that fits your hardware configuration and then renames the file as Hal.dll.

System registry file

systemroot\System32
\Config\System

The registry file that contains the data used to create the registry key HKEY_LOCAL_ MACHINE\SYSTEM. This key contains information that the operating system requires to start devices and system services.

Device drivers

systemroot\System32
\Drivers

Driver files for hardware devices, such as keyboard, mouse, and video.

Note Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows XP Professional define the “system” and “boot” partitions differently from other operating systems. The system volume contains files that are needed to start Windows XP Professional, such as the Windows loader (Ntldr). The boot volume contains Windows XP Professional operating system files and folders such as systemroot and systemroot\System32. The boot volume can be, but does not have to be, the same volume as the system volume.

In Table 29-1, the term systemroot is one of many environment variables used to associate string values, such as folder or file paths, to variables that Windows XP Professional applications and services use. For example, by using environment variables, scripts can run without modification on computers that have different configurations. To obtain a list of environment variables useful for troubleshooting, type set at the command line.

For more information about environment variables, see “To add or change the values of environment variables” in Windows XP Professional Help and Support Center. For more information about system files, see Appendix A, “System Files Reference.”

Power-On Self Test

As soon as you turn on a computer, its central processing unit (CPU) begins to carry out the programming instructions contained in the basic input/output system (BIOS). The BIOS, which is a type of firmware, contains the processor-dependent code that starts the computer regardless of the operating system installed. The first set of startup instructions is the power-on self test (POST). The POST is responsible for the following system and diagnostic functions:

  • Performs initial hardware checks, such as determining the amount of memory present

  • Verifies that the devices needed to start an operating system, such as a hard disk, are present

  • Retrieves system configuration settings from nonvolatile complementary metal-oxide semiconductor (CMOS) memory, which is located on the motherboard

    The contents of CMOS memory remain even after you shut down the computer. Examples of hardware settings stored in CMOS memory include boot order and Plug and Play information.

After the motherboard POST completes, add-on adapters that have their own firmware (for example, video and hard drive controllers) carry out internal diagnostic tests.

To access and change system and peripheral firmware settings, consult the system documentation provided by the manufacturer.

Initial Startup Phase

After the POST, the settings that are stored in CMOS memory, such as boot order, determine the devices that the computer can use to start an operating system. For example, if the boot order specifies the floppy disk as the first startup device and the hard disk as second (some firmware displays this order as “A, C”), the following scenarios might occur at startup:

The floppy disk drive contains a floppy disk

The BIOS searches the floppy disk drive for a bootable floppy disk. If one is present, the first sector (the floppy disk boot sector) loads into memory. If the floppy disk is not bootable, an error message similar to the following appears:

Non-system disk or disk error 
Replace and press any key when ready

The computer displays the preceding message until you insert a bootable floppy disk or until you remove the floppy disk and restart the computer.

The floppy disk drive does not contain a floppy disk

If you restart the computer without a floppy disk, the computer reads the boot code instructions located on the master boot record (MBR). The MBR is the first sector of data on the startup hard disk and contains instructions (called boot code) and a table (called a partition table) that identify primary and extended partitions. The BIOS reads the MBR into memory and transfers control to the code in the MBR.

The computer then searches the partition table for the active partition. The first sector of the active partition contains boot code that enables the computer to do the following:

  • Determine the file system used.

  • Locate and start the operating system loader file, Ntldr.

If an active partition does not exist or if boot sector information is missing or corrupt, a message similar to any of the following might appear:

Invalid partition table 
Error loading operating system 
Missing operating system 
BOOT: Couldn’t find NTLDR 
NTLDR is missing

If an active partition is successfully located, the code in the boot sector locates and starts Ntldr and the BIOS releases control to it.

For more information about disks and file systems—including information about the MBR, partitions, and boot sectors—see Chapter 13, “Working with File Systems,” and Chapter 28, “Troubleshooting Disks and File Systems.”

The boot order specifies another startup device

In addition to floppy disks or hard disks attached to SCSI and ATA controllers, some computer firmware can start an operating system from other devices, such as:

  • CD-ROMs

  • Network adapters

  • Removable disks, such as Iomega Zip disks

  • Secondary storage devices installed in docking stations for portable computers

It is possible to specify a custom boot order, such as “CDROM, A, C”. When you specify “CDROM, A, C” as a boot order, the following events occur at startup:

  • The computer searches the CD-ROM for bootable media.

    If a bootable CD is present, the computer uses the CD-ROM as the startup device. Otherwise, the computer searches the next device in the boot order.

  • The computer searches the floppy disk for bootable media.

    If a bootable floppy is present, the computer uses the floppy disk as the startup device. Otherwise, the computer searches the next device in the boot order or displays an error message.

  • The computer uses the hard disk as the startup device.

    The computer typically uses the hard disk as the startup device only when the CD-ROM drive and the floppy disk drive are empty.

There are exceptions where code on bootable media transfers control to the hard disk. For example, when you start your system by using the bootable Windows XP Professional operating system CD, Setup checks the hard disk for Windows XP Professional installations. If one is found, you have the option of bypassing CD-ROM startup by not responding to the Press any key to boot from CD prompt that appears.

You cannot use a nonbootable CD to start your system. The presence of a nonbootable CD in the CD-ROM drive can add to the time the system requires to start. If you do not intend to start the system from CD, remove all CDs from the CD-ROM drive before restarting.

For more information about boot order options, consult your system documentation.

Boot Loader Phase

Ntldr loads startup files from the boot partition and then does the following:

Sets an x86-based processor to run in 32-bit flat memory mode

An x86-based computer first starts in real mode. In real mode, the processor disables certain features to allow compatibility with software designed to run on 8-bit and 16-bit processors. Ntldr then switches the processor to 32-bit mode, which allows access to large amounts of memory and enables Windows XP Professional to start.

Starts the file system

Ntldr contains the program code that Windows XP Professional needs to read and write to disks formatted by using the NTFS or file allocation table (FAT16 or FAT32) file systems.

Reads the Boot.ini file

Ntldr parses the Boot.ini file to determine the location of the operating system boot partition. For systems that use a single-boot configuration, Ntldr initiates the hardware-detection phase by starting Ntdetect.com. For multiple-boot configurations that include Windows XP Professional, Windows 2000, Windows Server 2003, Windows NT 4.0, Windows 95, Windows 98, Windows Me, or MS-DOS, you receive a menu of operating system choices at startup. In addition, if the Recovery Console has been installed, the boot loader menu is displayed during startup with the Recovery Console as one of the available options.

Note Computers running Windows NT 4.0 require Service Pack 4 or later to access NTFS volumes previously mounted by Windows 2000, Windows Server 2003, or Windows XP Professional. For more information about NTFS interoperability, see Chapter 13, “Working with File Systems.”

If you choose Windows XP Professional, Windows 2000, Windows Server 2003, or Windows NT 4.0, Ntldr proceeds with the hardware-detection phase. If you do not select Windows XP Professional, Windows 2000, Windows Server 2003, or Windows NT 4.0, control is passed to the boot sector for the other operating system. For example, if you select Windows 95, Windows 98, Windows Me, or MS-DOS, Ntldr passes control to Bootsect.dos by reading MBR code that Bootsect.dos contains. This action causes the MBR code in Bootsect.dos to execute as if the instructions were read from the disk. For more information about Boot.ini, see “Reviewing and Correcting Boot.ini Settings” later in this chapter.

Detects hardware and hardware profiles

Ntldr starts Ntdetect.com, a program that performs basic device detection. Ntldr then passes Boot.ini information, as well as hardware and software data in the registry, to Ntoskrnl.exe. Ntdetect.com detects hardware profile information (for example, docked and undocked configurations for portable computers) and also checks for information stored in Advanced Configuration and Power Interface (ACPI) tables. ACPI-compliant firmware enables Windows XP Professional to detect device power management features and determine device resource requirements.

For more information about ACPI, see the ACPI link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Detect and Configure Hardware Phase

After processing the Boot.ini file, Ntldr starts Ntdetect.com. Ntdetect.com collects information about installed hardware by using calls to system firmware routines. Ntdetect.com then passes this information back to Ntldr. Ntldr gathers the data received from Ntdetect.com and organizes the information into internal data structures. Ntldr then starts Ntoskrnl.exe and provides it with information obtained from Ntdetect.com.

Ntdetect.com collects the following type of hardware and device information:

  • System firmware information, such as time and date

  • Bus and adapter types

  • Video adapters

  • Keyboard

  • Communication ports

  • Disks

  • Floppy disks

  • Input devices (such as mouse devices)

  • Parallel ports

  • Devices installed on the Industry Standard Architecture (ISA) bus

Ntdetect.com plays a greater role for device enumeration in computers that are not ACPI compliant because in those computers, the firmware, not the operating system, determines the resources assigned to devices. For computers with ACPI firmware, Windows XP Professional assigns the hardware resources to use.

During this phase, Ntdetect.com searches for hardware profile information. Windows XP Professional creates a single default profile for desktop computers and creates two default profiles for portable computers. For portable computers, the operating system selects the appropriate profile based on the hardware state of the computer:

  • Desktop computer.

Profile 1

  • Portable computer.

    • Docked Profile

    • Undocked Profile

Hardware profiles are especially useful for portable computers because the hardware state of these computers is not static. Drivers for devices not listed in a particular hardware profile are not loaded during startup.

For more information about creating and using hardware profiles, see Windows XP Professional Help and Support Center. Also see article 225810, “How to Create Hardware Profiles on Windows 2000–Based Mobile Computers,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Also, see Chapter 9, “Managing Devices,” and Chapter 7, “Supporting Mobile Users.”

Kernel Loading Phase

Ntldr is responsible for loading the Windows kernel (Ntoskrnl.exe) and the hardware abstraction layer (HAL) into memory. The Hal.dll file that your computer uses can vary. During installation, Windows XP Professional Setup copies one of several HAL files and renames the file Hal.dll. (See Table 29-2 for a list of HAL files.)

To view the computer description in Device Manager
  1. In the Run dialog box, type devmgmt.msc and then click OK.

  2. In Device Manager, expand Computer to view the description of your computer.

    By comparing the description that Device Manager uses to the descriptions listed in Table 29-2, you can determine the HAL file that is copied to your computer from the Windows XP Professional operating system CD.

Table 29-2 Description of Different Hal.dll Files

Computer Description in Device Manager

HAL File Copied

ACPI Multiprocessor PC

Halmacpi.dll

ACPI Uniprocessor PC

Halaacpi.dll

Advanced Configuration and Power Interface (ACPI) PC

Halacpi.dll

MPS Multiprocessor PC

Halmps.dll

MPS Uniprocessor PC

Halapic.dll

Standard PC

Hal.dll

Compaq SystemPro Multiprocessor or 100% Compatible

Halsp.dll

Together, the kernel and the HAL initialize a group of software components that are called the Windows executive. The Windows executive processes the configuration information stored in registry control sets, and starts services and drivers.

For more information about Windows executive services, see “Common Stop Messages for Troubleshooting” on the companion CD.

Control sets

Ntldr reads control set information from the HKEY_LOCAL_ MACHINE\SYSTEM registry key, which is created from information in the systemroot\System32\Config\System file, so that Ntldr can determine which device drivers need to be loaded during startup. Typically, several control sets exist, with the actual number depending on how often system configuration settings change.

Caution Do not edit the registry unless you have no alternative. The Registry Editor bypasses standard safeguards, allowing settings that can damage your system or even require you to reinstall Windows. If you must edit the registry, back it up first.

Typical registry control set subkeys are:

  • \CurrentControlSet, a pointer to a ControlSetxxx subkey (with xxx representing a control set number, such as 001) designated in the \Select\Current entry.

  • \Clone, a copy of \CurrentControlSet, created each time you start your computer.

  • \Select, which contains the following entries:

    1. Default, which points to the control set number (for example, 001=ControlSet001) that the system has specified for use at the next startup. If no error or manual invocation of the LastKnownGood startup option occurs, this control set number is designated as the value of the Default, Current, and LastKnownGood entries (assuming that a user is able to log on successfully).

    2. Current, which points to the last control set that was used to start the system.

    3. Failed, which points to a control set that did not start Windows XP Professional successfully. This value is updated when the LastKnownGood option is used to start the system.

    4. LastKnownGood, which points to the control set that was used during the last user session. When a user logs on, the LastKnownGood control set is updated with configuration information from the previous user session.

Ntldr uses the control set identified by the Default value unless you choose the Last Known Good Configuration from the Windows Advanced Options menu.

The kernel uses the internal data structures provided by Ntldr to create the HKEY_LOCAL_MACHINE\HARDWARE key, which contains the hardware data collected at system startup. The data includes information about various hardware components and system resources allocated to each device. To monitor the kernel load process, watch the Starting up progress indicator that appears during startup. For more information about Last Known Good Configuration, see Appendix C, “Tools for Troubleshooting.”

Windows XP Professional supports an extensive set of devices. New or updated drivers that are not on the Windows XP Professional operating system CD are provided by hardware manufacturers. In addition, service packs such as Windows XP Service Pack 2 provide signed drivers for hardware devices that were not available when Windows XP was first released.

Drivers are kernel-mode components required by devices to function within an operating system. Services are components that support operating system functions and applications. Services can run in a different context than user applications and typically do not offer many user-configurable options. Services, such as the Print Spooler, do not require a user to be logged on to run and act independently of the user who is logged on to the system. Windows XP Professional driver and service files are typically stored in the systemroot\System32 and systemroot\System32\Drivers folders and use .exe, .sys, or .dll file name extensions.

Drivers are also services. Therefore, during kernel initialization, Ntldr and Ntoskrnl.exe use the information stored in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename registry subkeys to determine both the drivers and services to load. For example, Ntldr searches the Services subkey for drivers with a Start value of 0, such as hard disk controllers. After Ntldr starts Ntoskrnl.exe, an Ntoskrnl.exe component searches for and starts drivers, such as network protocols, that have a Start value of 1.

Table 29-3 lists the values (in decimal) for the Start entry. Boot drivers (those with a Start value of 0) and file system drivers are always loaded regardless of their Start value because they are required to start Windows XP Professional.

Table 29-3 Values for a <servicename> Start Entry

Value

Start Type

Value Descriptions for Start Entries

0

Boot

Specifies a driver that is loaded (but not started) by firmware calls made by Ntldr. If no errors occur, the kernel starts the driver.

1

System

Specifies a driver that loads at kernel initialization during the startup sequence by calling Windows XP Professional boot drivers.

2

Auto load

Specifies a driver or service that is initialized at system startup by Session Manager (Smss.exe) or Service Controller (Services.exe).

3

Load on demand

Specifies a driver or service that is manually started by a user, a process, or another service.

4

Disabled

Specifies a disabled (not started) driver or service.

Table 29-4 lists some of the values (in decimal) for the Type entry.

Table 29-4 Values for a <servicename> Type Entry

Value

Value Descriptions for Type Entries

1

Specifies a kernel device driver

2

Specifies a file system driver (also a kernel device driver)

4

Specifies parameters passed to the device driver

16

Specifies a service that obeys the service control protocol, can run in a process by itself, and can be started by the Services Controller

32

Specifies a service that can share a process with other services

Some drivers and services require that certain dependencies be met before they start. You can find dependencies listed under the DependOnGroup and DependOnService entries in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\servicename subkey for each service or driver. For more information about using dependencies to prevent or delay a driver or service from starting, see “Temporarily Disabling Services” later in this chapter. The Services subkey also contains information that affects how drivers and services are loaded, a few of which are listed in Table 29-5.

Table 29-5 Other Registry <servicename> Entries

Entry

Description

DependOnGroup

At least one item from this group must start before this service is loaded. The subkey SYSTEM\CurrentControlSet\Control\ServiceGroupOrder contains the service group load order.

DependOnService

Lists the specific services that must load before this service loads.

Description

Describes the component.

DisplayName

Specifies the display name of the component.

ErrorControl

Controls whether a driver error requires the system to use the LastKnownGood control set or to display a Stop message.

  • If the value is 0x0 (Ignore, no error is reported), do not display a warning and proceed with startup.

  • If the value is 0x1 (Normal, error reported), record the event to the System Event Log and display a warning message, but proceed with startup.

  • If the value is 0x2 (Severe), record the event to the System Event Log, use the LastKnownGood settings, restart the system, and proceed with startup.

  • If the value is 0x3 (Critical), record the event to the System Event Log, use the LastKnownGood settings, and restart the system. If the LastKnownGood settings are already in use, display a Stop message.

Group

Designates the group that the driver or service belongs to. This allows related drivers or services to start together (for example, file system drivers). The registry entry List in the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\ServiceGroupOrder specifies the group startup order.

ImagePath

Identifies the path and file name of the driver or service if the ImagePath entry is present. Use Windows Explorer to verify the path and file name.

ObjectName

Specifies an object name. If the Type entry specifies a Windows XP Professional service, it represents the account name that the service uses to log on when it runs.

Tag

Designates the order in which a driver starts within a driver group.

Session Manager

After all entries that have Boot and Startup data types are processed, the kernel starts Session Manager. Session Manager (Smss.exe) performs important initialization functions, such as:

  • Creating system environment variables.

  • Starting the kernel-mode portion of the Windows subsystem (implemented by systemroot
    \System32\Win32k.sys), which causes Windows XP Professional to switch from text mode to graphics mode. Windows-based applications run in the Windows subsystem. This environment allows applications to access operating system functions, such as displaying information to the screen.

  • Starting the user-mode portion of the Windows subsystem (implemented by systemroot
    \System32\Csrss.exe).

  • Starting the Logon Manager (systemroot\System32\Winlogon.exe).

  • Creating additional virtual memory paging files.

  • Performing delayed rename operations for files listed in the registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    \PendingFileRenameOperations. For example, you might be prompted to restart the computer after installing a new driver or application so that Windows XP Professional can replace the file in use.

The Windows subsystem and the applications that run within it are user mode processes; they do not have direct access to hardware or device drivers. User-mode processes run at a lower priority than kernel-mode processes. When the operating system needs more memory, it can page to disk the memory that is used by user-mode processes. For more information about user-mode and kernel-mode components, see “Common Stop Messages for Troubleshooting” on the companion CD.

Session Manager searches the registry for service information that is contained in the following subkeys:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager contains a list of commands to run before loading services. The Autochk.exe tool is specified by the value of the BootExecute entry and virtual memory (paging file) settings stored in the Memory Management subkey. Autochk, which is a version of the Chkdsk tool, runs at startup if the operating system detects a file system problem that requires repair before completing the startup process. For more information about Autochk and Chkdsk, see Chapter 28, “Troubleshooting Disks and File Systems.”

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    \Subsystems contains a list of available subsystems. For example, Csrss.exe contains the user-mode portion of the Windows subsystem.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename. The Service Control Manager initializes services that the Start entry designates as Auto-load.

Logon Phase

The Windows subsystem starts Winlogon.exe, a system service that enables logging on and off. Winlogon.exe then does the following:

  • Starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM).

  • Starts the Local Security Authority (LSA) process (Lsass.exe).

  • Parses the Ctrl+Alt+Del key combination at the Begin Logon prompt.

The Graphical Identification and Authentication (GINA) component collects the user name and password, and passes this information securely to the LSA for authentication. If the user supplied valid credentials, access is granted by using either the Kerberos V 5 authentication protocol or NTLM. For more information about security components, such as LSA, Kerberos V5 protocol, or NTLM, see the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit.

Winlogon initializes security and authentication components while the Service Control Manager initializes Auto-load services and drivers. After the user logs on, the following events occur:

  • Control sets are updated.

    The control set referenced by the LastKnownGood registry entry is updated with the contents in the Clone entry. Clone, which is a copy of the CurrentControlSet entry, is created each time you start your computer. When a user logs on, the LastKnownGood control set is updated with configuration information from the previous user session.

  • Group Policy settings take effect.

    Group Policy settings that apply to the user and computer take effect. For more information about Group Policy, see Chapter 1, “Planning Deployments;” Chapter 5, “Managing Desktops;” and Chapter 17, “Managing Authorization and Access Control,” and see “Group Policy” in the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit. Also, see the Change and Configuration Management Deployment Guide link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

  • Startup programs run.

    Windows XP Professional starts logon scripts, startup programs, and services referenced in these registry subkeys and folder locations:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
      \Runonce

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
      \policies\Explorer\Run

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
      \Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
      \Windows\ Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion
      \RunOnce

    • systemdrive\Documents and Settings\All Users\Start Menu\Programs\ Startup

    • systemdrive\Documents and Settings\username\Start Menu\Programs\ Startup

    • windir\Profiles\All Users\Start Menu\Programs\Startup

    • windir\Profiles\username\Start Menu\Programs\Startup

The windir\Profiles folders exist only on systems that are upgraded from Windows NT 4.0. For more information on registry keys used for starting programs, see article 179365, “INFO: Run, RunOnce, RunServices, RunServicesOnce and Startup,” in the Microsoft Knowledge Base at http://support.microsoft.com. For additional information, see article 314488, “How to Modify the List of Programs that Run When You Start Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Windows XP Professional startup is not complete until a user successfully logs on to the computer.

Plug and Play Device Detection

Plug and Play detection runs asynchronously with the logon process and relies on system firmware, hardware, device driver, and operating system features to detect and enumerate new devices. Windows XP Professional optimizes Plug and Play support for computers equipped with ACPI firmware and enables enhanced features, such as hardware resource sharing.

When Plug and Play components are well coordinated, Windows XP Professional can detect new devices, allocate system resources, and install or request drivers with minimal user intervention. ACPI features are especially useful for mobile users who use portable computers that support standby, hibernation, hot and warm docking, or undocking features.

For more information about Plug and Play device detection and system resources, see Chapter 9, “Managing Devices,” and Chapter 7, “Supporting Mobile Users.”

Following a Process for Startup and Recovery

If you cannot start Windows XP Professional, the operating system provides several ways to identify the cause and resolve the problem.

If the startup problem occurs immediately after updating or installing a specific device driver or application

Restore previous system settings by using the following features:

  1. Use the Last Known Good Configuration.

  2. If you are in normal or safe mode, undo a device driver update by rolling back a driver.

  3. In normal or safe mode, use System Restore to restore a previous system configuration.

The preceding options are not limited to troubleshooting startup problems; they also apply to any problem affecting the operating system.

If you are still unable to start your system in normal mode

Restart your computer in safe mode and disable services and software that might be interfering with startup:

  1. Temporarily disable applications and processes.

  2. Temporarily disable services.

  3. Uninstall software.

If the problem prevents you from starting in safe mode

Try the following:

  1. Use Recovery Console to replace corrupted files or to perform other manual recovery operations.

  2. Examine and correct the Boot.ini settings.

  3. Perform a parallel Windows XP Professional installation, and use Backup to restore operating system files from backup media.

  4. Use Automated System Recovery (ASR) in Windows XP Professional Backup to reformat the system partition and restore operating system files from backup media.

Restoring to the Last Known Good Configuration

Use Last Known Good Configuration to correct instability or startup problems by reversing the most recent system and driver changes within a hardware profile. When you use this feature, you lose all configuration changes that were made since you last successfully started your system.

Using the Last Known Good Configuration restores previous drivers and also restores registry settings for the subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet. Windows XP Professional does not update the LastKnownGood control set until you successfully start the operating system in normal mode and log on.

When you are troubleshooting, use Last Known Good Configuration before you try other options, such as safe mode. However, if you have reasons to use safe mode first, logging on to the computer in safe mode does not update the LastKnownGood control set so, Last Known Good Configuration remains an option even if you use safe mode first.

To access the Last Known Good Configuration startup option
  1. Remove all floppy disks and CDs from your computer, and restart your computer.

  2. Press F8 when prompted.

    If Windows XP Professional starts without displaying a menu similar to that shown in Figure 29-4, restart your computer. Press F8 after the firmware POST process completes but before Windows XP Professional displays graphical output.

  3. On the Windows Advanced Options menu, select Last Known Good Configuration.

When Windows XP Professional starts, it reads status information from the file systemroot\Bootstat.dat. If Windows XP detects that the last startup attempt was unsuccessful, it automatically displays the message and startup options that are shown in Figure 29-1.

Figure 29-1 Startup options when your system cannot start

Figure 29-1 Startup options when your system cannot start

Caution If you suspect that changes made since you last successfully restarted the computer are causing problems, do not log on because logging on causes the Last Known Good Configuration control set to be overwritten (unless you log on in safe mode). Instead, restart the computer and use the Last Known Good Configuration. For more information about control sets, see “Kernel Loading Phase” earlier in this chapter.

For more information about the Last Known Good Configuration, see Windows XP Professional Help and Support Center, and also see Appendix C, “Tools for Troubleshooting,” in this book. See also article 307852, “How to start your computer by using the Last Known Good Configuration feature in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Starting in Safe Mode

Safe mode is a diagnostic startup environment that runs only a subset of the drivers and services that are in your system memory. Safe mode is useful when you install software or a device driver that causes instability or problems with starting in normal mode. In most cases, safe mode allows you to start Windows XP Professional and then troubleshoot problems that prevent startup.

Logging on to the computer in safe mode does not update the LastKnownGood control set. Therefore, if you log on to your computer in safe mode and then decide you want to try Last Known Good Configuration, the LastKnownGood control set is still available.

In safe mode, Windows XP Professional uses the minimum set required to start the graphical user interface (GUI). The following registry subkeys list the drivers and services that start in safe mode:

  • Safe mode

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

  • Safe mode with networking

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

To access safe mode
  1. Remove all floppy disks and CDs from your computer, and restart your computer.

  2. Press F8 when prompted.

    If Windows XP Professional starts without displaying the menu shown in Figure 29-4, restart your computer. Press F8 after the firmware POST process completes but before Windows XP Professional displays graphical output.

  3. On the Windows Advanced Options menu, select Safe Mode, Safe Mode with Networking, or Safe Mode with Command Prompt.

Select a safe mode option from the startup recovery menu that appears when Windows XP Professional detects that the startup attempt was unsuccessful. For more information about the startup recovery menu, see “Restoring to the Last Known Good Configuration” earlier in this chapter.

For more information about safe mode, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting.” Also see article 315222, “A Description of Safe Mode Boot Options in Windows XP,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Rolling Back Drivers

When you update a device driver, your computer might have problems that it did not have with the previous version. For example, installing an unsigned device driver might cause the device to malfunction or cause resource conflicts with other installed hardware. Installing faulty drivers might cause Stop errors that prevent the operating system from starting in normal mode. Typically, Stop message text displays the file name of the driver that causes the error.

Windows XP Professional provides a feature called Device Driver Roll Back, which can help you restore system stability by rolling back a driver update.

Note Use System Information to determine whether a driver on your system is signed and to obtain other information about the driver, such as version, date, time, and manufacturer. This data, combined with information from the manufacturer’s Web site, can help you decide whether to roll back or update a device driver.

To roll back a driver
  1. In Control Panel, open System.

  2. Click the Hardware tab, and then click Device Manager.

  3. Expand a category (Standard floppy disk controller, for example), and then double-click a device.

  4. Click the Driver tab, and then click Roll Back Driver.

    You are prompted to confirm that you want to overwrite the current driver. Click Yes to roll back the driver. The roll back process proceeds, or you are notified that an older driver is not available.

    Tip You can also open the System Properties box from the Start menu by clicking Run and typing sysdm.cpl in the Run dialog box. Some Control Panel tools are stored in the systemroot\System32 folder and use a .cpl file name extension. Start frequently used Control Panel tools from the Run dialog box or by creating shortcuts.
    Other frequently used files include Appwiz.cpl (Add or Remove Programs), Hdwwiz.cpl (Add Hardware Wizard), Mmsys.cpl (Sounds and Audio Devices Properties), Nusrmgr.cpl (User Accounts), and Powercfg.cpl (Power Options Properties).

For more information about Device Driver Roll Back and about using System Information to check for unsigned drivers, see Windows XP Professional Help and Support Center, and see also Appendix C, “Tools for Troubleshooting,” in this book. See articles 283657, “How To Use the Roll Back Driver Feature in Windows XP,” and 306546, “How to Use the Driver Roll Back Feature to Restore a Previous Version of a Device Driver in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Using System Restore to Undo Changes

Using System Restore, you can restore your system to an earlier state, a state prior to when you began having problems. System Restore monitors changes to certain system and application files. It functions like an “undo” feature, allowing you to recover from system problems, such as those caused by incorrect system settings, faulty drivers, and incompatible applications. System Restore restores your system state without risk to personal files, such as documents or e-mail.

When you need to restore to an earlier system setting, select a restore point that was created when the system functioned correctly. Restore points are registry “snapshots” that System Restore creates, stores, and manages. System Restore copies monitored files to data stores on hard disk before Windows XP Professional overwrites, deletes, or changes the files.

When Windows XP Professional is running in normal mode, System Restore creates restore points in the background without user intervention. You can also manually create restore points, for example, before installing new hardware or software. In safe mode, you can use restore points but you cannot create them.

To start the System Restore Wizard
  • From the Start menu, click Help and Support, click Tools, and then click System Restore.

For more information about System Restore, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting.”

Temporarily Disabling Applications and Processes

If a problem occurs after installing new software, temporarily disable or uninstall the application to verify that the application is the source of the problem.

Problems with applications that run at startup can cause logon delays or even prevent you from completing Windows XP Professional startup in normal mode. The following subsections provide techniques for temporarily disabling startup programs:

  • Disabling Startup Programs by Using the System Configuration Utility

  • Disabling Startup Programs by Using the SHIFT Key

  • Disabling Startup Programs by Using the Group Policy Snap-In

  • Disabling Startup Programs for Computers on a Network

  • Manually Disabling Startup Programs

Disabling Startup Programs by Using the System Configuration Utility

System Configuration Utility allows you to disable startup programs individually or several at a time. Disable startup programs that do not use the registry to store configuration information but that instead use the Win.ini file. For example, on x86-based computers, use this tool to disable 16-bit startup programs.

To disable a startup program by using the System Configuration Utility
  1. In the Run dialog box, type msconfig, and then click OK.

  2. To disable startup programs, select the General tab, click Selective Startup, and then click to clear the Process WIN.INI File and Load Startup Items check boxes.

    – or –

    To disable specific startup items, select the Startup or WIN.INI tab, and then click to clear the check boxes that correspond to the items you want to disable. You can also click Disable All on the Startup and WIN.INI tabs to disable all items on each tab.

If you change any startup setting by using the System Configuration Utility, Windows XP Professional displays the following message when you log on:

Note: The following code snippet has been displayed in multiple lines only for better readability. These should be entered in a single line.

You have used the System Configuration Utility to make 
temporary changes to some of your system settings. 
To return to normal operations, choose the Normal 
option on the General tab.

The preceding message and the System Configuration Utility continue to appear each time you log on until you restore the original startup settings by clicking Normal Startup under Startup Selection on the General tab. To permanently change a startup setting, you must move or delete startup shortcuts, change a Group Policy setting, or uninstall the application that added the startup application.

For more information about the System Configuration Utility, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting.”

Disabling Startup Programs by Using the SHIFT Key

One way to simplify your configuration is to disable startup programs. Hold down the SHIFT key during the logon process to prevent the operating system from running startup programs or shortcuts in the following folders:

  • systemdrive\Documents and Settings\Username\Start Menu\Programs\Startup

  • systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup

  • windir\Profiles\Username\Start Menu\Programs\Startup

  • windir\Profiles\All Users\Start Menu\Programs\Startup

    The windir folders exist only on computers that are upgraded from Windows NT 4.0.

To disable the programs or shortcuts in the preceding folders, you must hold down the SHIFT key until the desktop icons appear. Holding down the SHIFT key is a better alternative than temporarily deleting or moving programs and shortcuts because this procedure affects only the current user session.

To use the SHIFT key to disable programs and shortcuts in startup folders
  1. Log off the computer.

  2. In the Welcome to Windows dialog box, press Ctrl+Alt+Del.

  3. In the Log On to Windows dialog box, type your user name and password and then click OK.

  4. Immediately hold down the SHIFT key. The mouse cursor changes shape from a plain pointer to a pointer with an hourglass. (It might do this several times.)

  5. Continue to hold down the SHIFT key until the Windows XP Professional desktop icons appear and the mouse cursor stops changing shape.

Disabling Startup Programs by Using the Group Policy Snap-In

Use the Group Policy MMC snap-in to disable programs that run at startup. Before you use this snap-in, you must be familiar with Group Policy concepts, and you must understand how to view registry entries and change local Group Policy settings.

For information about Group Policy and using the Group Policy snap-in, see Chapter 1, “Planning Deployments;” Chapter 5, “Managing Desktops;” and Chapter 17, “Managing Authorization and Access Control,” and see “Group Policy” in the Distributed Systems Guide of the Microsoft Windows 2000 Server Resource Kit. Also see “Using Group Policy” in Windows XP Professional Help and Support Center and the Change and Configuration Management Deployment Guide link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

If you are uncertain which startup programs to disable, view the registry startup information that appears in certain registry subkeys. For information about viewing registry entries, see “To open Registry Editor” in Windows XP Professional Help and Support Center and Table 29-6, Table 29-7, and Table 29-8.

Caution Do not edit the registry unless you have no alternative. The Registry Editor bypasses standard safeguards, allowing settings that can damage your system or even require you to reinstall Windows. If you must edit the registry, back it up first.

To disable startup programs by using the Group Policy snap-in
  1. In the Run dialog box, type gpedit.msc and then click OK.

  2. Under Local Computer, click the plus sign (+) to expand either of the following:

    • Computer Configuration

    • User Configuration

  3. Expand Administrative Templates, expand System, and then click Logon.

  4. Double-click the Group Policy setting Run these programs at user logon.

  5. For the programs that appear in either registry subkey that shows in Table 29-6, do one of the following:

    • To disable all the programs that are listed in the following subkeys, click Disabled.

      Disabling this Group Policy deletes the computer or user Run subkey described in Table 29-6.

    • To selectively disable individual programs that are listed in the computer or user Run subkey, click Enabled, and then click Show. In the Show Contents dialog box, select a program to disable, and then click Remove.

      If you enable the preceding Group Policy settings, the programs listed in the corresponding registry subkeys no longer start automatically when a user logs on to the system.

Table 29-6 Registry Subkeys That List the Programs That Run at User Logon

Group Policy Setting

Run List Controlled by the Group Policy Setting “Run these programs at user logon”

Computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run

User

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer\Run

Change additional Group Policy settings to simplify your computer configuration when you are troubleshooting startup problems. Table 29-7 lists the registry subkeys that are controlled by the Group Policy setting Do not process the run once list. If you enable this Group Policy setting, the system ignores the programs listed in the following RunOnce registry subkeys the next time a user logs on to the system.

Table 29-7 Registry Subkeys That List the Programs That Run Once

Group Policy Setting

RunOnce List Managed by the Group Policy Setting “Do not process the run once list”

Computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunOnce

User

HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\RunOnce

Table 29-8 lists the computer registry subkey that is controlled by the Group Policy setting Do not process the legacy run list. Listed in this registry subkey are a customized list of programs that were configured by using the system policy editor for Windows NT 4.0 or earlier. If you enable this Group Policy setting, the system ignores the programs listed in the corresponding registry subkey when you start your computer. If you disable or do not configure this Group Policy setting, the system processes the customized run list that is contained in this registry subkey when you start the computer.

Table 29-8 Registry Subkey That Lists Customized Legacy Programs

Group Policy Setting

Customized Run List Controlled by the Group Policy Setting “Do not process the legacy run list”

Computer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run

Group Policy changes do not always take effect immediately. Use the Gpupdate (Gpupdate.exe) tool to refresh local Group Policy changes to computer and user policies. (Gpupdate replaces the secedit /refreshpolicy command used in Windows 2000 to refresh Group Policy settings.) After you refresh the policy, use the Group Policy Result (Gpresult.exe) tool to verify that the updated settings are in effect. For more information about using Gpupdate, see Windows XP Professional Help and Support Center.

Disabling Startup Programs for Computers on a Network

If your computer is on a network, additional steps might be required to disable startup programs that are started by Group Policy settings, roaming user profiles, logon scripts, or scheduled system management tasks. Ask your network administrator for network test accounts that exclude items such as logon scripts that you know are not causing problems on other computers.

To check Group Policy settings, use the Resultant Set of Policy (RSoP) MMC snap-in (Rsop.msc) or the Group Policy Result (Gpresult.exe) tool to view the policies currently in effect for your user and computer accounts. The information provided by these tools can assist you with troubleshooting or help you determine the policy settings that might affect your results.

You can also prevent Group Policy, logon scripts, roaming user profiles, scheduled tasks, and network-related issues from affecting your troubleshooting by temporarily disabling the network adapter and then logging on by using a local computer account.

To disable a network adapter
  1. Do one of the following:

    • In Control Panel, open Network Connections.

    • In the Run dialog box, type ncpa.cpl, and then click OK.

  2. Right-click the Local Area Connection icon, and then click Disable.

If you use roaming user profiles and do not want to disable the network adapter, temporarily switch to locally cached user profiles. Making this change preserves local diagnostic changes in case you need to log off and log on, or restart the computer. This change also prevents the roaming user profile from overwriting your diagnostic changes each time you log on to the computer.

To switch from roaming user profiles to locally cached user profiles
  1. In Control Panel, open System, and then click the Advanced tab.

  2. Under User Profiles, click Settings, and then click the name of your user profile.

  3. Click Change Type, and then click Local profile.

For more information about roaming user profiles, see Windows XP Professional Help and Support Center and Chapter 5, “Managing Desktops.”

Manually Disabling Startup Programs

Use the Registry Editor Regedit.exe to disable the registry entries for startup programs. For a list of registry subkeys that contain entries for service and startup programs, see “Logon Phase” earlier in this chapter. Some changes will not take effect until you restart the computer.

To prevent startup programs from running, use Windows Explorer or Recovery Console to temporarily move shortcuts in the following folders to another location on the hard disk:

  • systemdrive\Documents and Settings\username\Start Menu\Programs\Startup

  • systemdrive\Documents and Settings\All Users\Start Menu\Programs\Startup

  • windir\Profiles\username\Start Menu\Programs\Startup

  • windir\Profiles\All Users\Start Menu\Programs\Startup

    The windir folders exist only on computers that are upgraded from Windows NT 4.0.

For the startup program changes to take effect, you must log off or restart the computer and log on again.

For more information about disabling startup programs, see article 270035, “How to Modify the List of Programs that Run at When You Startup Windows,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Ending processes and applications that are not responding

A startup program or a process that stops responding can cause delays or prevent you from logging on to Windows XP Professional. A process is an instance of an application, including the set of system resources that run an application. Use Task Manager to view and selectively end applications and processes, allowing the startup process to continue.

When you are in normal or safe mode, you can also use Task Manager to gather system information, such as CPU and memory statistics.

To start Task Manager
  • Press Ctrl+Alt+Del, and then click Task Manager, as shown in Figure 29-2.

The Applications and Processes tabs provide a list of active applications and processes, some of which run in the background and might not show activity. You can use the End Process button to end most of the items listed. Save all data before ending any process because this action can cause the system to stop responding.

Figure 29-2 Task Manager

Figure 29-2 Task Manager

You can also customize Task Manager to display more information on the Processes tab.

To display more information on the Processes tab
  1. Open Task Manager, and then click the Processes tab.

  2. On the View menu, click Select Columns.

  3. Select or clear the check box for each item you want to change.

To obtain more information about Task Manager, open Task Manager, and on the Help menu, click Task Manager Help Topics.

Also, processes can be stopped using command-line tools:

  • Task List (Tasklist.exe)

  • Task Kill (Taskkill.exe)

Task List displays information similar to that displayed by the Task Manager Processes tab. For each process, Task List displays useful information, such as the name of the process, the process identification number (PID), and the amount of memory used.

To end a process, run Task Kill by using the process ID or any part of the process name, such as the title of the application window, as a command-line parameter. For more information about Task List and Task Kill, see Windows XP Professional Help and Support Center.

Preserving the core system processes

When you are deciding which processes to temporarily disable, avoid ending the processes that are listed in Table 29-9. This table lists the core processes that are common to all systems running Windows XP Professional. Knowing the core processes is useful because the source of an application or service-related problem is most likely a noncore process.

Table 29-9 Core System Processes

Core Process

Process Description

Csrss.exe*

An essential subsystem that is active at all times. Csrss.exe is the user-mode portion of the Windows subsystem, and it maintains console windows and creates or deletes threads. Csrss stands for client/server run-time subsystem.

Explorer.exe

An interactive graphical user interface shell. It provides the familiar Windows taskbar and desktop environment.

Internat.exe

When enabled, a process that displays the EN (English) and other language icons in the system notification area, allowing the user to switch between locales.

Lsass.exe*

The local security authentication (LSA) subsystem server component generates the process that authenticates users for the Winlogon service. The LSA also responds to authentication information received from the Graphical Identification and Authentication (GINA) Msgina.dll component. If authentication is successful, Lsass.exe generates the user’s access token, which starts the initial shell. Other processes that the user initiates inherit this token.

Mstask.exe*

The task scheduler service. It runs tasks at a time determined by the user.

Smss.exe*

The Session Manager subsystem, which starts the user session. This process is initiated by the system thread and is responsible for various activities, including starting the Winlogon.exe and Csrss.exe services and setting system variables.

Spoolsv.exe*

The spooler service. It manages spooled print and fax jobs.

Svchost.exe*

A generic process that acts as a host for other processes running from dynamic-link libraries (DLLs). Multiple entries for this process might be present in the Task Manager list. For more information about Svchost.exe, see article Q250320, “Description Of Svchost.exe,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Services.exe*

The Service Control Manager can start, stop, and pause system services.

System*

The system process, which is the process in which most kernel-mode threads run.

System Idle*

A separate instance of this process runs for each processor present, and has the single purpose of accounting for unused processor time.

Taskmgr.exe

The process that runs Task Manager.

Winlogon.exe*

The process that manages user logon and logoff. Winlogon runs when a user presses CTRL+ALT+DEL to open the logon dialog box.

Winmgmt.exe*

A core component of client management. This process starts when the first client application connects, or when management applications request its services.

* You cannot use Task Manager to end this process.

For more information about threads, processes, and services, see Windows XP Professional Help and Support Center.

Temporarily Disabling Services

Many services automatically run at startup, but others are started only by users or by another process. The operating system, drivers, and applications that are loaded on a computer determine the services that run. For example, two Windows XP Professional systems with identical hardware installed can be running different services if they have a different set of applications installed.

When you troubleshoot startup issues related to system services, a useful technique is to simplify your computer configuration to reduce system complexity and isolate operating system services. To decrease the number of variables, temporarily close all applications or services and start them one at a time until you reproduce the problem. Always close applications first, before attempting to disable system services.

This section helps you do the following:

  • Use service tools to diagnose and resolve startup issues.

  • Determine service dependencies.

  • Determine the services and processes to temporarily disable.

Using Service Tools to Diagnose and Resolve Startup Issues

Windows XP Professional provides tools that can help you troubleshoot services:

  • System Configuration Utility

  • Services snap-in (Services.msc)

  • SC (Sc.exe)

Disabling Services with the System Configuration Utility

The System Configuration Utility allows you to disable system services individually or several at a time. You can also disable certain services that do not use the registry to store configuration information, but that instead use the System.ini file. For example, on x86-based computers, you can use this tool to disable 16-bit services.

To disable a service by using the System Configuration Utility
  1. In the Run dialog box, type msconfig and then click OK.

  2. Do one of the following:

    • To disable services, on the General tab, click Selective Startup, and then click to clear the Process SYSTEM.INI File and Load System Services check boxes.

    • To disable specific services, on the Services or SYSTEM.INI tab, click to clear the check boxes that correspond to the items you want to disable. You can also click Disable All on the Services and SYSTEM.INI tabs to disable all items on each tab.

If you change a startup setting by using the System Configuration Utility, Windows XP Professional prompts you to return to normal operations the next time you log on. A prompt and the System Configuration Utility appear each time you log on until you restore the original startup settings by clicking Normal Startup under Startup Selection on the General tab. To permanently change a startup setting, use Control Panel, change a Group Policy setting, or uninstall the application that added the service.

For more information about the System Configuration Utility, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting.”

Disabling Services by Using the Services Snap-in

When diagnosing startup problems, use the Services snap-in (Services.msc) in safe and normal modes to view service information or to temporarily disable a service that is causing problems (for example, a driver mentioned in a Stop message). You must have administrator permissions to disable or change the service startup type. Certain startup changes are not in effect until you restart the computer.

To disable a service by using the Services snap-in
  1. In the Run dialog box, type services.msc, and then click OK.

    As Figure 29-3 shows, the Services snap-in displays the name, description, status, and startup type for each service.

  2. Double-click a service name and then click the General tab. Record the setting for Startup type so that you can later restore the original value if you find that the change was not helpful.

  3. Change the Startup type to Disabled.

After disabling the service, try to start your computer in normal mode. If your system starts normally, research technical information sources to find a permanent solution.

Startup type settings remain in effect even after you restart the system. You must use the Services snap-in to restore the original Startup type setting. On the General tab of the Services snap-in, you can specify the following startup types for services:

  • Automatic.

    The operating system automatically starts the service.

  • Manual.

    A user or another service starts the service.

  • Disabled.

    The service does not start.

    Figure 29-3 Services snap-in

    Figure 29-3 Services snap-in
Managing Services by Using Sc.exe

As an alternative to using the Services snap-in, use Sc.exe, a command-line tool that communicates with the Service Control Manager and displays information about services running on your computer. Sc.exe gathers the same type of information obtainable from the Services snap-in and performs many functions including:

  • Display service information, such as start type and whether you can pause or end a service.

  • Change the Startup type of a service.

  • Start, pause, or resume a service.

  • Disable a service by using the sc config command.

For troubleshooting startup, the sc query and sc config commands are the most helpful. The report that follows is an example of the information shown when you type sc query at the command prompt:

SERVICE_NAME: winmgmt 
DISPLAY_NAME: Windows Management Instrumentation 
        TYPE               : 20  WIN32_SHARE_PROCESS 
        STATE              : 4  RUNNING 
                            (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0) 
        SERVICE_EXIT_CODE  : 0  (0x0) 
        CHECKPOINT         : 0x0 
        WAIT_HINT          : 0x0

For more information about Sc.exe, see Windows XP Professional Help and Support Center.

Determining Service Dependencies

Some services and drivers that rely on other components are initialized before starting. If a service or driver does not start, the cause might be a dependency requirement that is not met. Obtain a list of dependencies by using any of the following methods:

  • Navigate to the registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename, and examine the information contained in the DependOnGroup and DependOnService entries.

  • Start the Services tool, double-click the service you want information about, and then click the Dependencies tab.

  • Use the Dependency Walker (Depends.exe) Support Tool. For more information about Dependency Walker, see Appendix C, “Tools for Troubleshooting.”

You can also check the Event Viewer System log to obtain information about services that do not start because of dependency issues.

For more information about the Services snap-in, see Windows XP Professional Help and Support Center. For more information about adding or changing service dependencies for troubleshooting purposes, see article 193888, “How to Delay Loading of Specific Services,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Determining Which Services and Processes to Temporarily Disable

When you are troubleshooting, the method for determining which services and processes to temporarily disable varies from one computer to the next. The most reliable way to determine what you can disable is to gather more information about the services and processes enabled on your computer.

These Windows XP Professional tools and features generate a variety of logs that can provide you with valuable troubleshooting information:

  • Error Reporting service

  • Dr. Watson

  • Boot logging

  • System Information

  • Event Viewer

Error reporting service

Windows XP Professional provides a Windows error reporting service that monitors your system for problems that affect services and applications. When a problem occurs, you can send a problem report to Microsoft and receive an automated response with more information, such as news about an update for an application, service, or device driver.

For more information about the Error Reporting service, see Windows XP Professional Help and Support Center, and also see Appendix C, “Tools for Troubleshooting.”

Dr. Watson

If an application error (also known as a program exception) occurs, the Dr. Watson application debugging tool (DrWtsn32.exe) records information about the problem to a log, DrWtsn32.log, located in the systemdrive\Documents and Settings\All Users\Application Data
\Microsoft\DrWatson folder. This log contains the following information:

  • The file name of the program that caused the error

  • Information about the computer and user under which the error occurred

  • A list of the programs and services that were active when the error occurred

  • A list of components, such as dynamic-link libraries (DLLs), that were in memory when the error occurred

  • Additional information that might be useful if you need to contact technical support about an application that is causing errors

The task and component lists are useful for duplicating the conditions under which an application error occurred. Using the lists as a reference, add or remove programs and services until you reproduce the problem. For more information about the Dr. Watson tool, including an overview of the log file and an explanation of the debugging files, see “Setting up Dr. Watson” and “Using the Dr. Watson log file” in Windows XP Professional Help and Support Center.

Boot logging

Boot logging lists the files that were successfully and unsuccessfully processed during startup. Boot logging enables you to log the Windows XP Professional components that are processed when you start your computer in safe mode and also in normal mode. Compare the differences between the two logs to determine which components are not required to start.

Enable boot logging using either of these methods:

  • Edit the Boot.ini file as described in “Reviewing and Correcting Boot.ini Settings” later in this chapter. Add the /bootlog parameter, save the revised Boot.ini, and restart the computer. For more information about the /bootlog parameter, see Table 29-14 later in this chapter.

  • Restart the computer and press F8 when prompted. On the Windows Advanced Options menu, select Enable Boot Logging.

Windows XP Professional records in a log, windir\Ntbtlog.txt, the name and path of each file that runs during startup. The log marks each file as successful (Loaded driver) or unsuccessful (Did not load driver). Boot logging appends entries to Ntbtlog.txt when you start your system in safe mode. Comparing normal mode and safe mode entries enables you to determine which services run in normal mode only. The following lines are sample Ntbtlog.txt entries:

Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys 
Did not load driver \SystemRoot\System32\DRIVERS\flpydisk.SYS

If you cannot start your computer in normal mode, start it in safe mode. For the services that run only in normal mode, disable those services one at a time, trying to restart your computer in normal mode after you disable each service. Continue to individually disable services until your computer starts in normal mode.

For more information about boot logging, see Windows XP Professional Help and Support Center.

System information

If a startup problem occurs inconsistently and if you can start Windows XP Professional in safe or normal mode, use System Information to view driver and service name, status, and startup information.

System Information enables you to create lists of drivers that were processed during safe and normal mode startup. Compare the differences between the two lists to determine which components are not required to start Windows XP Professional. Use the list of differences to help determine which services to disable. In safe mode, disable a service and then try to restart the operating system in normal mode. Repeat this process for each service until you are able to start in normal mode.

To view service or driver information
  1. In the Run dialog box, type msinfo32, and then click OK.

  2. Do any of the following:

    • To view service information, click Software Environment and then click Services.

    • To view the state of a driver, click Software Environment and then click System Drivers. Information for each driver is in the State column.

    • To view driver information arranged by category, click Components and then double-click a category, such as Storage.

A related tool, Systeminfo.exe, enables you to view system information, such as processor type, firmware version, and network information, from the command prompt. For more information about System Information and Systeminfo.exe, see Windows XP Professional Help and Support Center.

Event Viewer (Eventvwr.msc)

Use Event Viewer (Eventvwr.msc) to view logs that can help identify system problems. When troubleshooting, use these logs to isolate problems by application, driver, or service, and to identify frequently occurring issues. You can save these logs to a file and specify filtering criteria.

Event Viewer provides three logs for computers running Windows XP Professional:

  • Application logs.

    The application log contains events logged by applications or programs. For example, a database program might record read or write errors here.

  • Security logs.

    The security log holds security event records, such as logon attempts and actions related to creating, opening, or deleting files. An administrator can specify what events to record in the security log.

  • System logs.

    The system log contains information about system components. Use Event Viewer logs to determine which drivers or services did not load.

To use Event Viewer to obtain driver and service error information from the System log
  1. In the Run dialog box, type eventvwr.msc, and then click OK.

  2. Click System, and on the View menu, click Filter to open the System Properties dialog box.

  3. Under Event types, click to clear the Information and Warning check boxes.

  4. In the Event source list, click Service Control Manager, and then click OK.

  5. Double-click an event entry to view details.

A related command-line tool, Event Query (Eventquery.vbs), searches the event logs using criteria you specify. Event Query allows you to view the Event logs for entries related to specified event properties, including date and time, event ID, and user name.

For more information about using Event Viewer, click the Action menu in Event Viewer and then click Help. For more information about Event Query, click Tools in Help and Support Center.

Uninstalling Software

Simplify your system configuration by uninstalling software, which reduces the number of variables to track and helps you to identify problems more quickly.

If you suspect that an application is causing conflicts, uninstalling software can verify your suspicions. Use Add or Remove Programs in Control Panel to uninstall the software. You can later reinstall applications after locating Windows XP Professional updates or other solutions.

For more information about adding or removing programs, see “Add or Remove Programs overview” in Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting,” in this book.

Using Recovery Console

If you cannot start your computer in safe mode or by using the Last Known Good Configuration startup option, you can use Recovery Console. With the appropriate permissions, use this command-line interface to start recovery tools, start and stop services, access files on hard disks, and perform advanced tasks, such as manually replacing corrupted system files. You can run Recovery Console from the Windows XP Professional operating system CD, or install it as a startup option.

Infrequently, startup files and critical areas on the hard disk become corrupted. If the corruption is extensive, it might prevent you from starting Windows XP Professional in normal or safe modes, or from using the installed Recovery Console or using the Last Known Good Configuration startup option. In these situations, run Recovery Console from the Windows XP Professional operating system CD.

To start Recovery Console from the Windows XP Professional operating system CD
  1. Insert the Windows XP Professional operating system CD into the CD-ROM drive, and restart the computer. When prompted, press a key to start Setup.

  2. At the Setup Notification screen, press ENTER.

  3. After the Welcome to Setup screen appears, select To repair a Windows XP installation using Recovery Console by pressing R.

    A menu that lists one or more Windows XP Professional installations appears.

  4. Type the number corresponding to the installation that you want to use, and then press ENTER.

  5. At the prompt, enter the password for the local Administrator account to access the contents of the local hard disk. Recovery Console accepts only the local Administrator account password.

From Recovery Console, you can attempt to replace corrupted files with undamaged copies stored on removable disks, such as a floppy disk or the Windows XP Professional operating system CD.

To use the CD-based Recovery Console, you must set the CD-ROM as the primary boot device (the first item listed in the boot order). If the CD-ROM is not listed as a boot-order option in the computer firmware, you cannot start your system by using the Windows XP Professional operating system CD. You must use startup floppy disks to start Windows XP Professional Setup. For more information about startup floppy disks, see the Getting Started Guide, which comes with Microsoft Windows XP Professional.

Note When you start your system by using the bootable Windows XP Professional operating system CD, Setup checks the hard disk for Windows XP Professional or another Windows operating system, such as Windows 2000 or Windows Me. If another operating system is found, you have the option of bypassing CD-ROM startup by not responding to the Press any key to boot from CD prompt that appears. If you do not press a key within three seconds, Setup does not run and the computer passes control from the CD-ROM to the hard disk.

To install Recovery Console as a startup option
  1. With Windows XP Professional running, insert the Windows XP Professional operating system CD into your CD-ROM drive.

  2. Click No when prompted to upgrade to Windows XP Professional.

  3. In the Run dialog box, type cmd and then click OK.

  4. At the command prompt, type:

    drive:\i386\Winnt32.exe /cmdcons

    In the preceding command, drive represents the letter of the CD-ROM or network drive that holds the Windows XP Professional installation files.

  5. Restart your computer. Recovery Console appears as an item on the operating system menu when you start your machine.

Using Recovery Console to Disable Services

If you are unable to start Windows XP Professional in normal or safe mode, the cause might be an incorrectly configured driver or service that has caused a Stop message. Stop messages might provide information about the service or driver name, such as a file name. By using Recovery Console, you might be able to disable the problem component and allow the Windows XP Professional startup process to continue in normal or safe mode.

To enable or disable services by using Recovery Console
  1. At the Recovery Console prompt, type listsvc.

    The computer displays the service or driver name, startup type, and possibly a friendly driver or service name. Record the name of the driver or service that you want to enable or disable.

  2. To disable a driver, type:

    disable drivername

  3. To enable a driver, type:

    enable drivername start_type

    Possible values for start_type are:

    • SERVICE_BOOT_START

    • SERVICE_SYSTEM_START

    • SERVICE_AUTO_START

    • SERVICE_DEMAND_START

For more information about Stop messages, see “Common Stop Messages for Troubleshooting” on the companion CD.

Using Recovery Console to Restore the Registry Keys HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE

If the previously discussed recovery methods do not enable you to start Windows XP Professional, try replacing the System and Software files, (in the systemroot\System32\Config folder) with a backup copy from the systemroot\Repair folder. The System and Software files are used by Windows XP Professional to create the registry keys HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE. A corrupted copy of the System or Software file could prevent you from starting Windows XP Professional.

Try other recovery methods before using the manual procedure that follows. The manual procedure enables you to start the operating system, allowing you to perform further repairs by using Windows XP Professional tools.

When using the following procedure, do not replace both the System and Software files as part of a single attempt to start the computer. First replace one file, and then test whether this action resolves the startup problem. If the problem persists, copy the other file. Which file you decide to replace first (the System or Software file), depends on the information that the Stop error displays (hardware or software related).

Using Recovery Console to replace the System file
  1. At the Recovery Console prompt, locate the config folder by typing:

    cd system32\config

  2. Create backups of the System or Software files by typing:

    copy system <drive:\path\filename>

    – or –

    copy software <drive:\path\filename>

    If they exist, save backups of other files that use file names that start with “system” or “software,” such as System.sav or Software.sav.

  3. Replace the current System or Software file by typing:

    copy ..\..\repair\system

    – or –

    copy ..\..\repair\software

  4. Answer the Overwrite system? (Yes/No/All): prompt by pressing Y.

  5. Restart the computer.

If you are still unable to start your computer, consider performing a parallel operating system installation or an ASR restore operation. For more information about these two recovery options, see “Performing a Parallel Windows XP Professional Installation” and “Saving System Files and Settings by Using Automated System Recovery” later in this chapter. For more information about Stop messages, see “Common Stop Messages for Troubleshooting” on the companion CD.

Consider these points when you replace the System or Software file with a backup copy from the systemroot\Repair folder:

  • The System and Software files in the repair folder might not be current. If the files are not current, you might need to update drivers, reinstall applications and service packs, and perform other configuration to bring your computer up to date.

  • The Emergency Repair Disk (ERD) that was available in Windows NT 4.0 and Windows 2000 does not exist in Windows XP Professional. The option to create an ERD for updating the systemroot\Repair directory is not available.

To update the systemroot\Repair directory, use the option to save system state in Backup (Ntbackup.exe). Whenever you perform a backup operation with the System State option enabled, Backup updates the repair folder.

For more information about Backup and saving system state, see Chapter 14, “Backing Up and Restoring Data.” Also see Appendix C, “Tools for Troubleshooting.”

For more information about Recovery Console, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting,” in this book. For additional information on using the Recovery Console in Windows XP, see article 307654, “How to install and use the Recovery Console in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Recovery Console Alternatives

For x86-based systems, you have another option in addition to Recovery Console for accessing FAT16 and FAT32 partitions. If the FAT16 and FAT32 partitions were formatted by using an MS-DOS startup floppy disk (FAT16), or an emergency boot disk created in Microsoft Windows 95 OSR2, Windows 98, or Windows Me, you can start your computer by using these startup floppy disks. Using the floppy disk method starts the system in a command-line environment that enables read and write access to the disk without using Recovery Console. You can preconfigure startup disks to include commonly used tools and additional drivers that provide CD-ROM or network access.

For information about creating and using a FAT16 or FAT32 emergency boot disk, see Windows 95 OSR2, Windows 98, or Windows Me Help. You cannot use an MS-DOS boot disk or an emergency boot disk to view the contents of NTFS volumes.

Reviewing and Correcting Boot.ini Settings

The Boot.ini file, which is created during setup in the system root partition, contains information that Ntldr uses to display the startup menu. The Boot.ini file includes the path to the boot partition, descriptive text to display, and optional parameters. The Boot.ini file supports multiple installations of Windows XP Professional on the same computer and also supports multiple-boot configurations with other Microsoft operating systems installed in separate partitions. The following is an example of a Boot.ini file:

Note: Some of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.

[boot loader] 
timeout=30 
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS 
[operating systems] 
multi(0)disk(0)rdisk(0)partition(1)\Windows=
"Microsoft Windows XP Professional" / fastdetect

Each Boot.ini file contains two sections:

[boot loader]

Contains settings that apply to all the Windows XP Professional installations on a computer.

[operating systems]

Contains settings that apply to a specific Windows XP Professional installation on the computer.

The default= line in the [boot loader]section points to the default operating system.

For multiple-boot systems that have Windows XP Professional and another Microsoft operating system, such as Windows 2000 Professional, additional entries might appear in the [operating systems]section as shown:

Note: Some of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.

[boot loader] 
timeout=30 
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS 
[operating systems] 
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=
"Microsoft Windows XP Professional" / fastdetect 
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=
"Microsoft Windows 2000 Professional" / fastdetect

When more than one operating system is installed on a computer, a startup menu appears that is similar to the one shown in Figure 29-4.

Figure 29-4 Example of a startup menu for multiple-boot systems

Figure 29-4 Example of a startup menu for multiple-boot systems

Note If only one operating system is installed, Ntldr does not display a startup menu. Instead, the system starts immediately.

The Boot.ini file uses the Advanced RISC Computing (ARC) naming convention to define the path to a Windows XP Professional installation. If the contents of the Boot.ini are incorrectly changed or the file becomes corrupt, you might not be able to start Windows XP Professional. To detect and correct Boot.ini problems, you need to understand ARC paths.

ARC paths use the following formats:

multi(W)disk(X)rdisk(Y)partition(Z)\systemroot="Description" 
scsi(W)disk(X)rdisk(Y)partition(Z)\systemroot="Description" 
signature(V)disk(X)rdisk(Y)partition(Z)\systemroot="Description"

Windows XP Professional can use any of the preceding formats to locate the systemroot directory.

Multi() Syntax

The multi() syntax instructs Windows XP Professional to rely on system BIOS calls to load system files. To achieve this, Ntldr uses interrupt 13 (also called INT-13) firmware instructions to locate Ntoskrnl.exe and other systemroot files needed to start Windows XP Professional. The multi() Boot.ini syntax is used for all controllers that provide INT-13 support for ATA and SCSI disks. Table 29-10 describes the multi() parameters, which follow this syntax:

multi(W)disk(X)rdisk(Y)partition(Z)

Table 29-10 describes the multi() parameters.

Table 29-10 Multi() Parameters

Parameter

Multi() Parameter Descriptions

W

Specifies the drive controller number (also known as the ordinal number), typically 0. The first valid number is 0.

X

This value is always 0 when the multi() syntax is used.

Y

Specifies a physical hard disk attached to drive controller W. For ATA controllers, this number is typically between 0 and 3. For SCSI controllers, this number is typically between 0 and 7, or 0 and 15, depending on the adapter type. The first valid number is 0.

Z

Specifies the partition number on the physical disk specified by parameter Y, attached to the controller specified by parameter W. All partitions in use are assigned a number. The first valid number is 1.

SCSI() Syntax

The scsi() syntax informs Windows XP Professional that the startup SCSI controller does not support INT-13 calls and that a device driver, Ntbootdd.sys, is needed to access files on the boot partition.

The scsi() parameters follow this format:

scsi(W)disk(X)rdisk(Y)partition(Z)

Table 29-11 describes the SCSI() parameters.

Table 29-11 SCSI() Parameters

Parameter

SCSI() Parameter Descriptions

W

Specifies the drive controller number (also known as the ordinal number), typically 0. The first valid number is 0.

X

Specifies a physical hard disk attached to drive controller W. For SCSI controllers, this number is typically between 0 and 7, or 0 and 15, depending on the adapter type. The first valid number is 0.

Y

Specifies the SCSI logical unit number (LUN) of the disk that contains the boot partition. This value is typically 0 when the scsi() syntax is used.

Z

Specifies the partition number on the physical disk specified by parameter Y, attached to the controller specified by parameter W. All partitions in use are assigned a number. The first valid number is 1.

Signature() Syntax

The signature() syntax shares similarities with the scsi() syntax and was implemented to support Plug and Play scenarios where you install additional drive controllers to your system. Windows XP Professional Setup determines whether to use the signature() syntax during installation. The signature() syntax is valid for systems equipped with either ATA or SCSI hard disks. The signature() parameters follow this syntax:

signature(V)disk(X)rdisk(Y)partition(Z)

The signature() syntax instructs Ntldr to locate the disk with the signature that matches the first value in parentheses, regardless of the controller number associated with the disk. A disk signature is a globally unique identifier (GUID) that is extracted from information in the MBR and written to the disk during the text-mode portion of Windows XP Professional Setup or during previous Windows 2000 and Windows XP Professional installations. This 128-bit hexadecimal number uniquely identifies the disk.

If you see the signature() syntax used in the Boot.ini file, it means that Ntbootdd.sys is required to access the boot partition and one or both of the following conditions exist:

  • You installed Windows XP Professional to a hard disk partition larger than 7.8 gigabytes (GB) in size, the ending cylinder number is higher than 1024 for that partition, and the system firmware or startup controller BIOS cannot gain access by using extended INT-13 calls.

  • The hard disk controller BIOS does not support extended INT-13 calls, or you have set this option to disabled by using the adapter’s built-in setup utility. When Windows XP Professional is unable to use INT-13 BIOS calls during the startup process, the file Ntbootdd.sys is required to access the boot partition.

Whenever possible, configure your storage controller to use INT-13 BIOS calls. Consult the documentation for the storage adapter to determine the correct hardware settings.

Table 29-12 describes the signature() parameters.

Table 29-12 Signature() Parameters

Parameter

Signature() Parameter Descriptions

V

A 32-bit hexadecimal number extracted from the MBR that identifies the disk.

X

Specifies a physical hard disk with signature V, attached to any drive controller that uses Ntbootdd.sys. For SCSI controllers, this number is typically between 0 and 7, or 0 and 15, depending on the adapter type. The first valid number is 0.

Y

This value is always 0 when the signature() syntax is used.

Z

The partition number on the physical disk with a signature matching V. The first valid number is 1.

Note The signature() syntax might increase the time required to start Windows XP Professional, depending on the number of controllers and disks present.

NTBootdd.sys File

Ntbootdd.sys is a copy of a storage controller device driver that resides on the root of the startup partition. Ntbootdd.sys is used when the Boot.ini specifies the scsi() syntax or when the signature() syntax is used for disk controllers with disabled firmware.

The Ntbootdd.sys file can be used for ATA disks, depending upon the type of controller used. Follow the manufacturer’s instructions for hardware and driver installation when using add-in Peripheral Component Interconnect (PCI) ATA controllers with Windows XP Professional.

Boot.ini Parameters and Options

The Boot.ini file consists of two sections, [boot loader] and [operating systems]. Customize the startup process by editing these sections. Table 29-13 lists parameters for the [boot loader] section.

Table 29-13 Boot.ini [Boot Loader] Parameters

Parameter

Boot.ini [Boot Loader] Parameter Descriptions

Timeout= seconds

Specifies the number of seconds that the startup menu is displayed before the operating system specified in the default= line is loaded.

If you set this value to 0, Ntldr immediately starts the default operating system without displaying the bootstrap loader screen.

If you set this value to –1, Ntldr displays the menu indefinitely unless you make a choice.

default=

Specifies the ARC path to the default operating system.

Table 29-14 lists optional parameters that you can append to the ARC paths contained in the [operating systems]section of the Boot.ini file. For example, the following optional parameters limit memory usage to 64 MB:

Note: The following code snippet has been displayed in multiple lines only for better readability. These should be entered in a single line.

multi(0)disk(0)rdisk(0)partition(1)\Windows=
"Windows XP Professional" /fastdetect / MAXMEM=64

Table 29-14 Boot.ini [Operating System]Parameters

Parameter

Description

/3GB

Specifies for x86-based systems that the operating system allocate 3 GB of virtual address space to applications and 1 GB to kernel and executive components. An application must be designed to take advantage of the additional memory address space.

/basevideo

Directs the operating system to use standard VGA mode for the installed video driver (640 x 480 resolution with 16 available colors). If you install a new video driver, and it fails to work properly, use this parameter to start the operating system. You can then remove, update, or roll back the problem video driver.

/baudrate=

Specifies the baud rate used for kernel debugging. The default baud rate is 9600 kilobits per second (Kbps) for modems up to 115,200 Kbps for a null-modem cable. Including this parameter in the Boot.ini file implies the /debug parameter.

/bootlog

Enables boot logging to a file called systemroot\Ntbtlog.txt. For more information about boot logging, see Windows XP Professional Help and Support Center and Appendix C, “Tools for Troubleshooting,” in this book.

/burnmemory=number

Specifies an amount of memory, in megabytes, that Windows XP Professional cannot use. Use this parameter to confirm performance or other problems related to RAM depletion. For example, /burnmemory=128 would reduce the physical memory available to Windows XP Professional by 128 MB.

/channel

Together with the /debug and /debugport switches, used to configure Windows to send debug information over an Institute of Electrical and Electronics Engineers, Inc. (IEEE) 1394 port.

/crashdebug

Loads the kernel debugger when you start Windows XP Professional, but it remains inactive until a Stop message error occurs. This parameter is useful if you experience random kernel errors. For more information about Stop messages and debugging, see “Common Stop Messages for Troubleshooting” on the companion CD.

/debug

Loads the Windows kernel debugger when you start Windows XP Professional.

/debugport= {com1|com2|1394}

Specifies the communication port for kernel debugging, typically com1, com2, or 1394. Using this parameter in the Boot.ini file implies the /debug parameter.

/fastdetect ={com1|com2|com x,y,z...}

Turns off serial and bus mouse detection in Ntdetect.com. Use if you have a component other than a mouse attached to a serial port during the startup process. If you use /fastdetect without specifying a communication port, serial mouse detection is disabled on all communication ports.

/HAL=filename

Specifies the actual hardware abstraction layer (HAL) that is loaded at startup.

/kernel=filename

Specifies the actual kernel that is loaded at startup.

/maxmem=number

Specifies the maximum amount of RAM that Windows XP Professional can use. Use this parameter to confirm whether a memory chip is faulty. For example, if you have a 128-MB system that is equipped with two 64-MB RAM modules and you are experiencing memory-related Stop messages, specify /maxmem=64. If the computer starts Windows XP Professional and operates without problems, replace the first module to see whether this resolves the problem.

/noguiboot

Disables the bitmap that displays the progress bar for Windows XP Professional startup. (The progress bar appears just prior to the logon prompt.)

/nodebug

Disables kernel debugging.

/numproc=number

Allows you to force a multi-CPU system to use only the quantity of processors specified.

/PAE

Enables a computer that supports physical address extension (PAE) mode to start normally.

/pcilock

For x86-based systems, stops the operating system from dynamically assigning hardware input and output, and interrupt request resources to PCI devices. Allows the BIOS to configure the devices.

/safeboot:parameter

Forces a start in safe mode by using the specified parameters.

The available parameters are:

  • minimal

  • network

  • safeboot:minimal(alternateshell)

You can combine other Boot.ini parameters with the /safeboot: parameter. The following examples illustrate the parameters that are in effect when you select a safe mode option from the startup recovery menu.

  • Safe Mode with Networking /safeboot:minimal /sos /bootlog
    /noguiboot

  • Safe Mode with Networking /safeboot:network /sos /bootlog
    /noguiboot

  • Safe Mode with Command Prompt /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot

For more information about safe mode, see Appendix C, “Tools for Troubleshooting.”

/sos

Displays the name of each device driver as it loads. Use when startup fails (while loading drivers) to determine which driver is failing to load.

/userva

Customizes the amount of memory that is allocated to processes when you use the /3GB switch.

Tip For more information on boot.ini switches available in Windows XP and how to use them, see article 833721, “Available switch options for the Windows XP and the Windows Server 2003 Boot.ini files,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Editing and repairing the Boot.ini file

When you install Windows XP Professional, the hidden file attribute for Boot.ini is set by default. To edit the Boot.ini file, you can use the following tools:

  • Bootcfg.exe

  • System Configuration Utility (Msconfig.exe)

  • Control Panel

  • A text editor (such as Notepad.exe)

    Caution Always make a backup copy of the Boot.ini file before editing it.

Bootcfg.exe is a new command-line tool for Windows XP Professional.

To use Bootcfg.exe to view or edit the Boot.ini file
  1. To view the contents of the Boot.ini file, at the command prompt type bootcfg /query.

  2. To edit the Boot.ini file, use the bootcfg /Addsw or bootcfg /Rmsw command to change Boot.ini options. For a list of parameters, at the command prompt type bootcfg /?.

For more information about Bootcfg.exe, see Windows XP Professional Help and Support Center.

To use the System Configuration Utility to edit the Boot.ini file
  1. In the Run dialog box, type msconfig, and then click OK.

  2. Click the BOOT.INI tab.

    You can move individual Boot.ini lines up or down, or add Boot Options settings to each ARC path by selecting the check box associated with each parameter.

For more information about the System Configuration Utility, see Windows XP Professional Help and Support Center, and Appendix C, “Tools for Troubleshooting,” in this book.

To use Control Panel to edit the Boot.ini file
  1. In Control Panel, open System.

  2. Click the Advanced tab, and in the Startup and Recovery box, click Settings.

  3. In the System Startup area, click Edit or select from the options listed in Default operating system.

    Clicking Edit causes Notepad to read the contents of Boot.ini for editing. For multiple-boot systems, the option that you select in Default operating system updates the Boot.ini default= ARC path entry in [boot loader].

When you install Windows XP Professional, the hidden and read only file attributes for the systemdrive\Boot.ini file are set by default. Before using the following procedure, you need to clear these attributes by typing attrib %systemdrive%:\boot.ini -h -r at the command prompt.

To use Notepad or another text editor to edit the Boot.ini file
  1. In the Run dialog box, type cmd, and then click OK.

  2. Type notepad (or another text-editing program that you prefer to use) at the command prompt.

  3. On the File menu, click Open, and then specify systemdrive\Boot.ini. The environment variable systemdrive represents the drive letter assigned to the system partition.

    Tip For more information about Boot.ini and how to edit this file, see article 289022, “How to Edit the Boot.ini File in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Replacing a Damaged Boot.ini

If your system fails to start because of a damaged Boot.ini file, use the following methods to replace the file or to correct errors.

The bootcfg command is a new addition to the Windows XP Professional Recovery Console.

To use the Recovery Console bootcfg command to rebuild a Boot.ini file (Automatic Method)
  1. Start Recovery Console.

  2. At the Recovery Console prompt, type bootcfg /rebuild.

    Windows XP Professional scans the hard disks on your system and checks for Windows installations. You can then rebuild the Boot.ini file.

    Note The Recovery Console bootcfg command is not the same as the Windows XP Professional Bootcfg.exe command-line tool. Bootcfg.exe resides in the systemroot\System32 folder and is a standalone command-line tool that you cannot use in Recovery Console.

To use Recovery Console to create a new Boot.ini file (Manual Method)
  1. Start Recovery Console.

    For more information about installing and using Recovery Console, see “Using Recovery Console” earlier in this chapter and Appendix C, “Tools for Troubleshooting.”

  2. From the Recovery Console prompt, type:

    map

    A list appears containing hard disk and partition information for Windows XP Professional and other operating systems, such as Windows 2000 and Windows NT 4.0. Record and use this information to correct errors to an existing Boot.ini file, or to create a new Boot.ini file by using a text editor, such as Notepad, on another computer. (You must use another computer because Recovery Console does not provide text-editing tools.)

When you are trying to copy an existing Boot.ini file to a floppy disk to edit on another computer, be aware that floppy disk write access is disabled by default. For information about using Recovery Console to enable write access to floppy disks; see Appendix C, “Tools for Troubleshooting,” in this book; and article 235364, “Description of the SET Command in Recovery Console,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Performing a Parallel Windows XP Professional Installation

Infrequently, startup files and critical areas on the hard disk become corrupted. If you are mainly concerned with salvaging readable data files and using the Backup tool to copy them to backup media or a network location, you can perform a parallel Windows XP Professional installation.

To perform a parallel installation of Windows XP Professional
  1. Restart the computer by using the Windows XP Professional operating system CD. If prompted, press any key to start the system from the CD-ROM.

    If more than one usable disk partition exists, Setup displays a list from which you can select. Setup also allows you to create new partitions or delete existing ones. If installing to the same partition as the existing Windows XP Professional installation, Setup prompts you for a file name (for example, Windows.tmp).

  2. Accept default options and proceed through the installation process. When prompted with formatting options, select Leave the current file system intact (no changes) if you are performing a parallel installation of Windows XP Professional to a partition that contains data. Do not select the Format option because this deletes all data on the partition.

Complete the parallel installation, and start the second Windows XP Professional installation. You can now access files on other volumes and copy them to a safe location. For additional information on performing parallel installs of Windows XP, see the topic “Install Windows XP in a new folder” in article 316941, “How to install or upgrade to Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Tip If your computer supports Remote Installation Services (RIS), you can start a Windows XP Professional parallel installation by using the network. For more information about RIS, see “Applying Change and Configuration Management” and “Automating Client Installation and Upgrade” in the Deployment Planning Guide of the Microsoft Windows 2000 Server Resource Kit. For more information about deploying Windows XP installations from a Windows 2000 RIS Server, see Chapter 2, “Automating and Customizing Installations.”

Saving System Files and Settings by Using Automated System Recovery

The Backup tool adds a new feature called Automated System Recovery (ASR) that enables you to recover from situations where you cannot easily repair system partition damage. ASR works by writing operating system files onto backup media and writing hard disk configuration information to floppy disk.

If you have a recent ASR backup set to use, begin an ASR restore using the Windows XP Professional operating system CD to start your system. During the text-mode setup phase, wait for the Press F5 to run Automated System Recovery (ASR) prompt to appear. Respond to the prompt by pressing F5, and follow the instructions on the screen.

For more information about ASR or about using Backup to save system state information, see Windows XP Professional Help and Support Center. Also see Chapter 14, “Backing Up and Restoring Data.” and article 818903, “Automated System Recovery Overview in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Recovering from Hardware-Related Problems

Hardware-related problems typically appear early in the startup process and symptoms include warning messages, startup failures, and Stop messages. The causes are typically a result of improper device configuration, incorrect driver settings, or hardware malfunction and failure. You can also use the suggestions provided in this chapter for troubleshooting hardware issues that are not directly related to startup.

Checking Your Hardware

Always remember to check basic issues first before attempting to remove and replace parts:

Review your system documentation

Refer to your motherboard and device manuals before installing new peripherals for helpful information including safety precautions, firmware configuration, and expansion-slot or memory-slot locations. Some peripheral manufacturers recommend that you use a busmastering PCI slot and advise that installing their adapter in a secondary slot might cause it to function improperly. For more information about system resources, see Chapter 9, “Managing Devices.”

Confirm that the power cords for all devices are firmly plugged in and that the computer power supply meets hardware specifications

Computer power supplies are available in different sizes and are typically rated at 200, 250, 300, and 400 watts or larger. Some computers are equipped with even smaller power supplies (less than 100 watts), and installing too many devices into a system with an inadequate amount of power can cause reliability problems or even damage the power supply. See the manufacturer’s power specifications when installing new devices, and verify that your system can handle the increased electrical load.

Verify that you correctly installed and firmly seated all internal adapters

Typically, peripherals such as keyboards and video cards must be installed and functioning to complete the startup process without generating error messages. A faulty video card can cause the POST process to fail on some systems.

Verify that you correctly attached cables

Check that you have firmly seated all cable connectors. Search for damaged or worn cables, and replace them as required.

Verify that you correctly configured any jumpers or dual in-line package switches

Jumpers and dual in-line package (DIP) switches are used to close or open electric contacts on circuit boards. For hard disks, jumper settings are especially important because they can adversely affect the startup process if not correctly set. For example, configuring two master ATA disks that are installed on the same channel or assigning duplicate SCSI ID numbers to devices in the same SCSI chain might cause a Stop error or error messages about hard disk failure.

Verify that system firmware and peripheral firmware are up to date

You can sometimes trace instability and compatibility problems to outdated ACPI firmware. If your computer has firmware that is known to cause problems and an update is not yet available, technical support might advise you to disable ACPI and reinstall the operating system for stable operation. Although the option to disable ACPI is an option found on some x86-based firmware, it is recommended that you leave this setting at the default value (typically enabled).

To correctly disable or re-enable ACPI, you must first change firmware settings and then re-install Windows XP Professional to avoid a Stop 0x000000A5 or ACPI_BIOS_ERROR message, or a Stop 0x00000079 or MISMATCHED HAL message. Because of the numerous registry and system file changes required, you must rerun Setup. (An upgrade installation does not work.) For more information about checking firmware versions, see Chapter 27, “Understanding Troubleshooting.”

If Setup does not respond when you are installing the operating system, the cause might be the firmware for your CD-ROM drives. Try upgrading the CD-ROM firmware to the latest version.

Test your hardware by running diagnostic tools

If the problem occurs after the POST routine finishes but before Windows XP Professional fully loads, run any diagnostic software that the manufacturer of the hardware adapter provides. This software typically includes self-test programs that allow you to quickly verify proper operation of a device and might enable you to obtain additional information about the device, such as model number, hardware, and device firmware version.

Determine whether new hard disks were recently installed

Adding new hard disks to the system can cause startup problems. For example, in a two-disk system with Windows XP Professional installed on the first partition of the second hard disk, the Boot.ini file might be referencing a path to the operating system. The path might use a multi() format similar to the following:

multi(0)disk(0)rdisk(1)partition(1)

For the newly installed disk, you might need to update Boot.ini references so that they point to the correct location. For example, to restore the ability to start Windows XP Professional, you might need to change the multi path so that it is similar to the following:

multi(0)disk(0)rdisk(2)partition(1)

Adding new disks might also affect how logical drive letters are assigned to partitions. For more information about diagnosing and resolving issues related to changed logical drive letters, see Microsoft Knowledge Base articles 234048, “How Windows 2000 Assigns, Reserves, and Stores Drive Letters”; 249321, “Unable to Log on if the Boot Partition Drive Letter Has Changed”; and 225025, “Setup Changes Drive Letters After a Partition Is Deleted and Reinstalled.” To find these articles, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Configure ISA devices in Plug and Play mode

If ISA devices are present, always configure them in Plug and Play mode if possible. Plug and Play is the default mode for ISA devices that comply with Plug and Play. If necessary, switch from Plug and Play to manual mode using jumpers or software provided by the manufacturer. Use care when configuring ISA devices in manual mode because the operating system depends on the user to select the correct hardware and Device Manager resources. Manually selecting resources is more likely to cause an error because Windows XP Professional cannot resolve resource conflicts for you.

Manually assign interrupt request (IRQ) line numbers for each hardware device

Some x86-based motherboards force IRQ sharing across two or more expansion slots (or integrated devices) regardless of the adapters installed. In some cases, IRQ sharing can cause conflicts after you install new hardware. If you have a non-ACPI computer equipped with firmware that supports changing IRQ assignments, as a troubleshooting method, try manually changing the IRQ assigned to a problem device.

Because systems that use the ACPI HAL ignore IRQ assignments stored in firmware, you are able to manually change IRQ settings only for non-ACPI (Standard PC HAL) systems. Some x86-based systems enable you to toggle ACPI functionality. To disable or re-enable ACPI, you must first change firmware settings and then re-install Windows XP Professional to avoid a Stop 0xA5 message or a Stop 0x79 message. Because of the numerous registry and system file changes required, you must rerun Setup. (An upgrade installation does not work.)

For more information about system resources, see Chapter 9, “Managing Devices,” in this book. For more information about Stop messages, see “Common Stop Messages for Troubleshooting” on the companion CD.

Verify SCSI configuration

If your computer uses or starts from SCSI devices and if you suspect that these devices are causing startup problems, you need to check the items listed in Table 29-15.

Table 29-15 Checklist for Troubleshooting SCSI Devices

Checklist

Description for Each Item

All devices are correctly terminated.

Verify that each SCSI device is correctly terminated. There are specific rules for termination that you must follow to avoid problems with the computer not recognizing a SCSI device. Although these rules can vary slightly from one type of adapter to another, the basic principle is that you must terminate a SCSI chain at both ends.

All devices use unique SCSI ID numbers.

Verify that each device located on a particular SCSI chain has a unique identification number. Duplicate identification numbers can cause intermittent failures or even data corruption. For newer devices, use the SCSI Configured AutoMatically (SCAM) standard. The host adapter and all devices must support the SCAM standard. Otherwise, ID numbers must be set manually.

The BIOS on the startup SCSI controller is enabled.

Verify that the SCSI BIOS is enabled for the primary SCSI controller and that the BIOS on secondary controllers is disabled. SCSI firmware contains programming instructions that allow the computer to communicate with SCSI disks before Windows XP Professional starts. Disabling this feature for all host adapters causes a startup failure. For information about disabling or enabling the BIOS, refer to the documentation provided with your SCSI controller.

You are using the correct cables.

Verify that the connecting cables are the correct type and length, and are compliant with SCSI requirements. Different SCSI standards exist, each with specific cabling requirements. Consult the product documentation for more information.

The firmware settings for the host SCSI adapter match device capabilities.

Verify that host adapter BIOS settings for each SCSI device are set correctly. (The BIOS for the SCSI adapter is separate from the system motherboard firmware.) For each SCSI device, you can specify settings—such as Sync Negotiation, Maximum Transfer Rate, and Send Start Command—that can affect performance and compatibility. Certain SCSI devices might not function correctly if settings are set beyond the capabilities of the hardware. Consult the documentation for your SCSI adapter and device before changing default settings.

SCSI adapters are installed in a master PCI slot.

Verify that you installed the host adapter in the correct motherboard slot. The documentation for some PCI SCSI adapters recommends using busmaster PCI slots to avoid problems on x86-based systems. Refer to the manufacturer’s documentation for your motherboard or computer to locate these busmaster PCI slots. If your SCSI adapter is installed in a non-busmaster PCI slot, move it to a master slot to see whether the change improves operation and stability.

Note As a precaution, always shut down the computer before troubleshooting hardware. Never attempt to install or remove internal devices if you are unfamiliar with hardware. Check your system documentation for more information.

For more information about the SCSI standard, see the SCSI link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. For more information about SCSI termination, see articles 92765, “Terminating a SCSI Device,” and 154690, “How to Troubleshoot Event 9 and Event 11 Error Messages,” in the Microsoft Knowledge Base. To find these articles, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Simplifying Your Hardware Configuration

Hardware problems can occur when you have both new and older devices installed on your system. If you cannot resolve problems by using safe mode and other options, such as rolling back drivers, temporarily disable or remove ISA devices that do not support Plug and Play. If you can start Windows XP Professional with these older devices removed, this is an indication that they are causing resource conflicts and you need to manually reconfigure the resources assigned to them. For more information about rolling back drivers, see Windows XP Professional Help and Support Center, and Appendix C, “Tools for Troubleshooting.”

When you are diagnosing startup problems related to hardware, simplify your configuration. Avoid troubleshooting when you have several adapters and external peripherals installed. Starting with external and ISA devices, disable or remove hardware devices one at time until you are able to start your system. Reinstall devices by following the manufacturer’s instructions, verifying that each is functioning properly before checking the next device. For example, installing a PCI network adapter and a SCSI adapter at the same time can complicate troubleshooting because either adapter might cause a problem. Simplifying your system might enable Windows XP Professional to start. If so, reinstall hardware one piece at a time until you reproduce the problem.

ISA devices can cause problems because the PCI bus does not have a reliable method for determining ISA resource settings. Device conflicts might occur as a result of miscommunication between the two bus types. To avoid ISA and PCI conflicts, try temporarily removing ISA devices. After you install a new PCI device, use Device Manager to determine which system resources are available to ISA devices. Then reconfigure the ISA devices that do not support Plug and Play so that you eliminate any conflicts. If the problems continue after you reinstall ISA devices and you cannot resolve them with assistance from technical support, consider upgrading to newer hardware.

Simplifying your system configuration also helps when problems prevent you from installing Windows XP Professional. For more information about simplifying your hardware configuration to resolve setup problems, see article 224826, “Troubleshooting Text-Mode Setup Problems on ACPI Computers,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources. Also, see Chapter 27, “Understanding Troubleshooting.”

Checking the Operating System Configuration

Installing new hardware or updating drivers can create conflicts, causing devices to become inaccessible. To isolate and troubleshoot these problems, use System Information and Device Manager.

To use the System Information tool to view problem devices
  1. In the Run dialog box, type msinfo32 and then click OK.

  2. Click Components, and then click Problem Devices.

To use the System Information tool to view shared and conflicting resources
  1. In the Run dialog box, type msinfo32 and then click OK.

  2. Click Hardware Resources, and then click Conflicts/Sharing.

    Note The Windows NT 4.0 tool Windows Diagnostics (WInmsd.exe) is not available in Windows XP Professional. Use System Information to obtain similar information. To start System Information at the command prompt, type winmsd or msinfo32.

To use Device Manager (Devmgmt.msc) to view system resource usage information
  • In the Run dialog box, type devmgmt.msc and then click OK.

For more information about using Device Manager and resolving hardware conflicts, see Windows XP Professional Help and Support Center, and also see Chapter 9, “Managing Devices,” in this book.

Diagnosing Disk-Related Problems

Disk-related problems typically occur before Windows XP Professional starts or shortly afterwards. Table 29-16 provides a list of symptoms, possible causes, and sources of information.

Table 29-16 Diagnosing Disk-Related Startup Problems

Symptom, Message, or Problem

Possible Cause

Where to Find More Information

The POST routine displays messages similar to the following:

Hard disk error: “Hard disk absent/failed.”

The system self-test routines halt because of improperly installed devices.

See “Checking Your Hardware” earlier in this chapter.

The system displays MBR-related or boot sector–related messages similar to the following:

“Missing operating system. Insert a system diskette and restart the system.”

The MBR or partition boot sector is corrupt because of problems with hardware or viruses.

For more information about recovering from MBR or boot sector problems, see Chapter 28, “Troubleshooting Disks and File Systems.”

The system displays messages about the partition table similar to the following:

“Invalid partition table. A disk-read error occurred.”

The partition table is invalid because of incorrect configuration of newly added disks.

See Chapter 28, “Troubleshooting Disks and File Systems.”

You cannot access Windows XP Professional after installing another operating system.

The Windows XP Professional boot sector is overwritten by the other operating system’s setup program.

See Chapter 28, “Troubleshooting Disks and File Systems,” and Appendix C, “Tools for Troubleshooting.”

One of the following files is missing or damaged:

  • Boot.ini

  • Ntoskrnl.exe

  • Ntdetect.com

Required startup files are missing or damaged, or entries in the Boot.ini are pointing to the wrong partition.

See Chapter 28, “Troubleshooting Disks and File Systems,” and Appendix C, “Tools for Troubleshooting.”

The Windows loader displays messages similar to the following:

“Couldn’t find loader. Please insert another disk.”

Ntldr is missing or corrupted.

See Chapter 28, “Troubleshooting Disks and File Systems.”

CMOS disk configuration settings are not retained.

The CMOS memory is faulty, data is corrupted, or the battery that retains these settings needs replacing.

Follow the manufacturer’s instructions for replacing or recharging the system battery.

Infrequently, disk-related issues, such as corrupted files, file system problems, or insufficient free space might cause Stop messages to appear. For more information about maintaining disks and troubleshooting disk-related problems, see Chapter 12, “Organizing Disks,” and Chapter 28, “Troubleshooting Disks and File Systems.” Also, see “Common Stop Messages for Troubleshooting” on the companion CD.

Resolving Shutdown Problems

At first glance, shutdown and startup problems might appear to be unrelated, but they can stem from the same causes. Components that cause startup problems might also interfere with the shutdown process.

System shutdown is an orderly process and involves the following:

  • Winlogon sends specific messages to devices, system services, and applications, notifying them that you are shutting down the computer.

  • Winlogon waits for applications to close open files and allows them a certain amount of time to complete clean-up tasks, such as writing unsaved data to disk. Typically, every enabled device, system service, and application replies to the shutdown message request, indicating to Winlogon that shutdown can safely occur.

Shutdown problems can be caused by:

  • Device drivers or applications that do not respond to shutdown messages.

  • System services that do not respond to shutdown messages or that send busy replies to the system. Busy replies might be the result of a deadlock condition where two or more processes attempt to access the same resource. Because each process has a request for the other’s resource, neither process can finish.

  • Faulty or incompatible drivers, services, or applications.

  • Hardware changes that cause device conflicts.

  • Firmware incompatibility or incorrect changes to firmware settings.

To resolve problems that prevent shutdown, use Task Manager to close the unresponsive application or service.

To end an unresponsive application or service
  • Start Task Manager by pressing Ctrl+Shift+Esc.

  • Click the Applications tab.

    The Applications tab provides status information and displays each task as either Running or Not Responding.

  • Click the item labeled Not Responding, and then click End Task.

    Tip For additional information on troubleshooting shutdown problems in Windows XP, see article 308029, “Resources to help troubleshoot shutdown problems in Windows XP,” in the Microsoft Knowledge Base at http://support.microsoft.com.

Resolving Power Management Problems

Putting your computer on standby or in hibernation requires firmware that uses Advanced Power Management (APM), or preferably, firmware that is ACPI compliant. To avoid problems, review your system documentation or the manufacturer’s support Web page for information about determining whether your firmware is current. Using updated firmware is especially important when you use ACPI functionality.

To determine whether your system is using ACPI features
  1. In the Run dialog box, type devmgmt.msc, and then click OK.

  2. In the console tree, expand the Computer folder.

  3. If the computer description includes ACPI, as Figure 29-5 shows, Windows XP Professional is using ACPI functionality.

    Figure 29-5 Using Device Manager to determine ACPI functionality

    Figure 29-5 Using Device Manager to determine ACPI functionality

For information about using Device Manager, see Chapter 9, “Managing Devices.”

To determine whether your computer supports hibernate and standby features
  1. In the Run dialog box, type powercfg.cpl and then click OK.

  2. In the Power Options Properties dialog box, verify that a Hibernate tab exists. If so, select the Hibernate tab, check the Enable hibernation box, and click Apply.

  3. In the Power Options Properties dialog box, verify that an Advanced tab exists. If so, verify that Standby and Hibernate are selectable options in the Power buttons drop-down lists.

If the Standby and Hibernate options are not present, your computer does not support these features.

Symptoms of Power Management Problems and Causes

When a computer is entering or leaving hibernation or standby, the following might occur:

  • It displays an error message such as “Unable to enter Standby mode,” or the option to configure the standby or hibernation feature is not available in Control Panel.

  • It cannot leave standby or hibernation.

  • It runs differently after leaving hibernation or standby, and you notice audio, mouse control, or video distortion problems.

  • It displays Stop messages, such as 0x0000009F: DRIVER_POWER_STATE_ FAILURE, when the system is leaving or entering standby or hibernation.

Typical causes of these problems include:

  • Your hardware does not properly support standby and hibernation.

    Verify with your computer or peripheral manufacturer that your hardware supports standby or hibernation. Older hardware might not be ACPI-compliant or might predate recent revisions in the Advanced Power Management standard.

  • Your system firmware is out of date.

    Upgrading to the latest system firmware can resolve problems, especially for ACPI systems. For x86-based systems that are equipped with an APM-based (non-ACPI) BIOS, disabling APM might eliminate startup problems, such as instability or Stop errors, until you can obtain an update. For more information, see article 237673, “How to Troubleshoot STOP Error Messages After Enabling Advanced Power Management,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

  • Your peripheral firmware is out of date.

    Peripherals are typically packaged with diagnostic software that allows you to check the firmware version installed. Visit the manufacturer’s Web site to determine whether an upgrade is necessary. Firmware updates for various devices—including SCSI adapters, modems, CD and DVD-ROM drives, and video cards—might be available. If you find updates for several devices, install them one at a time to better observe the effect of each update.

  • You are using outdated driver files that do not support power management.

    Using out-of-date drivers might cause incompatibility problems, preventing the system from entering or resuming from standby and hibernation. Be sure to check for the latest Windows XP Professional updates to all your devices (especially audio and video). If you find updates for several devices, observe the rule of simplicity and install them one at a time to better observe the effect of each update.

  • You are using incompatible software that installs components that either interfere with or do not support power management.

    Are incompatible versions of software present on your system? For example, CD-ROM mastering software meant for other versions of Windows might appear to function properly in Windows XP Professional. However, the software might be the source of a message similar to the following:

    System Standby Failed. The device driver for the ’XXXX CD- RW’ 
    device is preventing the computer from entering standby. 
    Please close all applications and try again.

    The preceding message might be misleading because the problem might not be caused by the CD rewriter driver. You query the Microsoft Knowledge Base or review messages on the msnews.microsoft.com newsgroups and find recommendations to update your CD authoring software. Following this advice, you install a Windows XP–compatible update, which restores the ability to put the computer on standby and in hibernation.

Recovering from a Failed Standby

When a computer is on standby, the CPU enters a low-power state until an event, such as user or network activity, causes the computer to come out of standby. Using standby conserves power and is typically much faster than shutting down and restarting the computer.

If your computer cannot return to normal mode after being on standby, try the following:

  • Disconnect any devices that you attached after putting the computer on standby. Avoid plugging in devices while the computer is on standby. For best results, bring the computer out of standby first, and then attach peripherals, such as universal serial bus (USB) devices.

  • Avoid major changes to the computer’s state after putting the computer on standby. For example, if you place an undocked portable computer on standby, avoid restarting the computer while it is docked. Computers that are not ACPI-compliant might be more sensitive to this type of state change.

  • Reset your computer. If your computer does not restart when you press the reset switch, turn the computer off by pressing the power switch. Some computers require that you press down the power switch for at least four seconds. If your computer does not respond to the power switch, consult your owner’s manual to determine how to completely turn off the computer.

Improper shutdowns might cause unsaved data to be lost. Windows XP Professional can detect whether an improper shutdown occurred and might start Autochk to correct file system problems during the startup process. For more information about Autochk and Chkdsk, see Chapter 28, “Troubleshooting Disks and File Systems.”

Recovering from a Failed Hibernation

When you put a computer in hibernation, Windows XP Professional writes all memory content to the systemdrive\Hiberfil.sys file before shutting down the system. When you turn the computer back on, Ntldr uses firmware calls to locate the startup disk. If Ntldr finds a Hiberfil.sys file on the systemdrive root, the information is read back into memory and the computer resumes exactly where it left off without going through a full startup sequence. If the Windows loader cannot locate the Hiberfil.sys file, it processes the Boot.ini file and proceeds with normal startup.

The Hiberfil.sys file can exist in one of the following forms:

  • A complete memory image several megabytes in size (equal to the amount of physical memory).

  • A text file named Hiberfil.sys that uses a slightly modified ARC format pointing to the boot partition of the last hibernated operating system. That boot partition contains the actual Hiberfil.sys file, which is a full memory image of the hibernating operating system.

In either case, Ntldr locates and reads the Hiberfil.sys memory image and continues without displaying the Boot.ini startup menu.

The modified ARC path specified in the Hiberfil.sys file conforms to one of the following formats:

  • linkmulti(W)disk(X)rdisk(Y)partition(Z)

  • linkscsi(W)disk(X)rdisk(Y)partition(Z)

  • linksignature(V)disk(X)rdisk(Y)partition(Z)

Ntldr checks the integrity of the Hiberfil.sys file and, if the file is damaged, displays a prompt similar to the following:

Delete restoration data and proceed to system boot menu

If you confirm the prompt by pressing ENTER, Windows XP Professional deletes the Hiberfil.sys file and proceeds with normal startup.

To minimize problems, avoid major changes to the computer’s state after putting the computer in hibernation. For example, if you hibernate an undocked portable computer, avoid starting the computer in a docked state. Computers that are not ACPI-compliant might be more sensitive to this type of state change.

For more information about using the standby and hibernate features, see Windows XP Professional Help and Support Center. For more information about power management, see Chapter 9, “Managing Devices,” and Chapter 7, “Supporting Mobile Users.” For more information about troubleshooting standby or hibernation issues, see article 266169, “Troubleshoot Problems with Standby Mode, Hibernate Mode, and Shutting Down Your Computer in Windows 2000,” in the Microsoft Knowledge Base. To find this article, see the Microsoft Knowledge Base link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.

Additional Resources

These resources contain additional information related to this chapter.

Related Information

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.