CIS 106a: Introduction to Operating System Concepts

Chapter 5: Troubleshooting Windows 2000/XP Startup



This chapter is about troubleshooting startup issues in Windows 2000 and Windows XP. Objectives important to this chapter are:

  1. What happens when Windows 2000 and Windows XP are started
  2. Tools to use when you have startup problems
  3. Troubleshooting computers that won't start

This chapter is loaded with trivia, so try to read it in several sessions. Before we begin, in case you have never heard it, booting a PC means to start it. To boot up is to turn the PC on and let it load software automatically.

The text begins by telling us startup problems fall into two types: the desktop won't load, or it loads with errors. Does that mean that there is no problem if it loads without error message? No, but that would be another class of problem.

Students should study the table in the text that presents eleven steps in the XP and Windows 2000 boot processes (Note: the colors below indicate which of four programs are in control of the boot process at each step):

  1. Startup BIOS runs the Power On Self Test (POST) - if there is an error here, expect a beep code to give you a clue.
  2. Startup BIOS looks for a boot drive, looks for a Master Boot Record (MBR) on it, and loads the master boot program, also called the MBR program in the text. (Control now passes to the master boot program.)
  3. The MBR program reads the partition table, finds the active partition (the one you boot from), and loads the OS boot sector, also called the OS boot record. - What it is really doing is loading the small program stored in that sector, that will start loading the OS. Control passes to this program.
  4. The text calls the program loaded in step 3 the boot sector program. It starts the Ntldr program which runs for several steps. Control passes to this program - Ntldr is pronounced "NT loader", which just indicates that XP and W2K are based on NT technology.
  5. Ntldr changes the processor to 32-bit mode, to load 32-bit components of the OS.
  6. Ntldr loads the minifile system. This is temporary. It can read the OS files whether the hard drive is formatted for NTFS or a FAT system.
  7. Ntldr reads information about the OS from the Boot.ini file. Ntldr builds a boot loader menu, and displays it if this is a dual boot system, or if there is a problem requiring the user to choose what to do next.
  8. Conditional step: If a menu was presented in step 7, and if the user chose a different OS to load (not the one we are trying to load), Ntldr would load Bootsect.dos, which would run and load the other OS.
  9. Assuming that we are continuing to load W2K or XP, Ntldr runs, which detects the time and date in CMOS, detects the current hardware, and passes its information to Ntldr. Ntldr will use this data to save a new Last Known Good hardware profile if this boot is successful. Note: is a 16-bit program.
  10. Ntldr loads several files: Ntoskrnl.exe (the OS kernel), Hal.dll (the Hardware Abstraction Layer driver for the processor and motherboard), and the System hive (which we learned in the last chapter is part of the registry.) The System hive is used to determine which device drivers to load, which are then loaded. Control now passes to Ntoskrnl.exe
  11. Ntoskrnl.exe loads the rest of Windows.

The text offers a list of other programs that might be loaded during a boot, but the critical ones are named above.

The text continues with a list of folders that are important to running W2K and XP. If any are missing, problems happen. (In each case, the path listed starts with C:\, which assumes that you are running Windows from your C: drive.):

  • c:\Windows - the folder the main user oriented OS files are stored in
  • c:\Windows\System32 - the folder that holds many files used by the OS
  • c:\Windows\System32\config - this folder should hold the registry hives (files)
  • c:\Windows\System32\drivers - this folder holds device drivers, unless they were installed elsewhere by a silly installation program
  • c:\Documents and Settings - this folder leads to folders for the profiles of each user who has logged on to this computer or logged on to the network through this computer
  • c:\Program Files - this is where Windows expects installed application folders to be

The text turns to the Boot.ini file, mentioned above. It is a hidden file (users are not meant to see or edit it) that lists the OSs on the computer, and the options for the boot loader menu. To edit the file, you will want to allow Windows to show hidden files to you. In Windows Explorer, open the Tools menu, choose Folder Options, click the View tab, and select the radio button for Show hidden files and folders. (I always do this with my own computer, and any computer I am servicing. If it is someone else's computer, I make a note to turn it back off before they use it.)

Note: The following message is from the Help file for msconfig

  • Microsoft strongly recommends that you do not use System Configuration Utility to modify the Boot.ini file on your computer without the direction of a Microsoft support professional. Doing so may render your computer unusable.

As you can see, Microsoft does not want you to make any adjustment to this file unless you are sure of what it will do.

One way to access and change the Boot.ini file is to go through the properties of My Computer. Click the Advanced button, look for Startup and Recovery and click the Settings button. If you do this, notice that the default OS statement (shown in the image below) contains a setting for /noexecute.

You can't change this setting from this window, but you can if you go to My Computer, Properties, Advanced, Performance, Settings, Data Execution Prevention. The purpose of this switch is to prevent viruses from running at boot, as noted in the image below.

The text lists some sources for troubleshooting help. The two that seem to work best are:

  • Microsoft Knowledge Base at
  • Help files for a command tool

The text also recommends some tools for troubleshooting boot problems:

  • try booting into the Last Known Good configuration- it is available if you press F8 repeatedly while booting, and watch for the Advanced Options menu that should appear
  • boot into Safe Mode - it is available if you press F8 repeatedly while booting, and watch for the Advanced Options menu that should appear
  • use the System Information utility - click Start, Run, and enter systeminfo.exe

As noted above, the F8 button will lead you to the Advanced Options boot menu. You should review the options on it that are discussed in the text. Some important ones are:

  • Safe Mode - uses a minimal set of device drivers and services to start Windows
  • Safe Mode with Networking - uses a minimal set of device drivers and services to start Windows, with the drivers to load networking
  • Enable VGA Mode - starts Windows in 640 x 480 mode by using the current video driver (not Vga.sys). This mode is useful if the display is configured for a setting that the monitor cannot display. Safe mode and Safe mode with Networking load the Vga.sys driver instead, so this mode tests the current video driver in a "plain vanilla" configuration.
  • Last Known Good Configuration - starts Windows by using the last configuration that was saved from a working state
  • Enable Boot Logging - turns on logging when the computer is started with any of the Safe Boot options except Last Known Good Configuration. The Boot Logging text is recorded in the Ntbtlog.txt file in the %SystemRoot% folder.

The thing most users want to avoid is commonly called the Blue Screen of Death (BSD). It is also called a stop error or system failure event. (Trust Microsoft to call it something other than what the whole world calls it.) Be aware that the Startup and Recovery screen discussed above lets you configure what happens at such an event on its System Failure portion.

XP and W2K provide an option for system failures called the Recovery Console. It allows you to boot into a DOS environment, which allows you the "advanced" option of using DOS commands to try to correct Windows errors. In the notes for the previous chapter, there is a link to Computer Hope's page about DOS commands. The notes on it apply to the Recovery Console, as well. See the notes for the commands listed in the text:

  • Fixmbr (fixes the MBR)
  • Fixboot (fixes the OS boot record)
  • Diskpart (view, create, and delete partitions)
  • Chkdsk (fixes cluster problems)
  • Listsvc (lists currently installed services)
  • Disable (disables a service)
  • Enable (shows status or reinstates a service)

The text offers other DOS commands to fix boot problems from the Recovery Console. Review them if you are taking the A+ certification test.

Note that the Recovery Console is not installed by default. The text explains how to install this option if you did not do so when installing your OS:

  1. Open a command line window
  2. Navigate to \i386 folder on the Windows 2000 or XP installation CD
  3. Enter the command winnt32 /cmdcons
  4. Restart your computer (Recovery Console should be on the boot loader menu now)

The text follows this section with more troubleshooting tips.

  • If a user has a problem, talk to the user. Trouble calls can often be resolved quickly with information from the person experiencing the problem.
  • Check for simple problems, like something being unplugged. The text offers this idea later in its list. Don't wait, check this right after talking to the user.
  • Before you change a system, make whatever kind of backup is possible. How about setting a restore point?
  • If you check the system logs, you may find a clue to where or when the problem is happening.
  • If Windows will not start, try Last Known Good, or Safe Mode options.
  • If you hear beeps, or see error messages, PAY ATTENTION to them. Use another computer to check the error messages or beeps on the Internet. The text says to check the Microsoft site first. Good advice. Use you favorite search engine as well. Sometimes a good technical site may explain the problem in clearer terms. (Beware finding bad advice that proves Sturgeon's Law (aka Sturgeon's Revelation).

The last chapter introduced cleaning up a hard drive to address performance issues. This chapter revisits the topic. If the last chapter taught you to put things in startup folders and to schedule tasks, this chapter tells you that it may be a good idea to cut back on such actions.

The text suggests that you may find that a user is loading too many fonts, causing the system to run slowly. We are informed that we should allow no more than 260 fonts. (Sounds like a certification test question, doesn't it?) This ancient bit of wisdom is accurate, but not the most effective thing you can do. Instead:

  • Use msconfig and the Services Console to determine what is loaded when Windows starts
  • Check the programs and services on the Internet to determine which are junk that you do not need, and get rid of those. I am frequently surprised by some program that has been added to my startup list without my consent.
  • Check Task Scheduler - if something is in it that you do not recognize, check it out, and consider removing it
  • As discussed in the last chapter, Restore Points are your friends. Use them to go back in time when Windows runs, but the current configuration is too slow and painful to use.

If your system will not boot, but will boot from the Windows installation CD, suspect that you have a bad file in your root folder. Ntldr,, and Boot.ini all live in the root of the hard drive. You could try replacing them with the versions on your installation disk.

The text modifies some of its advice with a variation: if you have a recovery CD or a recovery partition on your hard drive, you may find drivers on them that are specific to your system hardware. Drivers found in these locations would be preferred to those on a generic installation disk.

If you have been making backups (yeah, sure you have...) you could restore an XP computer with the Automated System Recovery program.

The text also offers some ideas that may work, but are less than desirable, due to the possibility of losing all your data:

  • Windows 2000 Emergency Repair Process- uses an Emergency Repair Disk (ERD), and all changes to system are lost
  • In-place upgrade of Windows 2000/XP - Use the repair utility on the Windows 2000/XP setup CD. Software and hardware are reinstalled, user data should be preserved (Things can still go wrong.)
  • Clean installation of Windows 2000/XP
    • Copy data files to a safe place (Can you? I thought the system wouldn't boot.)
    • Delete the current Windows 2000/XP installation
    • Reinstall the OS from the Windows 2000/XP installation CD
    • Restore data from the copies you made