Learn how to use Vista's Advanced Boot Options, the Windows Recovery Environment platform, WinRE and WinPE to diagnose customers' performance problems. This chapter excerpt titled "System Recovery and Diagnostic Tricks" is taken from the book Tricks of the Microsoft Windows Vista Masters.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Download the .pdf of the "System Recovery and Diagnostic Tricks" chapter here.
The last thing you want to happen is for your system to not boot. Performance is a great thing to worry about right up to the day your system shows you a black screen with an error message instead of the colorful login screen. With a lump in your throat, you sigh with relief because you know you have a CompletePC backup…or do you? Before you go for the backup, you should try to fix your problem. Start with Advanced Boot Options.
Advanced Boot Options in Vista
By pressing F8 upon bootup, you can see the Advanced Boot Options available to help you to handle a particular crisis. Knowing how each works can enable you to make an informed decision about which tool is going to get your system up and running the fastest. Here are your choices:
- Safe Mode -- Loads a minimal driver set and set of services.
- Safe Mode With Networking -- This loads safe mode settings but also loads network connections, allows logon scripts to run, allows security settings and Group Policy settings (for system that connect to a domain) to be applied. If you know it's not a network problem that is preventing your system from booting, this mode can be helpful to allow you access to other resources (and to back up your system if you haven't done so already).
- Safe Mode with Command Prompt -- Boots up your system but with a command prompt instead of the GUI. Why would you use this? Well, if you believe the system will not start due to a problem regarding a process started through the Explorer shell, this prevents the Explorer shell from executing in the first place.
- Enable Boot Logging -- Creates a log file that lists all the services and drivers that load (or do not load, as the case may be). This log file is called Ntbtlog.txt and is located in the Windows folder. The modes listed previously also create boot logs, but this one does it without going into a safe mode.
- Enable Low-resolution Video (640¥480) -- This used to be called VGA mode in XP. Useful for problems you encounter with video drivers or incorrect video display settings, it provides a standard (ugly), stable (low-resolution and refresh rates settings), VGA driver to allow you to see your screen so you can fix your problem.
- Last Known Good Configuration (Advanced) -- The last time you logged on successfully, your Registry took a snapshot and saved it. In the event you did something to your system and it prevents you from logging in again, not to worry -- just use the last known good to go back in time to your last logon. However, if you are able to log in after a poor installation of a driver or service, this option will not help you in the least. So, if you know something isn't right, don't log in first and then see whether you are right. Instead, go with your gut feeling and last known good. It doesn't solve problems caused by corrupted or missing drivers or files -- that requires WinRE, which is discussed later.
- Directory Services Restore Mode -- This setting applies only to domain controllers, so you don't need this for your desktop OS.
- Debugging Mode -- This enables Vista to send debugging information through a serial cable to another computer for troubleshooting the kernel and other analysis of the system.
- Disable Automatic Restart on System Failure -- This is useful for when your system is in a loop of restarting because it stops the blue-screen restart loop so you can troubleshoot the cause of the problem.
- Disable Driver Signature Enforcement -- Allows drivers with improper signatures to be installed. This setting does not continue with multiple reboots. You use it; you install the driver you need; and when you reboot, the Driver Signature Enforcement is enabled again.
- Start Windows Normally -- Starts the system normally, as you might have guessed.
Nick Peers, the freelance journalist says:
A damaged Registry can lock you out of your system and important files. The Registry is a massive database that contains all your system and program configuration and is central to the way Windows works. If it becomes damaged (or corrupt) in any way, you may find yourself unable to boot into your system. The simplest thing to try is Last Known Good Configuration. This replaces the Registry with the version that was used the last time Windows successfully loaded. In most cases this will fix the boot problem, although you'll find any changes made to the Registry since that copy was made are lost.
Nick is correct, but if you really find yourself in trouble, your next step is the Windows Recovery options.
The Windows Recovery Environment
For those of you familiar with the Recovery Console in XP, it has been replaced by the Windows Recovery Environment (WinRE). WinRE is a recovery platform based off the Windows Preinstallation Environment (WinPE), the core deployment foundation for Vista. WinRE has two primary functions, that of diagnosing problems using the Startup Repair tool (discussed earlier in this chapter) and providing a platform for advanced recovery tools, according to the WinRE team. You can read their postings at http://blogs.msdn.com/winre/ for some great information.
Using the WinRE is easy enough. You boot up your Vista installation disk (or ISO). You will be asked to select a language, time, and so forth. When you see the button labeled Install, you can look to the bottom-left corner for the option to Repair Your Computer. This takes you into the System Recovery Options (that we mentioned earlier for memory diagnostics and Startup Repair).
Windows PE 2.0
The Windows Pre-installation Environment (WinPE 2.0) is a tool that enables you to boot the PE operating system, which is a mini-OS that allows you to handle installation, diagnostic troubleshooting, and recovery solutions for Vista. Some say WinPE is super-DOS. It's not DOS; it's more like Son-of-DOS, so call it SOD if you like.
When you load the WinRE options of the Vista DVD, it is actually running WinPE as the underlying OS. The same is true when you start the installation from the DVD. But you can actually make your own boot CDs or boot from a USB flash drive.
To begin, you should download the Windows Automated Installation Kit (Windows AIK) from Microsoft. Be sure you obtain the one from the final Vista release (in the event you are downloading or borrowing the kit from another source). The Windows AIK includes tools you need for deployment, as well as ones for creating the boot environment for WinRE. One of the most important tools you will need is imagex.exe, a command-line tool used for capturing, modifying, and applying installation images.
There is quite a bit of documentation to go through to fully understand the new deployment and troubleshooting tools, but it is worth it to keep your system humming along. But to understand the following discussions, you need to at least understand the basics.
You can also get the Windows AIK by obtaining the Business Desktop Deployment 2007 Kit. The BDD 2007 includes the Windows AIK along with other necessary deployment tools and documentation.
The Basic Tools of WinPE
After you install the Windows AIK, the tools you need will be in those folders. If you don't want to remember all the paths, you can make a quick edit in your system's environment variables to include the paths. To do this, open your System properties, select the Advanced tab, and click the Environment Variables button. For the system variables you want to add to the path variables, be sure to include the paths you need. For the following examples, you add the following two paths:
C:Program FilesWindows AIKToolsPETools
C:Program FilesWindows AIKToolsx86
Some of the tools mentioned include the following:
CopyPE -- Run the copype.cmd script to automatically create a local Windows PE build directory. The script is located in the PETools folder. The script requires two arguments: hardware architecture and target location:
can be x86, amd64, or ia64 and is a path to a local directory. For example:
copype.cmd x86 c:winpe_x86
(Don't create the folder ahead of time because the tool creates the folder for you.)
The script creates the following directory structure and copies all the necessary files for that architecture:
- imagex -- This tool is the mega-tool. It is "the" tool for creating and reconfiguring, as well as applying, .wim files. Some have compared this tool to an advanced .zip-ping tool, and it is in some ways. You can take files, or your entire system, and pull it into one .wim file. You can also compress that file. It looks at the .wim file as a directory so you can add to it any parts that are missing. One example of the capabilities of imagex can be seen just by looking at the install.wim for Vista. For starters, it's a 2GB+ file that expands out to be about 8GB. That speaks volumes for imagex's capabilities. OEMs can use this to open their Vista images, input their own Welcome Center information and other restore features, and close them again.
- PEImg -- After you use imagex to expand a Windows PE structure, you can use PEImg to make changes to Windows PE, such as installing packages, drivers, and language packs.
- OsCDimg -- Lets you take your .wim files and make them ISO files. After they're in ISO format they can be burned onto a CD to make them bootable.
- Diskpart -- This is a command-line tool for disk management. You use this tool in preparing your keychain drive for it to be a bootable tool later.
There are other tools to consider that you can learn more about through the Windows AIK.
About two months ago I discovered the Windows Automated Installation Toolkit (Windows AIK or just WAIK) to be able to work with different demo images for the sessions I did at TechEd Europe with physical machines instead of the (still much slower) Virtual PC images. The WAIK includes imagex.exe, which is a tool that allows you to create images of a partition of your machine and package them into the new Windows Imaging Files (WIM).
The first steps involve using WAIK and imagex.exe. These files can be used for centralized deployment via the Windows Deployment Services (successor of Remote Installation Services). But in my case I used it to image and restore different types of demo images for my physical machines as I did not want to work with the slower VPC counterparts at a conference such as TechEd Europe. Therefore, I created two partitions on my developer machine, one with my primary OS-instance (Vista joined into our working domain for email, etc.) and a second partition for my different demo images. On the second partition I installed Windows Server 2003 with everything I needed for my demo sessions (different images, detailed steps, see below) and then I created a WIM-image from the Vista OS instance using imagex.exe from the WAIK as follows:
imagex /capture D: M:WindowsImagesWindows2003_OfficeDev.wim "Windows Server 2003 Office Development"
This command captures everything on drive D: into a WIM file stored on my external hard disk M:. Then I tried the demos for the session and to get the original situation again I just restored the image as follows:
format D: /q
imagex /apply M:WindowsImagesWindows2003_OfficeDev.wim 1 D:
To get the complete picture, here is what I did for TechEd, where I required, for example, one image for SharePoint 2007 Office Development, one image for Windows Vista for WPF and Composite UI Application Block Development, and a third one for plain old Office 2003 development (during the beta stage of Office 2007 and especially VSTO 2005 SE installing Office 2003 and Office 2007 side-by-side was not supported…right now fortunately this is supported and works really fine, therefore I have tried the imaging stuff on several machines already):
- First I created a basic install of Windows Server 2003 on my second partition D:.
- Then I installed my main Vista partition for regular work (email, development in our office, etc.).
- On my main Vista instance I installed the WAIK.
- Then I have created the first image of the Windows Server 2003 partition using imagex /capture.
- Afterwards I installed everything for Office 2003 development on this Windows Server 2003.
- Now I captured this Office 2003 development workstation using imagex /capture.
- Next, I restored the original Windows Server 2003 instance using imagex /apply.
- On the restored instance of Windows Server 2003, I installed everything for Office 2007 development.
- I imaged the Office 2007 development workstation using imagex /capture again.
- Now I had my demo images as WIM images available and could switch between Office 2003 and Office 2007 (beta at that point of time) within 15 minutes by restoring the appropriate image via imagex /apply.
With that, management of my demo partitions became really fairly easy and I was not forced to use Virtual PCs but still remain with the same advantages such as restoring an original stage of my machines very quickly.
The next step was fairly obvious. At home I used the days between Christmas and New Years to get my IT infrastructure done, at home. And of course I wanted to have a very smooth way of restoring my test servers and workstations quickly if something went wrong. So my idea was creating WIM images for each of the servers and either deploying them via Windows Deployment Services from my PDC or just from external hard disks. But I didn't want to have two OS instances on each machine (one for imaging and image restore and the other one for "productive work"). So I required a CD-bootable version of Windows to be used as imaging and restore OS-instance with imagex.exe installed. Finally, the WAIK includes all the tools for creating Windows PE instances which are bootable from either CDs, DVDs, or USB sticks (!!).
I thought before the new year starts, right now I need to try something risky with my home machine. After searching a while I've found…the steps are so simple that I was completely surprised:
- Download and install WAIK (obvious).
- Open the Windows PE Tools Command Prompt.
- Create a directory for the template of your Windows PE image (e.g. C:WinPE as I use it here).
- Next switch to C:Program FilesWindows AIKToolsPETools.
- Execute copype x86 C:WinPE.
Now copy anything (tools, programs, etc.) you want into the ISO directory of your Windows PE template directory (in my case, C:WinPE). You can create any subdirectory you want within the ISO subdirectory such as "Imaging" in the example below where I copy the imagex.exe tool to the Imaging directory of my ISO template directory as follows:
Then switch to C:Program FilesWindows AIKToolsPEToolsx86.
Now apply the original Windows PE boot image:
imagex /apply winpe.wim 1 c:WinPEmount
Using the peimg.exe tool you can install either additional drivers by specifying an INF file, or prebuilt packages such as MDAC, MSXML, or Windows Scripting support (see the following table). Examples:
peimg /install=WinPE-XML-Package C:WinPEmount
peimg /install=WinPE-Scripting-Package C:WinPEmount
Package Name Description
WinPE-HTA-Package HTML Application support
WinPE-MDAC-Package Microsoft Data Access Component support
WinPE-Scripting-Package Windows Script Host support
WinPE-SRT-Package Windows Recovery Environment component WinPE-XML-Package Microsoft XML (MSMXL) Parser support
After the "mount" directory has been prepared (using peimg.exe with the /prep switch), you can create a WIM image for your ISO template directory as follows:
imagex/capture/boot/compressmax"C:WinPEmount""C:winpeisosourcesboot.wim" "mszCool PE"
Next you need to create the ISO image that you can burn onto a CD using any tool you want (such as Nero):
Oscdimg -n c:winpeISO c:winpemszCool_winpe.iso -n
- Using the OSCDIMG.EXE tool, you have created a ready-to-use ISO image that you can burn onto a CD. That CD is then a bootable version of Windows PE. From within this CD-booted instance, you can image and restore any partition on your computer you want -- for free.
If you have an error message using the No. 9 tool this way, the install notes say you should actually type is:
Oscdimg -n --bc:winpeetfsboot.com c:winpeISO c:winpewinpe.iso
As I wanted to have some fun and risk on the second-to-last day of this year, I just tried this on my home workstation by imaging and restoring my primary OS instance partition (which is the boot partition as well)…and it just rocks…it only took about 40 minutes including all the Internet search on how-to create such a Windows PE images.
Bootable USB Keys
Mario Szpuszta mentions in the previous section the capability to use Windows PE from a CD, DVD, or USB Flash drive. James O' Neil (another Microsoft developer) has some excellent advice on how to make this happen at http://blogs.technet.com/jamesone/ default.aspx.
To make a USB key bootable using the Vista/Windows PE version, you need to use the Diskpart commands. Here are the commands:
- Select disk 1 (or the number of your USB key, be careful!)
- Clean (like I said, be careful! This erases the disk.)
- Create partition primary
- Select partition 1
- Format fs=fat32
Having done that, you copy the ISO folder to the USB key
That's it. Now you have your universal tool for imaging and repairing Vista.
Now at this point you have a disk which will try to boot using BootMgr in the style of Windows PE/Vista/Longhorn server. Several people have asked about making a key which boots in the style of Server 2003/XP/Windows 2000/Windows NT. I can't make the Vista/PE version of diskpart run on Windows XP, and the older version won't prepare a USB key. So you need to do this from Vista or the Vista build of Windows PE. Once the drive is formatted, it has a Vista Boot sector -- this won't boot NT/200x/XP operating systems. You need to use the BootSect utility:
Boosect /nt52 E:
This stamps a Window 2003 Server boot sector (one which uses boot.ini) onto drive E:. I haven't tried it, but you should be able copy NTLDR, BOOT.INI, and NTDETECT.COM onto a USB key as a way of starting a machine suffering from a corrupt boot environment.
About the author:
J. Peter Bruzzese is an independent consultant and trainer for a variety of clients, including New Horizons and ONLC.com. Over the past 10 years, Peter has worked for and with Goldman Sachs, CommVault Systems and Microsoft, among other companies. He focuses on corporate training. Peter is the author of Tricks of the Microsoft Windows Vista Masters and writes for Redmond Magazine. He travels frequently to speak at conferences and has been an MCT since 1998.
Working with Vista's Windows Recovery Environment
Fundamentals of the Vista startup process
Guide to converting from Windows XP to Windows 7
Windows operating system management for the IT pro