In-Depth
Step on Boot Problems
Knowing exactly how your Windows 2000 Server starts up can get you out of some tight spots.
Understanding the Windows 2000 boot process
is fundamental knowledge for anyone in charge
of a Win2K server, network, or clients. At some
point, you’ll come across a computer that won’t
boot, hangs during boot, or even blue screens.
Most likely, this will be a computer that is critical
to your network and its daily operations, and
you’ll need to fix the problem as quickly as possible.
Learning the ins and outs of the boot process
now could save you your job later!
In this article I discuss how the boot process
works, including:
- What POST is and its purpose
- How the BIOS is involved in the boot process
- What NTLDR does
- What the boot.ini file is and how it’s used
- The detection of hardware in the system
- Initializing the kernel
Then I cover problems that can occur during the
boot process and show you how to use you new knowledge
to troubleshoot those problems.
The Initial Turn-on
POST, Power On Self Test, is what every computer
goes through during initial startup. POST begins
when the computer is turned on and runs through
a predetermined sequence of tasks. It checks the
computer’s environment and makes sure the machine
has the necessary hardware to function. These
components include such things as the mouse, keyboard,
hard drive, and memory. POST relays error messages
prior to video output through a series of beeps
and, later, through error messages shown on the
screen.
The POST sequence starts with the availability
of electrical power to the power supply. The first
component awakened is the CPU; the CPU sets the
first POST steps in action. This first bit of
instruction includes a memory address that has
the first line of POST programming on the system’s
ROM chip. It’s this first bit of code that allows
POST to begin. This portion of POST is performed
by the startup BIOS. Error messages and beeps
alert the user of a problem during this part of
the boot sequence. If more than one beep sounds
or no beep is heard, the problem lies in or on
the system board.
Once this part of POST has finished, the computer’s
BIOS continues to obtain information, including
the data contained in the Master Boot Record (MBR).
The MBR loads and the boot program included in
the MBR runs. This program, at the beginning of
all hard drives, is part of the information found
in the partition table. This MBR program seeks
out and loads the OS boot record contained on
the active partition. Now that the MBR has enough
information, it takes control of the startup process
and loads a copy of the partitions’ boot sector
into RAM, and the rest of the startup procedures
begin.
Files
You Need to Boot Windows 2000 |
If you need to create a disk
that contains the files needed
to boot a Win2K machine, you’ll
need to copy files listed in
the table below. To see these
files on your computer, first
make sure you’ve changed the
folder settings to allow you
to see hidden and system files!
File |
Location |
NTLDR |
Usually C:\
the root directory of the
system partition |
Boot.ini |
Usually C:\
the root directory of the
system partition |
Bootsect.dos |
Usually C:\
the root directory of the
system partition |
Ntdetect.dos |
Usually C:\
the root directory of the
system partition |
Ntbootdd.sys |
For SCSI systems
only, C:\ the root directory
of the system partition |
Ntoskrnl.exe
|
In
the boot partition under
\winnt_root\system32 |
Hal.dll |
In the boot
partition under \winnt_root\system32 |
System |
In the boot
partition under \winnt_root\system32\config |
Device drivers |
In the boot
partition under \winnt_root\system32\drivers |
Remember that the Bootsect.dos
file contains information specific
to each hard drive. It can't
be copied and used to boot another
machine.
|
|
|
Starting Up the OS
The boot sector program performs the next phase
of the startup process on a Win2K server: It starts
the OS. During this routine, various files are
found from an active partition of the hard drive:
Ntdetect.com, Boot.ini and BootSect.dos (if multiple
OSs are used). When you see the message “OS Loader
V.5.0” on the screen, you know that this part
of the boot process is occurring. This is an important
message to take note of, especially when you’re
trying to troubleshoot a boot problem. If this
message isn’t shown, then the problem obviously
lies somewhere prior to this step, or with NTLDR
itself.
NTLDR (which is similar to the old Io.sys in
DOS) performs many tasks during its part of the
startup process. Its responsibilities include:
- Checking for multiple OSs on the computer
and assists in offering OS choices to the user.
- Finding and loading the OS files from the
boot partition of the hard drive.
- Making certain its 32-bit code can be used
successfully by the processor. Processors initially
try to run in real mode, like the old 8086 computers
did, and NTLDR must switch the processor to
a 32-bit flat memory mode before starting the
OS.
- Loading minifiles so their respective files
can be obtained when necessary. These files
include boot.ini, an editable file that offers
other choices for operating systems if they
are installed; Ntdetect.com, used to detect
hardware present on a machine if Win2K is chosen
as the OS; and bootsect.dos, used if more than
one OS exists on the computer and an OS other
than Win2K is chosen.
- Loading and starting Ntoskrnl.exe. The information
that NTLDR has obtained through Ntdetect.com
is passed on to Ntoskrnl.exe, where the OS is
started.
- Loading the registry key, HKEY_ LOCAL_MACHINE\SYSTEM,
and selecting a control set depending on the
user’s input, if any. For instance, the Last
Known Good Configuration (discussed later) will
most likely have different information than
a default boot option, since changes have likely
been made to the Registry since the last boot.
- Loading all device drivers that have a start
value of 0X0. The value of 0X0 means that the
OS should load the drivers, but they shouldn’t
be initialized at this time. These device drivers
can be loaded into memory using the file Ntbootdd.sys
or by using BIOS calls in real mode. (Device
drivers can also have the start value of 0X1,
which indicates that they should be initialized
as soon as they’re loaded. These drivers are
loaded by Ntoskrnl.exe and are located in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.)
Device drivers aren’t initialized by NTLDR; that
happens when Ntoskrnl.exe starts. After Ntoskrnl.exe
has control of the computer, the boot process
is technically considered complete.
Managing Multiple OSs
NTLDR is responsible for loading the boot.ini
file, which contains information about multiple
OSs on the computer. The boot.ini file has two
distinct sections, the boot loader section and
the OS section. These contain information on what
OS is the default choice, how much time the user
is allowed to make a choice, the path to those
OSs, as well as other optional tasks at boot such
as loading a debugger, displaying what device
drivers are being loaded, and specifying the amount
of RAM Windows will be able to use.
Listing 1 shows an example of a boot.ini file
on a Win2K Server computer that also dual boots
with Windows 98.
Listing 1. This boot.ini
file shows that both Windows 98 and Win2K
Server are installed on this computer, and
that Win2K Server is loaded automatically
after 30 seconds if there’s no user intervention.
[boot
loader]
timeout=30
default=multi(0) disk(0)rdisk(0)partition(3)\WINNT
[operating
systems] multi(0)disk(0)rdisk(0)partition(3)\WINNT="Microsoft
Windows 2000 Server" /fastdetect
C:\"Microsoft Windows"
|
Hardware Detection
Ntdetect.com, loaded by NTLDR, handles hardware
detection. Once Ntdetect.com has obtained information
and detects the registered components, it passes
that information back to NTLDR and loads the information
into the Registry. This transfer of information
occurs after the boot.ini file has been found
and an OS chosen. This makes sense since the different
OSs on a computer may contain different hardware
profiles and different working peripherals. You’ll
know that this is happening when you see the Win2K
Startup screen that says, “Starting Windows.”
The hardware detected by Ntdetect includes information
about the keyboard, video adapters, ports, floppy
disks, co-processors, computer ID, SCSI adapters
and bus types.
Troubleshooting Startup
Now that you understand the sequence involved
in the boot process, it becomes easier to understand
why, where and when problems occur during the
boot process. For instance, if the error message
you receive states: “BOOT: Couldn’t find NTLDR.
Please insert another disk,” you now know that
the problem occurred somewhere between the MBR
being loaded and the initialization of the NTLDR
file. The obvious solution would then include
reinstalling the NTLDR file rather than trying
to dink around with the MBR.
Let’s look at other common error messages and
their reasons for occurring.
POST problems are caused by a system board or
hardware problem. These occur prior to seeing
the bootstrap loader screen. POST errors give
messages such as:
- Multiple beeps or no beep at all during startup
- “Missing Operating System”
- “A disk read error occurred”
- “Hard disk error”
- A memory-specific error message
- No keyboard present
The absence of messages such as “Found: CD-ROM”
can indicate a problem as well.
These problems are generally hardware related.
Most errors during POST are easy to isolate, since
the number of beeps gives clues to the type of
problem, and because the error messages on the
screen are usually hardware-specific.
Problems that occur after POST and before the
kernel takes control relate directly to the boot
process. You can fix most problems by copying
the missing file back on the computer. The following
table lists common problems and remedies.
If startup problems occur and the previous solutions
don’t help, don’t lose hope. The best place to
start, if the answer to the problem isn’t reinstalling
a file or restoring from backup, is with the tools
that Win2K Server offers. These options include
safe mode, Recovery Console, Emergency Repair
Disks, and Microsoft’s knowledge base, located
at
http://windows.microsoft.com/
windows2000/library/resources/reskit/WebResources/.
When All Else Fails...
You can use safe mode to boot a computer safely
with only minimal drivers and services. The mouse,
keyboard, CD-ROM, monitor and plug and play devices
will all be available, but non-essential drivers
and non-essential system services aren’t. Safe
mode is a good option when the system is down
due to an incorrect device driver, a defective
application, or corrupted system services. Safe
mode is most often used to isolate problems with
video adapters and incorrect drivers, troubleshooting
intermittent problems, or if Win2K generally isn’t
working as expected. You execute safe mode by
pressing F8 when prompted during the boot process.
Last Known Good Configuration (LKGC) is one of
the options that shows up under the Win2K Advanced
Options Menu when you press F8 during the boot
process. Each time Windows shuts down, a copy
of the Registry settings are saved. If incorrect
settings have been configured on the computer,
and the computer won’t boot due to these settings,
choose the LKGC to revert to the last working
configuration. Whatever changes have been made
to the Registry since the last boot won’t be saved;
those will be discarded. Once you’ve logged on
to a computer, you’ve created a new LKGC.
The Emergency Repair Disk (ERD) is another tool
that can be used to repair a system that won’t
boot. This is my personal favorite, since it’s
easy to use and always seems to work the way it’s
supposed to. The ERD can be used to make simple
repairs, such as problems associated with the
system files, problems with the boot sector and
related entities, and the startup environment.
Although the Windows NT ERD contained a copy of
the Registry files, the Windows 2000 ERD doesn’t.
However, you should create an ERD immediately
following any new installation of Windows 2000,
application of a service pack, or installation
of any new or updated drivers. You should ideally
store a copy of this disk off site.
Recovery Console offers a sort of “last resort”
option when all else fails. It can give some access
to all volumes on a computer with no graphical
interface support. It’s important to know what
you’re doing if you’re messing around in here!
It works by allowing an administrator access to
a copy of the Registry that was made during the
last backup and the ability to restore that copy
on the computer. All changes made after this backup
are discarded.
Troubleshooting
Boot Problems |
Problem/Message |
Suggestion |
No boot menu |
If the problem
arises after installing
a new OS for a dual-boot,
you most likely installed
the OSs in the wrong order.
Win2K must be installed
last; otherwise, the boot
sector will be overwritten. |
BOOT; Couldn't
find NTLDRPlease insert
another disk |
The NTLDR
file is missing or corrupt.
Copy the NTLDR file from
another disk or system to
the machine in question.
Since the NTLDR file is
installed after the MBR
is read, you know the boot
sector is still good. |
NTDETECT errors |
Copy a new
NTDETECT file to the computer
in question. |
Ntsokrnl.exe
is missing. Please reinstall
a copy of the above file |
This error
sometimes occurs because
the boot.ini file is corrupt
or points to the wrong OS.
If the boot.ini file is
good, reinstall a new copy
of the needed file. If it's
the boot.ini file, reinstall
the backup copy of that
file from your arsenal of
backups. |
INACCESSIBLE_BOOT_
DEVICE |
Generally
denotes an unsupported SCSI
driver for startup devices
- check the HCL and make
the appropriate changes. |
Invalid Partition
Table or Missing Operating
system |
Denotes a
problem with the MBR that
contains the Master Boot
Code. The master boot code
is responsible for loading
a copy of the boot sector
from Active Directory into
RAM. You'll need to go through
one of Microsoft's recovery
choices here, perhaps the
Recovery Console, ERD, or
repairing from backups. |
Non system
disk or disk error. Replace
and press any key when ready |
There could
be a disk in the floppy
drive or corruption in the
boot sector. This could
be the result of a virus,
or physical damage to the
boot sector. Try Fdisk /mbr. |
NTLDR is missing
or NTLDR is compressed |
The boot sector
can't find NTLDR. It could
be corrupt, moved, missing
or renamed. Using the ERD
to repair this problem is
the best solution. |
Inaccessible
boot device |
Win2K can't
find the system partition.
This is obviously a problem
with a hard disk and can
be hard to diagnose. If
this occurs after installing
a new hard disk, suspect
this first. Otherwise, suspect
incompatible disk drivers,
physical disk errors, viruses,
loose disk cables or incompatible
large block addressing. |
Unknown Volume |
The boot sector
for the volume could be
corrupt, permissions have
been changed for the volume,
or the Master File Table
is corrupt. |
|
|
|
Try Out Your Problem Solving
Skills!
I hope you now feel better armed to troubleshoot
boot problems. Remember that the best offense
is a good defense though—always keep an updated
backup on hand of your data, an ERD, and copies
of the drivers, applications, and OSs installed
on your computer. Recovering from a disaster doesn’t
take much time or effort if you’re well prepared.