Troubleshooting Startup Problems in win xp /2003

Troubleshooting is merely the methodical application of common sense and technical knowledge to the inevitable problems that crop up in a fallen world. If common sense can be codified (and perhaps it can with AI) then it starts with answers to simple questions like: Why? How? What? In this article I'll try to distill the issues, tools and procedures of troubleshooting Windows XP/2003 boot problems into a small amount of easily digestible information that you as a system administrator can write on the back of a note card or store in your PDA for easy access when the proverbial poop hits the fan. Let's begin with the Why question.

Why do startup problems happen?

Windows may fail to start for a variety of reasons, and generally speaking in order of decreasing likelihood here they are:

• Hardware failure
• Bad driver
• Corrupt file or volume
• System misconfiguration
• Virus infection

Let me elaborate. A common reason systems fail to start is because some element of the system's hardware has failed. This could range from the simple (someone kicked the power cord out of its socket) to the obvious (smoke emitting from the machine) to the mysterious (something transient that happens only when the moon is full or during sunspot minimum). Next most common is when you update the driver for some piece of hardware (or the BIOS for that matter) and the system won't boot afterwards. After that comes those mysterious messages we'll talk about shortly that usually indicate some key operating system file has somehow become corrupt or gone missing. Misconfiguration is another possible source of boot problems, but this is somewhat rare as in most cases you'll still be able to boot but one or more services may fail to start or your applications may not function as expected. Finally, virus infection can cause a system to fail to boot, but I've listed this in last place because I'm assuming you've got an antivirus solution in place and you're keeping the antivirus signature files updated, right?

Now that we know why Windows may fail to start properly, let's ask the logical next question: How can we know which of these underlying causes is the one that might be preventing Windows from successfully booting?

How to diagnose startup problems

Here is where we need to apply our brains and use a bit of common sense to determine what the cause of startup failure might be. Think of the previous list above as a list of disease-causing viruses, and now you have to play doctor and figure out which virus the patient (your sick computer) actually might have. For if you skip this step and try blasting the patient with every possible remedy in your doctor's bag, two things may happen:

• One of the remedies you try may actually make the patient worse and indeed could prove fatal.
• You'll waste a lot of time and the recovery of your patient will be delayed, and your boss may get upset with you as a result since her business is losing money due to downtime.

So careful diagnosis is a step you should always take time for and never avoid, and just like in the medical profession such diagnosis usually begins with your senses. For example, do you smell something burning? Better unplug your system immediately and wait for things to cool off, then open the case and inspect the damage. Do you hear your CPU fan making a slow grinding sound? Power down your system and replace the fan before your processor burns out and needs replacing. Is your video display flickering? Maybe try reseating the video card after checking if the video cable is seated properly.

OK let's assume its not such a simple and obvious problem. Instead, say you get a black screen with one of the following dreaded messages when you try and boot your system:

• "NTLDR is missing"
• "A disk read error occurred"
• "Invalid partition table"
• "Error loading operating system"
• "Could not read from selected boot disk"
• "Windows could not start because the following file is missing or corrupt"

Or you might get a blue screen (called a STOP screen) with some obscure message on it. Or if you're lucky you might make it all the way through the Windows splash screen to the logon box and then suddenly get a dialog box saying "One or more services failed to start". Or your mouse pointer might freeze and your system hang either before or immediately after logon. How can you match these symptoms to the underlying condition that might be causing them? First let's look at some possible "black screen" messages that can occur after the BIOS POST routine finishes but before the Windows splash screen appears:

Symptom	Probable Cause
"Invalid Partition Table" "Missing Operating System" "Invalid Partition Table"	Master boot record is corrupt due to hard disk errors or virus infection
"NTLDR is missing" "A disk read error occurred" System hangs after BIOS POST finishes	Boot sector is corrupt due to hard disk errors or virus infection
"Windows could not start because of a computer disk hardware configuration problem" "Could not read from selected boot disk" "Check boot path and disk hardware"	Boot.ini file is corrupt, missing, or needs updating.
"Windows could not start because the following file is missing or corrupt"	Boot volume is corrupt or the referenced system file is missing.

In addition to these error messages, a variety of other startup problems can occur including:

• Blue screens. These are typically caused by hardware failure or driver problems but can also be due to virus infection.
• Hung system. These are typically caused by buggy drivers or by registry corruption but can also be due to virus infection.
• Dialog box saying "One or more services failed to start". This is typically caused by misconfiguration or registry corruption but can also be caused by application incompatibility of some form.

So what should you do to resolve such problems?

How to resolve startup problems

Like a doctor's mysterious black medical bag full of medical instruments (at least in old movies on TV) the system administrator also has a set of tools provided by Microsoft for resolving startup problems like the ones in the table above. In a nutshell, here's a quick inventory of the main tools:

• Last known good. Restores the HKLM\System\CurrentControlSet portion of the registry its version during the last successful logon to the system.
• Safe mode. Starts Windows with a minimal set of drivers and creates a record of which drivers load in %windir%\Ntbtlog.txt.
• System Restore. Windows XP only feature to restore system to previously saved configuration.
• Recovery Console. Boots to a command line that allows you to run various commands, see this article by Johannes Helmig for more info.
• Automated System Recovery (ASR). Restores the boot volume from backup, see this article by Johannes Helmig for more info.
• Repair. Run Windows Setup from your product CD and select the option to try and repair your installation.

Which tool should you use to address each of the symptoms we described earlier? Assuming there is no obvious hardware problem (no funny smell) and you've already asked yourself the Golden Question ("What was the last thing I did to this system?") then here's a quick outline that maps the type of knife (may be several in order of severity) to the kind of surgery (underlying problem or visible symptom) you need to perform on your system:

Problem/Symptom	Tool(s) to Use
Corrupt master boot record	Recovery Console (fixmbr)
Corrupt boot sector	Recovery Console (fixboot)
Corrupt or missing boot.ini	Recovery Console (bootcfg /rebuild)
Corrupt system file	Recovery Console (chkdsk) Restore from ASR backup Perform a Repair install
Corrupt registry	Recovery Console (chkdsk) System Restore (XP only) Restore system state from backup Perform a Repair install
Blue screen	See this resource first Last known good System Restore (XP only) Safe mode (roll back suspect driver using Device Manager)
Hung system	Last known good System Restore (XP only) Safe mode (roll back suspect driver using Device Manager)
"One or more services failed to start"	Don't logon! Reboot and select last known good, log on, undo the last configuration steps you performed. Safe mode (undo last configuration steps you performed)

System Errors

System error  5 - Access is denied This is a permission issue. If the net view command fails with a "System error 5 has occurred.  Access is denied." message, 1) make sure you are logged on using an account that has  permission to view the shares on the remote computer.   2) Need to cache credential: logon the same username and password on both computers  or use net net use \\computername /user:username command. 3) Make sure the Netlogon service is running. System error 8 - Not enough storage is available to process this command or System error 234 - More data is available. Symptoms: If you attempt to start the server service manually, the following errors  may be displayed: System error 234 has occurred. More data is available.Or system  error 8 has occurred. Not enough storage is available to process this command.  The event viewer shows "Event ID: 7023. Description: The Server service terminated  with the following error: More data is available. Or Event ID: 7001. Description:  The Net Logon service depends on the Server service which failed to start because   of the following error: More data is available. Resolutions: 1) apply (or reapply) the latest Windows NT Service pack. 2) remove any unnecessary entries from this value in the registry, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services \LanmanServer \Parameters\NullSessionPipes System error 51 has occurred - The remote computer is not available Symptoms: You may receive "System error 51 has occurred. The remote computer  is not available" when using net use to map the computer drive. Resolutions: 1. Make sure server service is running on the remote computer. 2. Enable file and printer sharing.   System error 52 - You were not connected because a duplicate name   exists on the network. Symptoms: you can ping a host but not net view it. When using net view\\hostname,  you get system error 52 - a duplicate name exists on the network. Resolutions: there are two host names or alias name (cname) are pointed to the same IP. 1) check the WINS records. 2) check DNS records. 3) Go to System in the Control  Panel to change the computer name and try again. System error 53 - The network path was not found. Symptom: when using net view \\ip or \\computername, you get system error 53.  Resolutions: 1) if it is domain environment, check your WINS; 2) if it is peer-to-peer  work group, enable NetBIOS over TCP/IP; 3) make sure the machine is running; 4)  make sure file and Printer Share enabled on remote computer; 5) make sure client  for ms networks is enabled on local computer; 6) make sure you type the correct  name. 7) Make sure no firewall running or any security setting. 8) If your computer  is loaded NetWare IPX or NWLink, you may receive system error 53. You may want  to disable the NWlink or move it lower than TCP/IP in in network binding order. VPN Case Study - Can ping VPN server but receive System error 53 using net use Case Study - System Error 53 - The network path was not found. System error 67 - The network name cannot be found Symptom: When using net view \\computer or net use \\IP, you may receive above error  message. Resolution: 1. Make sure you type the correct computer name or shared name. 2. Make sure the Workstation service is running on the local computer while Server service  is running on the remote computer. More troubleshooting here System error 67 has occurred System error 85 has occurred. The local device name is already in use Cause: net use /persistent:yes is default settings for NT and win2000/XP. If you have  mapped some network drives and check the reconnect at logon, or your network uses logon script to map network drives, the mapped network drives may show red Xs. If you  enable echo and pause the logon script or if using net use to map the same drive manually , you may get "System error 85 has occurred. The local device name is already in use. " One thing you may want to try is using net use /persistent:no, for example, net use  i: \\servername\folder /persistent:no. System error 1219 has occurred - The credentials supplied conflict with an existing  set of credentials Symptoms: 1) When you log on to a domain from w2k client; 2) when attempting to join  a domain,  you may receive the following error message: The credentials supplied conflict  with an existing set of credentials. Resolutions: This may cause because of attempting to make two or more connections to  the same server using two or more sets of credentials 1. Go to windows explorer and disconnect all network drives. Then re-logon. 2. Delete the profile or copy another profile. Note: you may lost all settings and data in  My Documents when deleting or copying profile. 3. If solution 1 and 2 doesn't work, try this: 1) Log on as an administrator at any workstation  and run regedt32. 2) Select HKEY_USERS, but do not open. 3) From the Registry menu,  click Load Hive. 4) This will bring up a Load Hive dialog box. Locate the Ntuser.dat file for  the user with the errors. Select the Ntuser.dat and click Open. You may enter any string for  the Key Name. Use TEST for ease of use pertaining to the remainder of this article.  5) Locate the UsernameHKEY_USERS\TEST \Network\Username. 6) Delete the string for Username (leaving it blank is sufficient).  7) Select the TEST hive that you previously loaded, click the Registry menu, and then  click Unload Hive. 8) Quit Registry Editor. 4. If you get this message when joining the domain, make sure 1) you have delete the  computer from AD; 2) delete it from DNS; 3) delete it from WINS. System error 1231 has occurred. The network location cannot be reached. Symptom:  When using net view \\computername, you may receive System error 1231. Resolutions: 1) make sure Client for MS Networks is enabled, 2)  make sure you have  permission to access it. System Error 1240 - The account is not authorized to login from this station. Symptoms: 1. You may get the system error 1240 when using net view\\remotecomputer' 2. “Workgroup_name is not accessible… Account is Not Authorized to Log In to this Station”  when attempting to browse the workgroup from a networking computer. Resolutions: 1. Use Regedit to enable unencrypted (plain text) passwords for the SMB client.  2. Enable Send Unencrypted Password to Connect to 3rd Party SMB Servers under Local  Security Policy. 3. Set the following policies as showing: Digitally sign client communications (always) - disabled  Digitally sign server communications (always)- disabled  Digitally sign server communications (when possible) - disabled  LAN Manager Authentication Level set to Send LM and NTLM - use NTLMv2 session security  if negotiated - (default) send LM & NTLM responses   Secure channel: Digitally encrypt or sign secure channel data (always) - disabled  Secure channel: Require strong (Windows 2000 or later) session key - disabled 4. Contact the third-party SMB server manufacturer if you have a third-party SMB server,  such as DEC Pathworks, Samba or Linux. 5. If you are running Windows 9x, you may want to re-configure windows authentication  for network logons. System error 1311 - There are currently no logon servers available to service the logon request Symptoms: The primary purpose of logging on with cached credentials is to enable you  to access the local workstation. However, if you have logged on by cached credentials,  you may be unable to access network resources because you have not been authenticated.  For example 1) after you log on to a w2k/xp laptop by using cached credentials, you may be  unable to access the network resources. This issue is commonly experienced by laptop users  whose computer resides in a Windows Server domain and who log on to the computer by  using cached credentials prior to being able to establish a remote access connection.  2) You log on to a w2k/xp laptop with a domain logon option in a workgroup network.  After you establish the connection and you try to map the network drives, the operation  may be unsuccessful, and you may receive the following error message:  "System Error: (1311) There are currently no logon servers available to service the logon request." Resolutions: To authenticate the cached credentials, 1) if it is w2k/xp, use net command,  for example, net use \\servername\sharename/user:username. 2) if xp, open Windows  Explorer>Tools>Map Network Drive. Click Connect using a different user name, enter  the username and password. System error 1326 has occurred - Logon failure: unknown user name or bad password. Symptom: when using net use to map a network drive, you may receive "System error 1326  has occurred. Logon failure: unknown user name or bad password." message. Resolutions:  1) create a user account on remote computer; 2) need to enable the guest  account; 3) make sure the remote computer doesn't use auto-logon and blank password;  4) make sure you have a folder or drive shared on the remote computer. 5) use net use  \\servername/user:username command. Make sure you type correct command (e.g. use  net use \\servername \user:username will get this error too) System error 1331 has occurred - Logon failure: account current disable Symptom: When using net use \\computername command, you may receive above error  message. Resolutions:  this is cache credentials issue. To fix this problem and cache the credentials,  use net use \\computername /user:username command. System error 1385 has occurred - Logon failure: the user has not been granted the  requested logon type at this computer Symptoms: When using net use \\remotecomouter\ahredname, you may receive above message. Resolution: 1. The users do not have permission to connect to the remote computer.  To resolve this problem: on the remote computer, select Administrative Tools> Local Security Settings>Local Policies>User Rights Assignment, right-click on  Access this computer from the network>Properties>Add Users or Groups, add  everyone or any users you want to be able to access the computer from the network. 2. refer to this case: Solved: System error 1385 - Logon failure-  System error 1396 has occurred - Logon Failure: The target account name is incorrect. Symptoms: 1. when using net use, you may receive above message. 2. when using net view \\hostname, you may receive "System error 5 has occurred.  Access is denied.". However, net view \\ip works fine. 3. You may receive above error while running logon script. Causes: 1. SPN for the domain that is hosting the replica has not been propagated. 2. Incorrect target account name or the server is not online. 3. If you have DFS, make sure the DFSRoot is available. Refer to RL060704 System error 6118 has occurred. The list of servers for this workgroup is not  currently available SYMPTOMS: 1) After enabling ICS/ICF, you can't see any computes on My Network places.  If you try, you may get "workgroup is not accessible". 2) If you use the net view command,  you may receive "System error 6118 has occurred. The list of servers for this workgroup is  not currently available." message. Resolutions:  1) This behavior can occur if you enable the ICF that will closes the ports for file sharing  by default. To open these ports, right-click the network connection that is  firewall protected>Properties>Advanced>Settings>Service  Tab>Add, Enter 127.0.0.1)  for the required Internet Protocol (IP) number. Enter UDP ports from 135 through 139, and TCP ports from 135 through 139 one by one (the external and internal port numbers should  be identical). 2) This may occur if the workgroup name and the domain name are the different. 3) No master browser. Starting Computer Browser Service on one of w2k/xp computers  should fix the problem

Diagnosing and Troubleshooting Active Directory Problems

In terms of identifying, analyzing the cause of, and repairing Active Directory problems, there is a specific sequence of events to follow. This sequence serves as a roadmap to help you to accurately identify a situation, diagnose it, and then resolve it. Figure 10.2 illustrates the sequence of events to follow when troubleshooting Active Directory.

Add caption

Figure 10.2 Active Directory Diagnostic and

 Troubleshooting Sequence

 Important

This chapter makes a best-effort attempt to provide

 examples of the types of problems you might encounter

 given the data available, describe the tools you can use 

to diagnose and identify those problems, and provide 

suggested solutions. Because Windows 2000 Active Directory

 is used on a more universal basis, more data will be 

available on the Microsoft Personal Online Support 

Web site link on the Web Resources page at 

http://windows.microsoft.com/windows2000

/reskit/webresources .

Troubleshooting Exchange Issues

Cannot create a new mailbox

SYMPTOMS: 1. You successfully create a new mailbox on your Exchange Server, and then the Exchange Recipient Update Service updates the object. However, when you use the alias of the new mailbox to resolve the mailbox in Microsoft Outlook, Outlook cannot resolve the name, and you may receive the an error message that is similar to the following: The name could not be resolved. The name could not be matched to a name in the address list.
2. You create a new user with mailbox. However, the mailbox does not appear when you look for it in the global address list.

CAUSE: This issue may be caused 1) if you specify the incorrect Exchange Server in the domain Recipient Update Service settings; 2) if you specify no Exchange Server at all.

Common Exchange Connectivity Issues
1. Host Name Resolution - make sure DNS is running, and Exchange A and MX records present;
2. Protocol issues - the user has permission; appropriate protocol service are started.
3. Firewall blocks transmission - use telnet to check the status.
For step by step troubleshooting receiving/sending email, visit this page:http://www.howtonetworking.com/server/testsmtp1.htm.


5.5.4 (Non Delivery Reports)
5.5.4 (Non Delivery Reports) are usually an invalid address.
All POP3/IMAP4 clients such as Outlook Express works while MAPI clients such as Outlook doesn't
Cause: POP3/IMAP4 is disabled.
All MAPI clients such as Outlook works while POP3/IMAP4 clients such as Outlook Express doesn't
Cause: MAPI is disabled.
Can't start NNTP and IMAP services under Exchange System Manger
Resolution: start them under Computer Manager.
Event ID 2103 - Global Catalog Servers Not Responding
Symptoms: After you install Exchange 2000/2003 successfully, the Microsoft Exchange System Attendant service may not start, and you may receive the following Event ID: 2103 - All Global Catalog Servers in use are not responding:  There is no Recipient Update Service created in the domain where you installed Exchange 2000 or Exchange 2003.
Cause: This issue occurs because no global catalog server can be found in a domain which has been "domain prepped" by the Exchange 2000/2003 Setup program. For the consultants, refer to case 0304JH.
Exchange Troubleshooting Tools
1. Diagnostics Logging,; 2. vent Viewer; 3. Services Logs; 4. Dump Files; 5. Performance Monitor; 6. Network Monitor; 7. Messaging logs.
No one can send email to ameritech.net
Symptoms: you can receive the mails from ameritech.net and sbcglobal.net while you can receive mails from both companies.
Cause: 1. DNS issue.
2. DNSBL.
For consultants, refer to case 112804GD
The entries under Public Folder are not synchronize
Symptom: after moving the Public Folders from Exchange 2000 to Exchange 2003 server, the users can see the Public Folder but the entries or sub-folders under each folder.
Cause: The Replication under Public Folder Properties is setup as Never Run.
For the consultants, refer to case 111004RL.
You do not have the permission to send on behalf of the specific user
Cause: You haven't grant Send on behalf permission.
For the consultants, refer to case 111004CC
Set limit for message with attachment
To size limits for messages with attachment, you have many options. You can customize the settings for the global settings, organization, a specific connector, a specific virtual server, and an individual user.
For the consultants, refer to 091504EX
Troubleshoot SMTP communication problems.
If you have problems sending email over SMTP, you may test the SMTP connectivity by using Telnet on the sending server to connect to port 25 on the destination server.
The system cannot find the path specified
Symptom: If you look in IIS admin console, you may see red X's on the Exchange folder.
Resolution: Restart the Web service.