First aid for a wounded installation

If you work with Windows 2000 Server (Win2K Server), you'll probably run into problems sooner or later—I have. Luckily, Win2K Server has a suite of recovery tools that includes the Advanced Options menu, Emergency Repair Disk (ERD), and Recovery Console. Armed with these tools, you can recover from most OS scrapes.

The Advanced Options menu is a secondary Windows 2000 (Win2K) boot menu that includes stripped-down versions of Win2K (i.e., Safe Mode), a Last Known Good Configuration option that lets you return Win2K to its state at the last successful logon, a directory services repair mode that you can use to reestablish the Active Directory (AD) structure (i.e., restore AD servers and replicate changes to other AD servers), and a logging mechanism for recording the boot process. Most items in the Advanced Options menu help you recover from simple problems (e.g., choosing an unsupported video setting) by letting you either back out of the problem with the Last Known Good Configuration option or fix the problem with a Control Panel setting. These options can also help troubleshoot your server if the server isn't fully functional and you need to work in Safe Mode.

In contrast, the ERD and Recovery Console are good for a little R and R—repair and recovery. You'll need these tools when the server is so badly damaged or misconfigured that you must revert to a saved configuration or do some low-level repair work to get things running.

Using the Advanced Options Menu
When you boot a Win2K server, the server recognizes the system hardware and presents you with the Boot menu. Press F8 from the Boot menu to open the Advanced Options menu, which includes the Safe Mode options (Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt), Enable Boot Logging, Enable VGA Mode, and Last Known Good Configuration.

Safe Mode. All Safe Mode options are versions of Win2K that run only essential services to get the server running. Minor but important differences exist between the Safe Mode versions. Safe Mode uses the Windows Explorer interface but doesn't include networking support. Safe Mode with Networking uses the Windows Explorer interface but loads enough network support to let you use network resources. Safe Mode with Command Prompt is a network-disabled version of Win2K that replaces the explorer.exe shell that Win2K ordinarily uses with cmd.exe. In Safe Mode with Command Prompt, you can do anything on the local computer that you can do in the usual shell. You can even run GUI applications, if you don't mind a maximum resolution of 800 * 600 (640 * 480 by default, but you can edit the Control Panel Display applet) and 16 colors. However, you must begin applications from the command prompt or the Task Manager, which you can access by pressing Ctrl+Alt+Del. Safe Mode with Command Prompt lets you fix your system when you experience problems with Windows Explorer.

Enable Boot Logging. The Enable Boot Logging option starts Win2K, creates the ntbtlog.txt file (which Screen 1, page 118, shows), and stores the file at the top of your system root directory. If you run into boot-sequence problems, you can review ntbtlog.txt to see which drivers loaded. Some drivers don't usually load; these drivers are available, but if the system doesn't require them, Win2K won't load them to conserve memory. However, if your network isn't working, you can scan ntbtlog.txt to determine whether the ndis.sys driver loaded. To take advantage of Enable Boot Logging, you need to know which drivers the system loads under ordinary operation. Run Enable Boot Logging when your server is running and save the output with a filename that shows the day on which you logged the boot and the server's basic configuration. If you later have boot problems, you can compare this healthy-boot record with the problem-boot record to pinpoint what's wrong.

Enable VGA Mode. If you're familiar with NT Server, you know that its OS boot menu has two entries for each instance of NT installed on the computer: One entry contains your selected graphics settings, and the other entry contains the VGA mode settings. These settings exist for good reason. NT 3.1 doesn't have a VGA mode; consequently, if you set up the wrong video driver in NT 3.1 and log on, you have to execute a complicated sequence of keystrokes to navigate to the Control Panel Display applet to fix your mistake. The VGA option doesn't exist on Win2K's Boot menu. To access the VGA option in Win2K, press F8 at the Boot menu and choose Enable VGA Mode from the resulting menu. Use this option to correct the problem if you install a bad video driver. You can access and use Enable VGA Mode at any time.

Last Known Good Configuration. Every time you boot your computer and log on successfully, Win2K stores the configuration information for the local machine in the Registry under HKEY_LOCAL_MACHINE\SYSTEM.

Win2K stores a backup copy of this information and assigns a number to the copy. Win2K uses this backup if the default set of configuration information (which is the current set) becomes corrupt and unusable. In contrast to NT, which stores each boot's current set and clone, Win2K maintains one current control set, which is a pointer to a numbered copy. Win2K also maintains a numbered set as a Last Known Good configuration for use if the default configuration set becomes unusable.

To view the configuration information sets, start the Registry Editor (i.e., regedt32) and locate the HKEY_LOCAL _MACHINE\SYSTEM\Select entry. As Screen 2 shows, this entry includes four values: Current, Default, Failed, and LastKnownGood. If you restart the machine and boot as usual (i.e., without using the Advanced Options menu), Win2K will use the Default control set. The Failed value is the configuration set that is the Default set when you start the machine from the Last Known Good Configuration menu. By choosing the Last Known Good configuration option, you tell Win2K not to start with the Default configuration set; therefore, Win2K marks the Default set as Failed, even if nothing is wrong with it.

You don't need to tweak the Registry to use the Last Known Good Configuration option. Restart the computer and take the following steps:

  1. When the system displays the Boot menu, press F8 to open the Advanced Options menu.
  2. Select Last Known Good from the Boot menu and press Enter. The Boot menu will reappear with Last Known Good Configuration printed in red letters at the bottom of the screen. The red lettering reminds you that if you load this option, you're choosing to reverse all nonsecurity-related Registry changes made during the last session. Press F3 to return to the main boot menu. (You can also reach the Last Known Good Configuration menu by pressing the spacebar when the system prompts you during the system boot.)
  3. When you select Last Known Good, Win2K displays the Last Known Good/Hardware Profiles menu, which lists all previously created hardware profiles. If you haven't created any new hardware profiles, the system lists your current configuration as Profile 1. Choose the profile you want, then press Enter to boot the computer.

Win2K will start with the last session's settings. After you log on, you'll see a message that tells you Win2K couldn't start with the current configuration and is starting with a previously saved configuration.

The Last Known Good Configuration option can't always help you. The option won't work if any of the following conditions apply:

  • You've never successfully logged on (i.e., you're installing Win2K).
  • You edited the server's configuration, rebooted and logged on successfully, and now want to restore your system to the way it was before the change.
  • The change you want to reverse is not related to control set information. For example, you can't remove changes to user profiles or system policies with the Last Known Good Configuration menu. The Last Known Good Configuration option doesn't affect passwords, so you can't use this option to recover an administrator's forgotten password.
  • The system boots, someone logs on, and the system hangs.
  • The system won't boot, and you can't get to the Boot menu.

Time for a Little R and R?
The Last Known Good Configuration menu and the Safe Mode boot options aren't always enough to bring a wounded installation to its feet. However, you have options other than reinstalling Win2K: the ERD and the Recovery Console. Both tools work on volumes formatted with either FAT or NTFS, so you can format a system partition with NTFS and still have access to troubleshooting tools.

Using the ERD is a simple procedure if your computer is having problems that you want to fix but can't identify. To use the ERD, begin installing Win2K, and when the OS asks whether you're performing a full installation or a repair, select repair. Then, insert the ERD and let Setup replace the troublesome files with the files on the ERD. If you haven't replaced any drivers or DLLs in your system folders, you can safely choose to restore all system files from the ERD.

Using the Recovery Console is more complicated than using the ERD. The Recovery Console is a command-line utility that lets you perform a variety of tasks, such as copying system files from a 3.5" disk or CD-ROM to a hard disk, starting and stopping services, reading and writing data in the system directory on the local hard disk, formatting disks, and repartitioning disks. Use the Recovery Console when you know what's wrong with your computer and how you want to fix it. In short, if your Win2K installation is dead and you're not sure why, use the ERD to see whether restoring the original installation files will solve the problem. But if you know that the problem is, for example, a bad or missing .sys file or a runaway service, use the Recovery Console to target the solution without changing nonrelated files.

Using the Repair and Recovery Tools
You can open the Recovery Console from Win2K. Go to Start, Run and type

<d>:\i386\winnt32 /cmdcons

where d is the drive letter of your installation CD-ROM. The first time you perform this operation, you'll see the Windows 2000 Setup dialog box. Win2K Setup copies files from the installation CD-ROM, then prompts you to restart the computer. After you reboot, the Recovery Console will appear as Microsoft Windows 2000 Command Console in the Startup menu. To start the Recovery Console, select this option before the 30-second timeout ends.

If you didn't set up the Recovery Console when you installed Win2K and your system becomes unbootable, you need to run Setup from the installation CD-ROM to get to the Recovery Console. After you do so, Setup will copy all the Setup files, then ask whether you want to install Win2K, repair it, or exit Setup. Select R to open the Windows 2000 Repair Options menu, which lets you repair an installation either with the Recovery Console or with the ERD. When you choose to run the Recovery Console, the tool scans the disk to find Win2K and NT installations. Select the OS you want to repair, type in the number of the repair option you want, and supply the password for the Administrator account.

If the word console leads you to expect a GUI, you'll be surprised to see that the Recovery Console is a simple command-line interface. Although this interface looks like an ordinary command prompt, the Recovery Console is different from the command prompt that you open from the Accessories folder. The Recovery Console supports only a few local commands, and these commands are specific to the Recovery Console interface and perform limited functions. For example, the wildcard options in the Copy command don't work in the Recovery Console. You can copy files only from removable media to the system partition (but you can't use the Recovery Console to back up files to other media), and although you can move to other logical drives on the hard disk, you can't read files on any partition other than the system partition or perform a DIR function on a partition (if you try, you'll invite an Access Denied error). The Recovery Console is not a fully equipped command-line version of Win2K.

If the Recovery Console doesn't let you back up files, read the contents of a directory that isn't in the system root, use wildcards, or edit security information, what can you do with the Recovery Console? You can use this tool to fix your broken system partition to make it usable again. You use the Recovery Console's set of DOS-like commands to manipulate the files and structure of the system partition. On the command line, type

help

to access a complete set of commands. The console's basic functionality includes enabling and disabling services; replacing damaged system files; fixing boot sectors and boot records; and deleting, creating, and formatting partitions. The Recovery Console doesn't include a command-line version of regedit, as Windows 9x does.

The onscreen Help for some of these commands is sketchy, but I think this problem is beta-related. The commands work fine and give you a simple way to complete single-step fixes to Win2K, including stopping services or restoring key system files such as NT Loader (NTLDR). When you finish with the Recovery Console, type

exit

to reboot the system.

You can edit some security settings to make the Recovery Console more flexible. Open the Local Security Policy Tool in the Administrative Tools folder and migrate to Local Policies/Security Options. That folder contains two Recovery Console properties: Recovery Console: Allow automatic administrative logon and Recovery Console: Allow floppy copy and access to all drives and folders. Enable the first property to log on to the Recovery Console without requiring an Administrator password. Enable the second property if you want to be able to copy files from the system media.

To create the ERD, you use the Emergency Repair Disk wizard in the Backup program. Win2K doesn't include the Rdisk utility.

When you run the ERD creator in the Backup program, Win2K copies basic operating support files to the disk and backs up the contents of \%systemroot% \system32\config to the repair directory. As in NT 4.0, the ERD isn't a bootable disk—you need the Setup boot disks or the installation CD-ROM to get to the Repair menu. When you create the ERD, you have the option to update the Repair data in your Win2K installation. The system stores the original Registry settings in \%systemroot%\system32 \repair but stores the updated settings in a \regback subfolder. Therefore, you can either restore your saved configuration or return to the original Registry settings.

You choose between two repair options when you use the ERD. Selecting Manual Repair lets you choose among the repair utility's repair options. When you select Fast Repair, the repair utility will perform all the repair tasks that Manual Repair offers. By default, the repair utility inspects the startup environment, verifies that the Win2K system files are present, and inspects the boot sector. Choose the repair option you want, and press Enter.

To use the ERD to repair a troublesome installation, insert the ERD and press Enter. Setup will search for a Win2K installation and ask you whether the installation it finds is the one you want to repair. If the selection is correct, press Enter.

Setup will read from setup.log (the record of all files originally installed) on the ERD and perform the repair operation you selected when you created the ERD. If the program detects files in your existing installation that don't match the files in setup.log, Setup will tell you. You can choose to skip the file, repair the file (i.e., replace it with the Win2K Server installation file), or repair all files that don't match their originals. A "skip all files" function doesn't exist, so you must tell Setup what to do on a file-by-file basis. Setup inspects the entire Win2K directory, so this process takes time.

Unfortunately, you can't identify the file that caused the problem. The ERD process identifies only files that differ from the files that Setup installs or that differ from your saved Registry backups in \regback.

When Setup finishes, your computer will prompt you to reboot and run Win2K. Your security information (e.g., policies, accounts, passwords) will be unchanged because the Registry doesn't store that information.

My Favorite Tool
My favorite Win2K Server recovery tool is the Recovery Console. First, this tool gives you an NTFS-compatible command-line interface to the Win2K system files that doesn't depend on a successful boot. You can put system files on an NTFS partition and benefit from the more efficient use of space and security that NTFS offers. Second, the Recovery Console lets you perform tasks that aren't possible with NT 4.0, such as stopping disabling services before they have a chance to start (ask me about the runaway network driver diagnostic that wouldn't die). However, the Recovery Console isn't complete. I wish the tool had a command-line version of the Registry Editor so that I could import and export .reg files from the command line and fix Registry-related problems without starting Win2K.

The Win2K ERD is potentially dangerous. If users don't understand the difference between the Win2K ERD, which doesn't store Registry backups on the diskette, and the NT 4.0 version, they'll learn the hard way if they assume that they're backing up the Registry by creating an ERD. However, some changes to the Win2K ERD in RC2 are an improvement over earlier versions, which makes me wonder whether the Win2K ERD was much of a tool in the first place. Currently, the tool works much as the NT 4.0 ERD does, except it doesn't store Registry files.

If you use the recovery tools in Win2K as Microsoft designed them for you to use, you'll be well equipped. The Advanced Options menu is handy for fixing minor problems, and the Recovery Console is excellent for replacing files or manipulating service settings to solve problems. Back up your Registry regularly and maintain an ERD, and you can handle most Win2K configuration problems.