Monday, November 21, 2011

Windows Server 2003 : Troubleshooting Group Policy

To maintain an effective Group Policy configuration, you must be able to troubleshoot Group Policy. Troubleshooting Group Policy involves using the Resultant Set Of Policy Wizard, the Gpresult.exe and Gpupdate.exe command-line tools, the Event Viewer, and log files to solve policy-related problems.

Troubleshooting Group Policy

As an administrator, you will likely have the task of finding solutions to problems with Group Policy. If problems occur, you might need to perform some tests to verify that your Group Policy configuration is working properly, such as the following:
  • Verify that GPOs apply to the appropriate users and computers.
  • Verify that folders configured for redirection are redirected to the appropriate location.
  • Verify that files and folders configured to be available offline are available when a computer is offline.
You will also need to be able to diagnose and solve problems, including:
  • GPOs are not applied.
  • GPOs cannot be accessed.
  • GPO inheritance issues cause unexpected results.
  • Folders are not redirected or are redirected to an unexpected location.
  • Files and folders are not available offline.
  • Files are not synchronized.
Windows Server 2003 operating systems provide the following Group Policy troubleshooting tools to assist you in verifying your configuration and in diagnosing and solving problems:
  • Resultant Set Of Policy Wizard
  • Gpresult.exe
  • Gpupdate.exe
  • Event Viewer
  • Log files
Troubleshooting Group Policy with the Resultant Set Of Policy Wizard and Gpresult.exe
Recall that the Resultant Set Of Policy Wizard and the Gpresult.exe command-line tool are both used to generate RSoP queries and provide the RSoPs for users and computers you specify. In Windows Server 2003 operating systems, these tools can help you greatly reduce the amount of time you spend troubleshooting.
Troubleshooting Group Policy with Gpupdate.exe
Recall that the Gpupdate.exe tool, which is new in Windows Server 2003 (and also exists in Windows XP Professional), enables you to refresh policy immediately. Gpupdate replaces the Secedit/refreshpolicy command used for refreshing GPOs in Windows 2000.
Troubleshooting Group Policy with Event Viewer
By examining the application event log in Event Viewer, you can view Group Policy failure and warning messages, such as the one shown in Figure 1. The application event log contains basic predetermined Group Policy events and is used to track problems, not for Group Policy planning. Event log records with the source Userenv pertain to Group Policy events.
Figure 1. Properties for a Group Policy event log message

To avoid flooding the log, not all Group Policy failures and warnings are displayed in the event log. You can retrieve more detailed information about Group Policy processing by setting a switch in the registry to enable verbose logging for the event log.
Caution
This section contains information about editing the registry. Using the Registry Editor incorrectly can cause serious damage to your operating system. Use the Registry Editor at your own risk.

To enable verbose logging for the event log, complete the following steps:
1.
Log on as Administrator.
2.
Click Start, and then click Run.
3.
In the Run dialog box, in the Open box, type regedit and then click OK.
4.
In the Registry Editor console, open the HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/ key, click Edit, select New, and then select Key on the toolbar.
5.
Type Diagnostics as the name of the new key. Right-click the new key, select New, and select DWORD Value on the toolbar.
6.
In the details pane, type RunDiagnosticLoggingGroupPolicy as the name of the new value. Right-click the new value, and select Modify.
7.
In the Edit DWORD Value dialog box, type 1 in the Value Data box. Ensure that the Hexadecimal option is selected. Click OK.
8.
Log off, and then log on again.
9.
Open the Application Log in Event Viewer, and view the enhanced Group Policy event logging.
Troubleshooting Group Policy with Log Files
You can generate a diagnostic log to record detailed information about Group Policy processing to a log file named Userenv.log in the hidden folder %systemroot%\Debug\Usermode. The generation of this diagnostic log is known as enabling verbose logging.
Caution
This section contains information about editing the registry. Using the Registry Editor incorrectly can cause serious damage to your operating system. Use the Registry Editor at your own risk.

To enable verbose logging to a log file, complete the following steps:
1.
Log on as Administrator.
2.
Click Start, and then click Run.
3.
In the Run dialog box, in the Open box, type regedit and then click OK.
4.
In the Registry Editor console, open the HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/Current Version/Winlogon key, click Edit, select New, and then select DWORD Value on the toolbar.
5.
In the details pane, type UserenvDebugLevel as the name of the new value. Right-click the new value, and select Modify.
6.
In the Edit DWORD Value dialog box, type 30002 in the Value Data box. Ensure that the Hexadecimal option is selected. Click OK.
7.
Log off, and then log on again.
8.
Open the %systemroot%\Debug\Usermode\Userenv.log file, and view the enhanced Group Policy event logging.
Note
To read or copy the logs on the target machine, you must have local Administrator rights.

The Userenv.log file, shown in Figure 2, provides details of errors and warnings in Group Policy processing on the computer on which it is set. Reading from left to right, this log shows a process code, the time it was processed (the date is not displayed), the process name, followed by a short statement of the error. The Userenv.log file has a maximum size of 1 megabyte (MB). At system startup, if the log file exceeds 1 MB, the contents are copied into a file named Userenv.bak and a new Userenv.log file is created.
Figure 2. Contents of a Userenv.log file

Group Policy Troubleshooting Scenarios

Table 1 describes some troubleshooting scenarios related to the Group Policy Object Editor console.
Table 1. Group Policy Object Editor Console Troubleshooting Scenarios
Problem: A user cannot open a GPO in the console even though he or she has Read access to it.
CauseSolution
A user must have both Read permission and Write permission for the GPO to open it in the Group Policy Object Editor console.Make the user a member of a security group with at least Read and Write, and preferably Full Control, permission for the GPO. For example, a domain administrator can manage nonlocal GPOs. An administrator for a computer can edit the local GPO on that computer.
Problem: When a user tries to edit a GPO, the Failed To Open The Group Policy Object message appears.
CauseSolution
A networking problem, specifically a problem with the Domain Name System (DNS) configuration.Make sure DNS is working properly. Refer to help for details.
Problem: When a user tries to edit a GPO, the Missing Active Directory Container message appears.
CauseSolution
This is caused by Group Policy attempting to link a GPO to an OU that it cannot find. The OU might have been deleted, or it might have been created on another domain controller but not replicated to the domain controller that you are using.Limit the number of administrators who can make structural changes to Active Directory, or who can edit a GPO at any one time. Allow changes to replicate before making changes that affect the same OU or GPO.
Problem: When a user tries to edit a GPO, the Snap-In Failed To Initialize message appears.
CauseSolution
This error can occur if Group Policy cannot find the file Framedyn.dll.If you use installation scripts, make sure that your scripts place the %systemroot%\System32\Wbem directory in the system path. By default, %systemroot%\System32\Wbem is in the system path already; therefore, you are not likely to encounter this issue if you do not use installation scripts.

Table 2 describes some troubleshooting scenarios where Group Policy settings are not taking effect.
Table 2. Group Policy Settings Troubleshooting Scenarios
Problem: Group Policy is not being applied to users and computers in a security group that contains those users and computers, even though a GPO is linked to an OU containing that security group.
CauseSolution
This is correct behavior. Group Policy affects only users and computers contained in sites, domains, and OUs. GPOs are not applied to security groups.Link GPOs to sites, domains, and OUs only. Keep in mind that the location of a security group in Active Directory is unrelated to whether Group Policy applies to the users and computers in that security group.
Problem: Group Policy is not affecting users and computers in a site, domain, or OU.
CauseSolution
Group Policy settings can be prevented, intentionally or inadvertently, from taking effect on users and computers in several ways. A GPO can be disabled from affecting users, computers, or both. It also needs to be linked either directly to an OU containing the users and computers or to a parent domain or OU so that the Group Policy settings apply through inheritance. When multiple GPOs exist, they are applied in this order: local, site, domain, OU. By default, settings applied later have precedence. In addition, Group Policy can be blocked at the level of any OU or enforced through a setting of No Override applied to a particular GPO link. Finally, the user or computer must belong to one or more security groups with appropriate permissions set.Make sure that the intended policy is not being blocked. Make sure no policy set at a higher level of Active Directory has been set to No Override. If Block Policy Inheritance and No Override are both used, keep in mind that No Override takes precedence. Verify that the user or computer is not a member of any security group for which the Apply Group Policy access control entry (ACE) is set to Deny. Verify that the user or computer is a member of at least one security group for which the Apply Group Policy permission is set to Allow. Verify that the user or computer is a member of at least one security group for which the Read permission is set to Allow.
Problem: Group Policy is not affecting users and computers in an Active Directory container.
CauseSolution
GPOs cannot be linked to Active Directory containers other than sites, domains, and OUs.Link a GPO to an object that is a parent to the Active Directory container. Then, by default, those settings are applied to the users and computers in the container through inheritance.
Problem: Local Group Policy is not taking effect on the computer.
CauseSolution
Local policies are the weakest. Any nonlocal GPO can overwrite them.Check to see what GPOs are being applied through Active Directory and whether those GPOs have settings that are in conflict with the local settings.




Other

Windows Server 2003 Boot Process: Common Errors & Solutions

The boot process starts when you turn on your computer and ends when you log on to Windows Server 2003. There can be various reasons for startup failures. Some can be easily corrected, while others might require you to reinstall Windows Server 2003.
This article will help you understand and troubleshoot most of the errors commonly occurring during the Windows Server 2003 boot process.

While diagnosing a server error, it is important to first determine at which stage the error occurred. A server error can occur when the server is booting, during its running time or even when it is shutting down.

The Boot Process

The boot process will slightly differ depending on whether your server is using an x86-based processor or an Itanium-based processor. This article exclusively deals with x86-based boot Process
If you are running Windows Server 2003 on an x86-based platform, the boot process consists of six major stages:
  1. The pre-boot sequence
  2. The boot sequence
  3. Kernel load sequence
  4. Kernel initialization sequence
  5. Logon sequence
  6. Plug and Play detection
Many files are used during these stages of the boot process. The following sections describe the steps in each boot process stage, the files used, and the errors that might occur.

Stage 1: Pre-Boot Sequence

A normal boot process begins with the pre-boot sequence, in which your computer starts up and prepares to boot the operating system.
The computer will search for a boot device based on the boot order that was configured in the computer’s BIOS settings.

Steps in the Pre-Boot Sequence

The preboot sequence is not truly a part of windows booting process.
The pre-boot sequence consists of the following steps:
  1. When the computer is powered on, it runs a power-on self-test (POST) routine. The POST detects the processor you are using, how much memory is present, the hardware is recognized and what BIOS (Basic Input/Output System) your computer is using.
  2. The BIOS points to the boot device and the Master Boot Record (MBR) is loaded. It is also sometimes called the master boot sector or even just the boot sector.The MBR is located on the first sector of the hard disk. It contains the partition table and master boot code, which is executable code used to locate the active partition.
  3. The MBR points to the Active partition. The active partition is used to specify the partition that should be used to boot the operating system. This is normally the C: drive. Once the MBR locates the active partition, the boot sector is loaded into memory and executed.
  4. The Ntldr file is copied into memory and executed. The boot sector points to the Ntldr file, and this file executes. The Ntldr file is used to initialize and start the Windows Server 2003 boot process.

Possible Errors & Solutions

If you see errors during the pre-boot sequence, they are probably not related to Windows Server 2003, since the operating system has not yet been loaded. The following table lists some common causes for errors and solutions .
Symptom
Cause

Solution
Corrupt MBR There are many viruses that affect MBR and corrupt it. You can protect your system from this type of error by using a virus-scanning software. Most of the commonly used virus-scanning programs can correct an infected MBR.
Improperly configured hardware If the POST cannot recognize your hard drive, the pre-boot stage will fail. This error can occur even if the device was working properly and you haven’t changed your configuration. Recheck your device configuration, driver settings. Also check for any hardware malfunction and failure.
No partition is marked as active This can happen if you used the Fdisk utility and did not create a partition from all of the free space. If you created your partitions as a part of the Windows Server 2003 installation and have dynamic disks, marking an active partition is done for you during installation. If the partition is FAT16 or FAT32 and on a basic disk, you can boot the computer to DOS or Windows 9x with a boot disk. Then run Fdisk and mark a partition as active.
Corrupt or missing Ntldr file There are chances that, Ntldr file may be corrupted or deleted by virus attack. . You can restore this file through Automated System Recovery or a Windows Server 2003 boot disk.
Back to the Top

Stage 2: Boot Sequence

When the pre-boot sequence is completed, the boot sequence begins. Ntldr switches the CPU to protected mode, which is used by Windows Server 2003 and starts the appropriate file systems.
The contents of the Boot.ini file are read and the information is used to build the initial boot menu selections. When Windows Server 2003 is selected, Ntdetect.com gathers the system’s basic hardware configuration data and passes the collected information back to Ntldr. The system also checks to see if more than one hardware profile is detected; if so, the hardware profile selection menu will be displayed as a part of the startup process.

Possible Errors & Solutions

The following table lists some common causes for errors during the boot stage.
Symptom
Cause

Solution
Missing or corrupt boot files If Ntldr, Boot.ini, Bootsect.dos, Ntdetect.com, or Ntoskrnl.exe is corrupt or missing (by a virus or malicious intent), the boot sequence will fail. You will see an error message that indicates which file is missing or corrupt. You can restore these files through Automated System Recovery.
Improperly configured Boot.ini file It can occur when you manually edit Boot.ini or if you have made any changes to your disk configuration. Recheck your configuration.
Unrecognizable or improperly configured hardware If the error that appears is due to Ntdetect.com, the issue is surely due to hardware problems. Best method to trouble shoot it is to remove all the hardware that is not required to boot the computer. Add each piece one by one and boot your computer. This will help you to identify the culprit.

Important Files

Along with the Ntldr file, which was described in the previous section, the following files are used during the boot sequence:

Boot.ini

This is used to build the operating system menu choices that are displayed during the boot process. It is also used to specify the location of the boot partition. This file is located in the root of the system partition. It has the file attributes of System and Hidden.

Bootsect.dos

An optional file that is loaded if you choose to load an operating system other than Windows Server 2003, Windows 2000, or Windows NT. It is used only in dual- boot or multi-boot computers. This file is located in the root of the system partition. It has the file attributes of System and Hidden.

Ntdetect.com

Used to detect any hardware that is installed and add that information about the hardware to the Registry. This file is located in the root of the system partition. It has the file attributes of System, Hidden, and Read-only.

Ntoskrnl.exe

Used to load the Windows Server 2003 operating system. This file is located in WindirSystem32 and has no file attributes.

Steps in the Boot Sequence

The boot sequence consists of the following steps:
  1. Ntldr switches the processor from real mode to protected mode. Then it starts file system drivers which supports your computer’s file system.
  2. Ntldr is responsible for reading Boot.ini file. It displays a â€Å“boot menu which lets users to choose the operating system to load.If we choose an operating system other than Windows server 2003 say Windows 2000, or Windows NT, the Bootsect.dos file is used to load the alternate operating system, and the Windows Server 2003 boot process terminates.
  3. Ntdetect.com file performs a hardware scan/detection and any hardware that is detected is added to registry in the HKEY_LOCAL_MACHINE key. The hardware that Ntdetect.com will recognize includes communication and parallel ports, the keyboard, the floppy disk drive, the mouse, the SCSI adapter, and the video adapter.
  4. Control is passed to Ntoskrnl.exe to start the kernel load process.
Back to the Top

Stage 3: Kernel Load Sequence

All of the information that is collected by Ntdetect.com is passed to Ntoskrnl.exe.
The kernel load sequence consists of the following steps:
  1. The Ntoskrnl.exe file is loaded and initialized.
    • Initializes executive subsystems and boot system-start device drivers.
    • NOTE: By executive subsystems, I meant Process and Thread Manager, The Virtual Memory Manager, The Input/Output Manager, The Object Manager, Runtime Libraries which all runs in kernel mode.
    • Prepares the system for running native applications.
    • NOTE: If you are not familiar with native applications, then it needs explanation. Windows provide two type of API. Well known Windows API (All Windows programs must interact with the Windows API regardless of the language.) and Native API. Native API is used by some windows components like kernel level drivers and system process aka csrss.exe
    • runs Smss.exe.
  2. The function of Ntoskrnl.exe:
  3. The Hardware Abstraction Layer (or HAL) is loaded. The HAL is a kernel mode library (HAL.DLL) that provides a low-level interface with the hardware. Windows components and third-party device drivers communicate with the hardware through the HAL.
  4. The control for the operating system is loaded. The control set is used to control system configuration information such as a list of device drivers that should be loaded.
  5. Low-level device drivers, such as disk drivers are loaded.

Possible Errors & Solutions:

If you have problems loading the Windows Server 2003 kernel, you will most likely need to reinstall the operating system.
Back to the Top

Stage 4: Kernel Initialization Sequence

In the kernel initialization sequence, the HKEY_LOCAL_MACHINEHARDWARE Registry is created, device drivers are initialized, and high-order subsystems and services are loaded.
The kernel initialization sequence consists of the following steps:
1. Once the kernel has been successfully loaded, the Registry key HKEY_LOCAL_MACHINE HARDWARE is created. This Registry key is used to specify the hardware configuration of hardware components when the computer is started.
2. The device drivers that were loaded during the kernel load phase are initialized.
3. Higher-order subsystems and services are loaded.
Note: Higher order subsystem include, POSIX Subsystem, OS/2 subsystem.

Possible Errors & Solutions:

If you have problems during the kernel initialization sequence, you may trying booting to the Last Known Good configuration.
Back to the Top

Stage 5: Logon Sequence

Session Manager Subsystem or smss.exe plays a vital role in logon sequence. Its main function include.
1. It creates environment variables in the operating system.
2. It Starts the kernel and user modes of the Win32 subsystem (win32k.sys and csrss.exe). It then starts other subsystems that are listed in HKLMSystemCurrentControlSetControlSession ManagerSubSystems Registry key.
3. smss.exe starts winlogon.exe, the Windows logon manager.
winlogon.exe is a system service that enables logging on and off of users. It is also responsible for loading user profile.
It invokes GINA( Graphical Identification and Authentication) which displays login prompt. The GINA accepts the user login credentials and passes it back to Winlogon.
Winlogon then Starts Lsass.exe (the Local Security Authority) and passes login credentials to LSA. LSA determine which user account databases is to be used for authentication eg: Local SAM or Active Directory in case you are in a windows domain.
4. smss.exe finally starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM). It executes and performs a final scan of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices to see if there are any remaining services that need to be loaded.

Possible Errors & Solutions

  1. If logon errors occurs, they are usually due to an incorrect username or password or to the unavailability of a DNS server or a domain controller to authenticate the request (if the computer is a part of a domain).
  2. Errors can also occur if a service cannot be loaded. If a service fails to load, you will see a message in the System Log of Event Viewer.
Back to the Top

Stage 6: Plug and Play Device Detection Phase

If Windows Server 2003 has detected any new devices during the startup process, they will automatically be assigned system resources.
If the device is Plug and Play and the needed driver can be obtained from the Driver.cab file, they are extracted.
Device detection occurs asynchronously with the initial user logon process when the system is started.

Possible Errors & Solutions

If the needed driver files are not found, the user will be prompted to provide them. If you have already installed the driver, then a simple reboot should detect the driver.
Most of the problem that occur at this stage can be corrected by a reboot.
Back to the Top

Conclusion

I have explained how you can workaround most of the common errors encountered during the booting process. Also I have explained the actual sequence of steps happening during each stage of the booting process. This will help you understand the actual cause behind the error and thus diagnosis the issue better.
You can also find a brief explanation about important files and executables that come under the various stages.

How To Troubleshoot Shutdown Problems in Windows Server 2003

SUMMARY

This article describes general procedures that you can use to troubleshoot shutdown problems in Windows Server 2003.

When Windows shuts down, messages are sent to the devices, system services, and programs that are installed on the computer. These messages announce that Windows is preparing to shut down. The operating system waits for responses from programs that are running to make sure that the programs save unsaved data to the hard disk and shut down correctly. Each device, service, and program that is running typically responds to the shutdown message with a message that states that the program can be closed.

You may experience one or more of the following symptoms when you try to turn off the computer:
  • The computer stops responding (hangs). When this symptom occurs, a black screen may be displayed.
  • The computer does not turn off when you receive the message that states that it is safe to turn off your computer.
  • You receive an error message.
Typical causes of shutdown problems include the following:
  • Faulty or incompatible device drivers.
  • System services that either do not respond correctly or send busy request messages to the system.
  • Faulty or incompatible programs.

How to Troubleshoot Shutdown Problems in Windows Server 2003

To troubleshoot shutdown problems and to isolate the cause of the incorrect shutdown behavior, use the following methods:
  • Use Task Manager to identify the cause of the shutdown behavior.
  • Undo any recent changes to the computer.
  • Use safe mode to identify the cause of the shutdown behavior.
  • Confirm that the computer's complementary metal oxide semiconductor (CMOS) and basic input/output system (BIOS) settings are correct.

How to Use Task Manager to Identify the Cause of the Shutdown Behavior

Use Task Manager to determine the programs that are currently running on the computer. For each program that is listed in Task Manager, manually quit the program, and then shut down and restart the computer to test if the shutdown problem is resolved. To do this, follow the procedure that is described in this section.

NOTE: It is possible that not all programs that are currently running on the computer are listed on the Applications tab of Task Manager.
  1. Press CTRL+ALT+DELETE, and then click Task Manager.
  2. Click the Applications tab.
  3. In the Task column, click the program that you want to quit, and then click End Task.
  4. Quit Task Manager.
  5. Turn off the computer.

How to Undo Any Recent Changes to the Computer

If the shutdown behavior occurs immediately after you make a change to the computer (for example, you install or upgrade a program, a service, or hardware that has device drivers), undo the last change that you made. For example, remove either the last driver or the last program that you installed, and then shut down and restart the computer to test whether the computer shuts down correctly.

How to Use Safe Mode to Identify the Cause of the Shutdown Behavior

When you start your computer in safe mode, only a minimal set of necessary drivers and services is loaded. Safe mode is a useful diagnostic tool to use when you want to identify and resolve problems that are caused by faulty drivers, programs, or services that start automatically.

To determine if the computer shuts down correctly in safe mode:
  1. Restart the computer.
  2. When are prompted to select the operating system to start, press F8.
  3. On the Windows Advanced Option menu, use the ARROW keys to select Safe Mode, and then press ENTER.
  4. If you are using a dual-boot computer or a multiple-boot computer, select Microsoft Windows Server 2003 from the list that is displayed, and then press ENTER.
  5. After the computer starts in safe mode, turn off the computer.

    If the computer shuts down correctly when it is in safe mode, repeat steps 1 through 4 to restart the computer in safe mode, and then go to step 6 and follow the remaining steps of this procedure to troubleshoot and identify the cause of the shutdown problem.
  6. View the boot log file, Ntbtlog.txt, and then make a note of the devices and services that did not load when you started your computer in safe mode.

    The Ntbtlog.txt file is located in the %SystemRoot% folder (by default, this is the Windows folder). You can use Notepad to open and view the file. The Ntbtlog.txt file lists devices and services that load (and do not load) when you start your computer in safe mode.

    NOTE: If there are third-party drivers or services that run when your computer is in normal mode but do not run when your computer is in safe mode, the third-party drivers or services may be the cause of the incorrect shutdown behavior.
  7. Restart the computer in normal mode, and then do one of the following:
    • Remove the drivers for each of the drivers and services that you identified in the Ntbtlog.txt file to be possible causes of the incorrect shutdown behavior.
    • Stop the services or disable the services one at a time.
    You can use Device Manager to remove or disable devices and their drivers.
    For additional information about how to manage devices by using Device Manager, click the article numbers below to view the articles in the Microsoft Knowledge Base:
    199276  How to Manage Devices in Windows
    244601  How to Troubleshoot Unknown Devices Listed in Device Manager
    125174  Explanation of Error Codes Generated by Device Manager
    323423  Configure Devices Using Device Manager in Windows Server 2003
  8. Turn off the computer to test whether the shutdown problem is resolved.
  9. After you identify the problem service or driver, either reinstall the service or the driver if you suspect that a file is damaged or contact the manufacturer to report the behavior and to obtain information about possible updates that you can use to resolve the shutdown behavior.
For additional information about how to troubleshoot shutdown problems by using safe mode, click the article number below to view the article in the Microsoft Knowledge Base:
266169  How to Troubleshoot Problems with Standby Mode, Hibernate Mode, and Shutting Down Your Computer in Windows 2000

How to Confirm that the Computer's CMOS/BIOS Settings Are Correct

WARNING: This procedure may involve changing your computer's CMOS settings and changing the BIOS. Incorrect changes to the BIOS of your computer can result in serious problems. Change the computer's CMOS settings at your own risk.

Incorrect or damaged CMOS and BIOS settings can cause startup and shutdown problems. For information about the correct CMOS and BIOS settings for your computer and how to check and change these settings, see the computer documentation or contact the manufacturer of your computer. To confirm that the computer's BIOS is current, contact the computer manufacturer to inquire about the latest BIOS update available for your computer.

How to Use a Parallel Installation to Identify the Cause of the Shutdown Behavior

To use a parallel installation to troubleshoot shutdown behavior:
  1. Install a new copy of Windows Server 2003 to a separate partition on the computer (create a parallel installation), and then install drivers and programs one at a time on the parallel installation.
  2. Shut down and restart the computer between each program installation and note if the incorrect shutdown behavior occurs.

    If the behavior occurs, the last driver or the program that you installed may be the cause of the incorrect shutdown behavior.
  3. Either remove or update the driver or the program from the original installation, and then test Windows for correct shutdown.

    If the problem is resolved, remove the parallel Windows installation.



Monday, November 14, 2011

Windows XP Network Troubleshooting



Specific Networking Problems and Solutions


Problem: Windows XP takes a long time to open a shared disk or folder on a computer running Windows 95, 98, or Me
Description: This is a different problem than My Network Places taking a long time to open. This problem occurs after you double click a shared disk or folder.
Possible Solutions:
  • Disable searching for scheduled tasks
This Microsoft Knowledge Base article describes a bug in Windows 2000 Professional that might also exist in Windows XP. Disable searching for scheduled tasks by deleting this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\RemoteComputer\NameSpace\
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
· Delete stored network passwords
1. Click Control Panel | User Accounts.
2. Click your user name.
3. Click Manage my network passwords.
4. Click each entry and click Remove.

Problem: Network Connection Has IP Address 169.254.x.x
Description: The network card is configured to obtain an IP address automatically, and it’s connected to a network with a DHCP server: hardware router, another computer running Internet Connection Sharing, cable modem, DSL modem, etc. But it gets a 169.254.x.x IP address, which indicates that it can’t communicate with the DHCP server:
Possible Solutions:
  • Connect the computer using a different Ethernet cable or hub/switch/router port.
  • Download and install the latest firmware for the hardware router.
  • Disable XP’s Internet Connection Firewall on the local area network connection.
  • The card is configured to automatically sense network speed and duplex mode, but auto-sensing is failing. Configure the speed and duplex mode manually. For example, most switches and routers use 100 Mb speed and full duplex. To make the settings, right click the network connection and click Properties |Configure Advanced.
  • Un-install the network card and move it to a different slot.
  • If you have a cable modem connection, turn off the computer, turn off the cable modem, and wait a few minutes. Turn on the cable modem, and then turn on the computer.

Problem: Renewing a DHCP lease fails, with error message “An error occurred while renewing interface : The system cannot find the file specified.”
Problem: Network connection configured to obtain an IP address automatically has IP address 0.0.0.0
Solution: Make sure that the DHCP Client service is running:
  1. Right click My Computer, and click Manage.
  2. Double click Services and Applications.
  3. Double click Services.
  4. Double click DHCP Client. If the Service status is Stopped, click Start.
  5. Set the Startup type to Automatic.
Thanks to Lightcap, who suggested this fix in a news group message.

Problem: Computers can ping each other by IP address, but not by name.
Description: An attempt to ping a computer by name gets the message Ping request could not find host . Please check the name and try again.
Solution: Make sure that NetBIOS Over TCP/IP is enabled.

Error Message: Network Cable Unplugged
Description: Don’t take this message literally – there are many causes besides not having a cable physically plugged into the network card. The message really means that the network card doesn’t detect a live link to another device on the other end of the cable.
Possible Solutions:
  • Download and install the latest network card driver program.
  • Check the cabling – a bad cable will prevent link detection. Substitute a cable that’s known to be good.
  • Check the link lights on the device on the other end of the cable, whether it’s a hub, switch, router, or a NIC in another computer. It should show a live link to the NIC. If it doesn’t, try a different port.
  • Auto-detecting speed and duplex mode can be unreliable. Set them manually. Most routers and switches use 100Mb, full duplex. Hubs can only use half duplex.

Error Message: xxxxx is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permission .
Description: xxxxx is a computer or workgroup name. This is a generic networking error message that doesn’t provide much, if any useful information. It should be followed by a more specific message.

Error Message: The list of servers for this workgroup is not currently available.
Solution: Make sure that the Computer Browser service is running on at least one Windows XP computer on the network:
  1. Right click My Computer, and click Manage.
  2. Double click Services and Applications.
  3. Double click Services.
  4. Double click Computer Browser. If the Service status is Stopped, clickStart.
  5. Set the Startup type to Automatic.

Error Message: Unable to browse the network. The network is not accessible.
Description: This error message appears on a computer running Windows 95/98/Me.
Solution: Make sure that:
  • The user is logged on. Click Start | Log Off  and log back on.
  • The Computer Browser service is running on at least one Windows XP computer on the network.

Problem: Internet Connection Sharing Clients Can’t Access Some Web Sites
Description: This is a common problem when the host computer has a DSL connection that uses PPP Over Ethernet (PPPoE), due to a bug in the Windows XP PPPoE client.
Solution: Many people have reported solving the problem by using the RASPPPoEclient instead of XP's. It’s available for free download from its author.

Problem: Computer A Can Ping Computer B, but not Vice Versa
Solution: This is almost always caused by an improperly configured firewall on Computer A.

Problem: XP's Network Setup Wizard Says That No Network Card Is Installed
Solution: XP's Network Setup Wizard sometimes fails to recognize an installed and working network card. This is because the NIC's driver program doesn't respond correctly to all of the queries that the Wizard makes when it's looking for a NIC. Configure the card’s TCP/IP properties manually. Here’s how to do it for Windows 95/98/MeWindows 2000, and Windows XP. Then set the workgroup name to MSHOME.

Problem: One Computer Can’t Access Some Web Sites, but Other Computers Can
Solution: Look for the Windows Hosts file on the problem computer:
  • Windows 95/98/Me: C:\Windows\Hosts
  • Windows 2000: C:\WinNT\System32\Drivers\Etc\Hosts
  • Windows XP: C:\Windows\System32\Drivers\Etc\Hosts
Open it with a text editor and you'll probably find lines with the names of the sites that you can't access. Delete those lines, save the file, and try again. If those are the only lines in the file, delete the file. Be sure to save it with a file name of just Hosts, with no file type. If your editor saves it as Hosts.txt, rename it to just Hosts.
The Hosts file can be created by "web accelerator" programs that store name-to-IP address translations. This might speed up access by a tiny amount, but it causes problems when a site's IP address changes.

Error Message - PING: transmit failed, error code 65
Description: This error message occurs when you try to ping any IP address.
Solution: A firewall program has been incompletely removed. Re-install it, then remove it as described in our article on removing firewalls.

Problem: A shared disk or folder doesn’t appear in My Network Places
Description: The disk or folder is shared correctly on another computer, but it doesn’t appear.
Solution 1: Click Add a network place and follow the prompts to add it. Browse to it through Entire Network, or specify the path name using the form\\computer\share.
Solution 2: Click View workgroup computers, then click the computer that has the shared disk or folder.

Error Message: No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.
Description: Windows XP Home Edition allows a maximum of 5 other computers to access its shared disks and folders simultaneously. Windows XP Professional allows a maximum of 10. This message appears when the maximum has been reached and another computer requests access.
Solution: There’s no way to change the limit. A computer that’s already connected must close its connection before another can have access.

Error Message: An error has occurred while trying to share . The Server service is not started. The shared resource was not created at this time.
Solution: To start the Server service:
  1. Right click My Computer and select Manage.
  2. Double click Services and Applications.
  3. Double click Services.
  4. Scroll down the list of services and double click Server.
  5. Click the Start button.
  6. Set the Startup type to Automatic.
  7. Click Apply and OK.

10 Ways to Troubleshoot DNS Resolution Issues


Introduction

We all need proper DNS resolution for our network applications. When it this is not working, what do you do? Let us find out…
Let’s face it, when DNS resolution is not working, using anything on your computer that has to do with networking is painful because there is good chance it will not work. DNS really is not a “nice feature” of a network, it is a requirement. As a network admin, I have heard the alarming cry of end users moaning that the network is down, when it would be the cause of the DNS servers. In these cases I assure them that the network is up and running fine but it is the DNS servers that are down! As you can imagine, that does not go over very well with them because to an end user, it is all the same thing. DNS is “the network” (not that they know what DNS is anyway).
So how do you troubleshoot this critical network infrastructure service when you are on an end user PC (or your PC) and DNS is not resolving a DNS name? Here are the 10 tips and tricks that I recommend you try to get DNS working again…

1. Check for network connectivity

Many times, if you open your web browser, go to a URL, and that URL fails to bring up a website, you might erroneously blame DNS. In reality, the issue is much more likely to be caused by your network connectivity. This is especially true if you are using wireless networking on a laptop. With wireless security protocols, the key will be periodically renegotiated or the signal strength will fade, causing a loss of network connectivity. Of course, you can lose network connectivity on any type of network.
In other words, before blaming DNS for your problems, start troubleshooting by checking “OSI Layer 1 – Physical” first and then check your network connectivity. Here you should find a wireless connection with a valid Internet connection.

Figure 1: Good Wireless Network Connection
Notice how the Access is Local and Internet. If it just said “Local” then you do not have a valid network address (you only have a private APIPA that starts with 169.x.x.x).
This brings me to my next point. Make sure that you have a valid IP address on your network. You can check this out by going to View Status on the screen above and then to Details, you can check your IP address and verify your DNS Server IP addresses. Again, if you have a 169.x.x.x IP address you will never get to the Internet. Here is what it looks like:

Figure 2: Verifying your IP address and DNS Server IP addresses

2. Verify your DNS server IP addresses are correct and in order

Once you know that you have network connectivity and a valid IP address, let us move on to digging deeper into DNS by verifying that your DNS Server IP addresses are correct and are in the right order.
If you look at Figure 2 above, you can see the IPv4 DNS Server IP addresses. Notice that these are both on my local LAN / subnet so that I can access them even if my default gateway is down. This is how it works on most enterprise networks. However, your DNS servers do not always have to be on your subnet. In fact, with most ISPs, the DNS Server IPs would not even be on the same subnet as the default gateway.
In most home/SMB router configurations, they do not have their own DNS servers and the SMB router is proxying DNS to the real DNS Servers. In that case, your DNS Server IP address may be the same as your router.
Finally, make sure that your DNS Servers are in the right order. In my case, with the graphic in Figure 2, my local DNS Server is 10.0.1.20. It is configured to forward any names that it cannot resolve to 10.0.1.1, my local router. That router is proxying DNS to my ISP’s DNS Servers. I can look up those DNS Servers on my router, shown below in Figure 3.

Figure 3: My local DNS Servers, received from my ISP via DHCP
That brings me to two more points. First, make sure that your DNS Servers are in the right order. If you have a local DNS Server, like I do, and you are looking up a local DNS name, you want your PC client to lookup that local DNS name in the local DNS Server FIRST, before the Internet DNS Server. Thus, your local DNS server needs to be first in your DNS settings as these DNS Server IPs are in the order that they will be used.
Secondly, you should be able to ping the IP address of your ISP’s DNS Servers. So, just as my DNS servers are listed above on my router, I can verify that I can ping them even from my local PC:

Figure 4: Pinging my ISP’s DNS Server
Notice how the response time from the ping to my ISP’s DNS Server is horrible. This could cause slow DNS lookups or even failure if it takes too long for the DNS server to respond.

3. Ping the IP address of the host you are trying to get to (if it is known)

A quick way to prove that it is a DNS issue and not a network issue is to ping the IP address of the host that you are trying to get to. If the connection to the DNS name fails but the connection to the IP address succeeds, then you know that your issue has to do with DNS.
I know that if your DNS Server is not functioning then it could be hard to figure out what the IP address is that you want to connect to. Thus, to carry out this test, you would have to have a network diagram or, like many network admins do, just have the IP address of a common host memorized.
If this works, until the DNS server is available again, you could manually put an entry in your hosts file to map the IP to the hostname.

4. Find out what DNS server is being used with nslookup

You can use the nslookup command to find out a ton of information about your DNS resolution. One of the simple things to do is to use it to see what DNS server is providing you an answer and which DNS server is NOT. Here is my nslookup of www.WindowsNetworking.com

Figure 5: nslookup output
Notice, in Figure 5, how my local DNS server failed to respond but my ISP’s DNS server did provide me a “non-authoritative answer”, meaning that it does not host the domain but can provide a response.
You can also use nslookup to compare the responses from different DNS servers by manually telling it which DNS server to use.

5. Check your DNS suffix

If you are looking up a local host on a DNS server that your PC is a member of, you might be connecting to a host and not using the FQDN (fully qualified DNS name) and counting on the DNS suffix to help out. For example, if I were to connect to “server1”, the DNS server could have multiple entries for that DNS name. You should have your network adaptor configured with the connection specific DNS suffix, as shown on the first line on the graphic above, labeled Figure 1. Notice how in that graphic my DNS suffix is wiredbraincoffee.com. Whenever I enter just a DNS name like server1, the DNS suffix will be added on the end of it to make it server1.wiredbraincoffee.com.
You should verify that your DNS suffix is correct.

6. Make sure that your DNS settings are configured to pull the DNS IP from the DHCP server

It is likely that you would want your network adaptor to obtain DNS Server IP addresses from the DHCP Server.  If you look at the graphic below, this adaptor has manually specified DNS Server IP addresses.

Figure 6: Verify DNS Server Settings
You may need to change to “Obtain DNS server address automatically” in order to get a new DNS server IP. To do this, open the Properties tab of your network adaptor and then click on Internet Protocol Version 4 (TCP/IPv4).

7. Release and renew your DHCP Server IP address (and DNS information)

Even if your adaptor is set to pull DNS information from DHCP, It is possible that you have an IP address conflict or old DNS server information. After choosing to obtain the IP and DNS info automatically, I like to release my IP address and renew it.
While you can do this with a Windows Diagnosis in your network configuration, I like to do it in the command prompt. If you have UAC enabled, make sure you run the Windows cmd prompt as administrator then do:
IPCONFIG /RELEASE
IPCONFIG /RENEW
Then, do an IPCONFIG /ALL to see what your new IP and DNS Server info looks like.

8. Check the DNS Server and restart services or reboot if necessary

Of course, if the DNS server is really hung, or down, or incorrectly configured, you are not going to be able to fix that at the client side. You may be able to bypass the down server somehow, but not fix it.
Thus, it is very likely that you, or the admin responsible for the DNS server, need to check the DNS Server status and configuration to resolve your DNS issue.

9. Reboot your small office / home DNS router

As I mentioned above in #2 and showed in Figure 3, on home and small office routers, the DNS server settings are typically handed out via DHCP with the DNS server set to the IP of the router and the router will proxy the DNS to the ISP’s DNS server.
Just as it is possible that your local PC has network info (including DNS server IP Addresses), it is also possible that your router has bad info. To ensure that your router has the latest DNS server information, you may want to do a DHCP release and renew on the router’s WAN interface with the ISP. Or, the easier option may be just to reboot the router to get the latest info.

10. Contact your ISP

We all know how painful it can be to contact an ISP and try to resolve a network issue. Still, if your PC is ultimately getting DNS resolution from your ISP’s DNS servers, you may need to contact the ISP, as a last resort.