Monday, November 21, 2011

Windows Server 2003 Boot Process: Common Errors & Solutions

The boot process starts when you turn on your computer and ends when you log on to Windows Server 2003. There can be various reasons for startup failures. Some can be easily corrected, while others might require you to reinstall Windows Server 2003.
This article will help you understand and troubleshoot most of the errors commonly occurring during the Windows Server 2003 boot process.

While diagnosing a server error, it is important to first determine at which stage the error occurred. A server error can occur when the server is booting, during its running time or even when it is shutting down.

The Boot Process

The boot process will slightly differ depending on whether your server is using an x86-based processor or an Itanium-based processor. This article exclusively deals with x86-based boot Process
If you are running Windows Server 2003 on an x86-based platform, the boot process consists of six major stages:
  1. The pre-boot sequence
  2. The boot sequence
  3. Kernel load sequence
  4. Kernel initialization sequence
  5. Logon sequence
  6. Plug and Play detection
Many files are used during these stages of the boot process. The following sections describe the steps in each boot process stage, the files used, and the errors that might occur.

Stage 1: Pre-Boot Sequence

A normal boot process begins with the pre-boot sequence, in which your computer starts up and prepares to boot the operating system.
The computer will search for a boot device based on the boot order that was configured in the computer’s BIOS settings.

Steps in the Pre-Boot Sequence

The preboot sequence is not truly a part of windows booting process.
The pre-boot sequence consists of the following steps:
  1. When the computer is powered on, it runs a power-on self-test (POST) routine. The POST detects the processor you are using, how much memory is present, the hardware is recognized and what BIOS (Basic Input/Output System) your computer is using.
  2. The BIOS points to the boot device and the Master Boot Record (MBR) is loaded. It is also sometimes called the master boot sector or even just the boot sector.The MBR is located on the first sector of the hard disk. It contains the partition table and master boot code, which is executable code used to locate the active partition.
  3. The MBR points to the Active partition. The active partition is used to specify the partition that should be used to boot the operating system. This is normally the C: drive. Once the MBR locates the active partition, the boot sector is loaded into memory and executed.
  4. The Ntldr file is copied into memory and executed. The boot sector points to the Ntldr file, and this file executes. The Ntldr file is used to initialize and start the Windows Server 2003 boot process.

Possible Errors & Solutions

If you see errors during the pre-boot sequence, they are probably not related to Windows Server 2003, since the operating system has not yet been loaded. The following table lists some common causes for errors and solutions .
Symptom
Cause

Solution
Corrupt MBR There are many viruses that affect MBR and corrupt it. You can protect your system from this type of error by using a virus-scanning software. Most of the commonly used virus-scanning programs can correct an infected MBR.
Improperly configured hardware If the POST cannot recognize your hard drive, the pre-boot stage will fail. This error can occur even if the device was working properly and you haven’t changed your configuration. Recheck your device configuration, driver settings. Also check for any hardware malfunction and failure.
No partition is marked as active This can happen if you used the Fdisk utility and did not create a partition from all of the free space. If you created your partitions as a part of the Windows Server 2003 installation and have dynamic disks, marking an active partition is done for you during installation. If the partition is FAT16 or FAT32 and on a basic disk, you can boot the computer to DOS or Windows 9x with a boot disk. Then run Fdisk and mark a partition as active.
Corrupt or missing Ntldr file There are chances that, Ntldr file may be corrupted or deleted by virus attack. . You can restore this file through Automated System Recovery or a Windows Server 2003 boot disk.
Back to the Top

Stage 2: Boot Sequence

When the pre-boot sequence is completed, the boot sequence begins. Ntldr switches the CPU to protected mode, which is used by Windows Server 2003 and starts the appropriate file systems.
The contents of the Boot.ini file are read and the information is used to build the initial boot menu selections. When Windows Server 2003 is selected, Ntdetect.com gathers the system’s basic hardware configuration data and passes the collected information back to Ntldr. The system also checks to see if more than one hardware profile is detected; if so, the hardware profile selection menu will be displayed as a part of the startup process.

Possible Errors & Solutions

The following table lists some common causes for errors during the boot stage.
Symptom
Cause

Solution
Missing or corrupt boot files If Ntldr, Boot.ini, Bootsect.dos, Ntdetect.com, or Ntoskrnl.exe is corrupt or missing (by a virus or malicious intent), the boot sequence will fail. You will see an error message that indicates which file is missing or corrupt. You can restore these files through Automated System Recovery.
Improperly configured Boot.ini file It can occur when you manually edit Boot.ini or if you have made any changes to your disk configuration. Recheck your configuration.
Unrecognizable or improperly configured hardware If the error that appears is due to Ntdetect.com, the issue is surely due to hardware problems. Best method to trouble shoot it is to remove all the hardware that is not required to boot the computer. Add each piece one by one and boot your computer. This will help you to identify the culprit.

Important Files

Along with the Ntldr file, which was described in the previous section, the following files are used during the boot sequence:

Boot.ini

This is used to build the operating system menu choices that are displayed during the boot process. It is also used to specify the location of the boot partition. This file is located in the root of the system partition. It has the file attributes of System and Hidden.

Bootsect.dos

An optional file that is loaded if you choose to load an operating system other than Windows Server 2003, Windows 2000, or Windows NT. It is used only in dual- boot or multi-boot computers. This file is located in the root of the system partition. It has the file attributes of System and Hidden.

Ntdetect.com

Used to detect any hardware that is installed and add that information about the hardware to the Registry. This file is located in the root of the system partition. It has the file attributes of System, Hidden, and Read-only.

Ntoskrnl.exe

Used to load the Windows Server 2003 operating system. This file is located in WindirSystem32 and has no file attributes.

Steps in the Boot Sequence

The boot sequence consists of the following steps:
  1. Ntldr switches the processor from real mode to protected mode. Then it starts file system drivers which supports your computer’s file system.
  2. Ntldr is responsible for reading Boot.ini file. It displays a “boot menu which lets users to choose the operating system to load.If we choose an operating system other than Windows server 2003 say Windows 2000, or Windows NT, the Bootsect.dos file is used to load the alternate operating system, and the Windows Server 2003 boot process terminates.
  3. Ntdetect.com file performs a hardware scan/detection and any hardware that is detected is added to registry in the HKEY_LOCAL_MACHINE key. The hardware that Ntdetect.com will recognize includes communication and parallel ports, the keyboard, the floppy disk drive, the mouse, the SCSI adapter, and the video adapter.
  4. Control is passed to Ntoskrnl.exe to start the kernel load process.
Back to the Top

Stage 3: Kernel Load Sequence

All of the information that is collected by Ntdetect.com is passed to Ntoskrnl.exe.
The kernel load sequence consists of the following steps:
  1. The Ntoskrnl.exe file is loaded and initialized.
    • Initializes executive subsystems and boot system-start device drivers.
    • NOTE: By executive subsystems, I meant Process and Thread Manager, The Virtual Memory Manager, The Input/Output Manager, The Object Manager, Runtime Libraries which all runs in kernel mode.
    • Prepares the system for running native applications.
    • NOTE: If you are not familiar with native applications, then it needs explanation. Windows provide two type of API. Well known Windows API (All Windows programs must interact with the Windows API regardless of the language.) and Native API. Native API is used by some windows components like kernel level drivers and system process aka csrss.exe
    • runs Smss.exe.
  2. The function of Ntoskrnl.exe:
  3. The Hardware Abstraction Layer (or HAL) is loaded. The HAL is a kernel mode library (HAL.DLL) that provides a low-level interface with the hardware. Windows components and third-party device drivers communicate with the hardware through the HAL.
  4. The control for the operating system is loaded. The control set is used to control system configuration information such as a list of device drivers that should be loaded.
  5. Low-level device drivers, such as disk drivers are loaded.

Possible Errors & Solutions:

If you have problems loading the Windows Server 2003 kernel, you will most likely need to reinstall the operating system.
Back to the Top

Stage 4: Kernel Initialization Sequence

In the kernel initialization sequence, the HKEY_LOCAL_MACHINEHARDWARE Registry is created, device drivers are initialized, and high-order subsystems and services are loaded.
The kernel initialization sequence consists of the following steps:
1. Once the kernel has been successfully loaded, the Registry key HKEY_LOCAL_MACHINE HARDWARE is created. This Registry key is used to specify the hardware configuration of hardware components when the computer is started.
2. The device drivers that were loaded during the kernel load phase are initialized.
3. Higher-order subsystems and services are loaded.
Note: Higher order subsystem include, POSIX Subsystem, OS/2 subsystem.

Possible Errors & Solutions:

If you have problems during the kernel initialization sequence, you may trying booting to the Last Known Good configuration.
Back to the Top

Stage 5: Logon Sequence

Session Manager Subsystem or smss.exe plays a vital role in logon sequence. Its main function include.
1. It creates environment variables in the operating system.
2. It Starts the kernel and user modes of the Win32 subsystem (win32k.sys and csrss.exe). It then starts other subsystems that are listed in HKLMSystemCurrentControlSetControlSession ManagerSubSystems Registry key.
3. smss.exe starts winlogon.exe, the Windows logon manager.
winlogon.exe is a system service that enables logging on and off of users. It is also responsible for loading user profile.
It invokes GINA( Graphical Identification and Authentication) which displays login prompt. The GINA accepts the user login credentials and passes it back to Winlogon.
Winlogon then Starts Lsass.exe (the Local Security Authority) and passes login credentials to LSA. LSA determine which user account databases is to be used for authentication eg: Local SAM or Active Directory in case you are in a windows domain.
4. smss.exe finally starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM). It executes and performs a final scan of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices to see if there are any remaining services that need to be loaded.

Possible Errors & Solutions

  1. If logon errors occurs, they are usually due to an incorrect username or password or to the unavailability of a DNS server or a domain controller to authenticate the request (if the computer is a part of a domain).
  2. Errors can also occur if a service cannot be loaded. If a service fails to load, you will see a message in the System Log of Event Viewer.
Back to the Top

Stage 6: Plug and Play Device Detection Phase

If Windows Server 2003 has detected any new devices during the startup process, they will automatically be assigned system resources.
If the device is Plug and Play and the needed driver can be obtained from the Driver.cab file, they are extracted.
Device detection occurs asynchronously with the initial user logon process when the system is started.

Possible Errors & Solutions

If the needed driver files are not found, the user will be prompted to provide them. If you have already installed the driver, then a simple reboot should detect the driver.
Most of the problem that occur at this stage can be corrected by a reboot.
Back to the Top

Conclusion

I have explained how you can workaround most of the common errors encountered during the booting process. Also I have explained the actual sequence of steps happening during each stage of the booting process. This will help you understand the actual cause behind the error and thus diagnosis the issue better.
You can also find a brief explanation about important files and executables that come under the various stages.

No comments:

Post a Comment