Windows Server Administration/Troubleshooting

From Wikiversity
Jump to navigation Jump to search

This lesson covers server troubleshooting. Activities include using Event Viewer, Safe Mode, and System Configuration to view and troubleshoot server issues.

Objectives and Skills[edit | edit source]

Objectives and skills for the Understanding Server Maintenance portion of Windows Server Administration Fundamentals certification include:[1]

  • Identify steps in the startup process: bios; boot sector; bootloader; MBR; boot.ini; bcdedit; POST; Safe Mode
  • Understand troubleshooting methodology: processes; procedures; best practices; systematic vs. specific approach; perfmon; Event Viewer; Resource Monitor; Information Technology Infrastructure Library; central logging; event filtering; default logs

Readings[edit | edit source]

  1. Wikipedia: Troubleshooting
  2. Wikipedia: Upgrade
  3. Wikipedia: Power-on self-test
  4. Wikipedia: Booting
  5. Wikipedia: Windows NT 6 startup process
  6. Wikipedia: Safe mode
  7. Wikipedia: Windows Preinstallation Environment
  8. Wikipedia: MSConfig
  9. Wikipedia: Event Viewer
  10. Wikipedia: Information Technology Infrastructure Library

Multimedia[edit | edit source]

  1. YouTube: How PC Boots | Explained in Detail
  2. YouTube: FIX The boot configuration data store could not be opened in PowerShell Windows 10
  3. YouTube: The Windows 10 Recovery Environment
  4. YouTube: Clean Windows 10 StartUp with MSConfig
  5. YouTube: Event Viewer & Windows Logs
  6. YouTube: How to use Event Viewer in Windows Admin Center website
  7. YouTube: Understanding Windows 10 boot and UEFI
  8. YouTube: Advanced troubleshooting for Windows 10 boot problems
  9. YouTube: Advanced Troubleshooting Windows 10 Startup Settings
  10. YouTube: How to boot Windows 10 into Recovery Mode using a DVD or flash drive
  11. YouTube: How to boot Windows 10 into "Startup Settings"

Activities[edit | edit source]

  1. Review Event Viewer Filtering. Filter the System and Application logs for warnings or errors that occurred during the last 24 hours. Filter the Security log for audit failures that occurred during the last 24 hours.
  2. Review Understanding Troubleshooting. Research any warnings, errors, or audit failures you found above and then use the DETECT method to troubleshoot these issues.
  3. Review Recovering Windows Servers. Access the advanced boot options on your test server. Describe what you see and experiment with them.
  4. Review Windows Recovery Environment. Access the Windows Recovery Environment and review the options available.
  5. Review Check Windows System Configuration. Use System Configuration to view your current system startup settings. Investigate any services or startup items you are not familiar with.

Lesson Summary[edit | edit source]

  • Troubleshooting is a logical, systematic search for the source of a problem so that it can be solved, and so the product or process can be made operational again. Troubleshooting requires identification of the malfunction(s) or symptoms within a system. Then, experience is commonly used to generate possible causes of the symptoms. Determining the most likely cause is a process of elimination - eliminating potential causes of a problem. Finally, troubleshooting requires confirmation that the solution restores the product or process to its working state.[2]
  • A basic principle in troubleshooting is to start from the simplest and most probable possible problems first.[3]
  • Serial substitution involves checking each component in a system one by one, substituting known good components for each potentially suspect one.[4]
  • Bisection involves separating a larger system into two or more subsystems to isolate and identify problems and causes.[5]
  • One of the core principles of troubleshooting is that reproducible problems can be reliably isolated and resolved.[6]
  • Intermittent problems are often the result of components that are thermally sensitive, because the resistance of a circuit varies with the temperature of the conductors in it.[7]
  • Troubleshooters must always consider the possibility that there is more than one fault causing a given system failure.[8]
  • One approach to troubleshooting is known as the DETECT method - Discover the problem, Evaluate the system, Track potential solutions, Execute a plan, Check results, and Take a proactive approach to prevent the problem from reoccurring.[9]
  • It may be necessary to modify BOIS settings or update or flash the BIOS or other firmware in order to troubleshoot operating system and driver installation issues.[10]
  • Upgrades of software introduce the risk that the new version (or patch) will contain a bug, causing the program to malfunction in some way or not to function at all.[11]
  • The current Windows boot sequence is to complete the Power-On Self Test and then load the Windows Boot Manager, winload.exe, ntoskrnl.exe, and then any required boot-class device drivers.[12]
  • Safe Mode starts Windows with a minimal set of drivers and services to troubleshoot startup problems. Safe mode is accessed by pressing the F8 key during the boot process.[13][14]
  • Advanced startup options available by pressing the F8 key during the boot process include Repair your computer, Safe mode, Safe mode with networking, Safe mode with command prompt, Enable boot logging, Enable low resolution video (640 × 480), Last Known Good Configuration (advanced), Directory services restore mode, Debugging mode, Disable automatic restart on system failure, Disable Driver Signature Enforcement, and Start Windows normally.[15]
  • Event Viewer is a Windows application that lets administrators and users view the event logs on a local or remote machine. Default Windows logs include System, Security, and Application.[16]
  • The Event Collector service can automatically forward event logs to other remote systems on a configurable schedule.[17]
  • Event logs may be filtered manually or through XML and may be filtered by time, level, source, event ID, category, key word, user, or computer.[18]
  • The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL describes processes, procedures, tasks and checklists to be used by organizations for establishing integration with the organization's strategy, delivering value and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, measure, and demonstrate compliance.[19]
  • ITIL 4, which was released in 2019, maintains the same focus on automating processes, improving service management and integrating the IT department into the business. [20]

Key Terms[edit | edit source]

Boot Configuration Data (BCD)
A firmware-independent database for boot-time configuration used by the Windows Boot Manager.[21]
BCDEdit
A command-line tool used to view and alter boot configuration data.[22]
boot.ini
A file containing the menu entries presented by NTLDR used in Windows XP, Windows Server 2003 and prior Windows NT-based operating systems.[23][24]
boot loader
A relatively small program and data stored in read-only memory (ROM) used to access nonvolatile device or devices from which the operating system programs and data can be loaded into RAM.[25]
boot sector
A region of a hard disk, floppy disk, optical disc, or other data storage device that contains machine code to be loaded into random-access memory (RAM) by a computer system's built-in firmware in order to allow the startup process of a computer to load a program stored on the same storage device.[26]
intermittent fault
A malfunction of a device or system that occurs at intervals, usually irregular, in a device or system that functions normally at other times.[27]
MSconfig (System Configuration)
A system utility used to troubleshoot the Microsoft Windows startup process.[28]
Power-On Self-Test (POST)
A set of routines which run immediately after many digital electronic devices are powered on to set an initial value for internal and output signals and to execute internal tests, as determined by the device manufacturer.[29]
safe mode
A diagnostic mode of a computer operating system (OS) with reduced functionality that provides access to utility and diagnostic programs so a user can troubleshoot what is preventing the operating system from working normally.[30]
System File Checker
A utility in Microsoft Windows that allows users to scan for and restore corruptions in Windows system files.[31]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.

Click on a question to see the answer.

  1. Troubleshooting is a _____ search for the _____ of a problem so that it can be solved, and so the product or process can be made operational again. Troubleshooting requires _____ of the malfunction(s) or symptoms within a system. Then, _____ is commonly used to generate _____ of the symptoms. Determining the most likely cause is _____. Finally, troubleshooting requires _____ that the solution restores the product or process to its working state.
    Troubleshooting is a logical, systematic search for the source of a problem so that it can be solved, and so the product or process can be made operational again. Troubleshooting requires identification of the malfunction(s) or symptoms within a system. Then, experience is commonly used to generate possible causes of the symptoms. Determining the most likely cause is a process of elimination - eliminating potential causes of a problem. Finally, troubleshooting requires confirmation that the solution restores the product or process to its working state.
  2. A basic principle in troubleshooting is to start _____.
    A basic principle in troubleshooting is to start from the simplest and most probable possible problems first.
  3. Serial substitution involves _____.
    Serial substitution involves checking each component in a system one by one, substituting known good components for each potentially suspect one.
  4. Bisection involves _____.
    Bisection involves separating a larger system into two or more subsystems to isolate and identify problems and causes.
  5. One of the core principles of troubleshooting is that _____ problems can be reliably isolated and resolved.
    One of the core principles of troubleshooting is that reproducible problems can be reliably isolated and resolved.
  6. Intermittent problems are often the result of _____, because _____.
    Intermittent problems are often the result of components that are thermally sensitive, because the resistance of a circuit varies with the temperature of the conductors in it.
  7. Troubleshooters must always consider the possibility that _____ is causing a given system failure.
    Troubleshooters must always consider the possibility that more than one fault is causing a given system failure.
  8. One approach to troubleshooting is known as the DETECT method - _____ the problem, _____ the system, _____ potential solutions, _____ a plan, _____ results, and _____ a proactive approach to prevent the problem from reoccurring.
    One approach to troubleshooting is known as the DETECT method - Discover the problem, Evaluate the system, Track potential solutions, Execute a plan, Check results, and Take a proactive approach to prevent the problem from reoccurring.
  9. It may be necessary to modify _____ settings or update or flash _____ in order to troubleshoot operating system and driver installation issues.
    It may be necessary to modify BOIS settings or update or flash the BIOS in order to troubleshoot operating system and driver installation issues.
  10. The current Windows boot sequence is to complete _____ and then load _____, _____, _____, and then _____.
    The current Windows boot sequence is to complete the Power-On Self Test and then load the Windows Boot Manager, winload.exe, ntoskrnl.exe, and then any required boot-class device drivers.
  11. Safe Mode starts Windows with _____ to troubleshoot startup problems. Safe mode is accessed by pressing the _____ key during the boot process.
    Safe Mode starts Windows with a minimal set of drivers and services to troubleshoot startup problems. Safe mode is accessed by pressing the F8 key during the boot process.
  12. Advanced startup options available by pressing the F8 key during the boot process include _____.
    Advanced startup options available by pressing the F8 key during the boot process include Repair your computer, Safe mode, Safe mode with networking, Safe mode with command prompt, Enable boot logging, Enable low resolution video (640 × 480), Last Known Good Configuration (advanced), Directory services restore mode, Debugging mode, Disable automatic restart on system failure, Disable Driver Signature Enforcement, and Start Windows normally.
  13. Event Viewer is a Windows application that lets administrators and users _____. Default Windows logs include _____, _____, and _____.
    Event Viewer is a Windows application that lets administrators and users view the event logs on a local or remote machine. Default Windows logs include System, Security, and Application.
  14. The Event Collector service can automatically _____.
    The Event Collector service can automatically forward event logs to other remote systems on a configurable schedule.
  15. Event logs may be filtered _____ or through _____ and may be filtered by _____.
    Event logs may be filtered manually or through XML and may be filtered by time, level, source, event ID, category, key word, user, or computer.
  16. The Information Technology Infrastructure Library (ITIL) is _____ that focuses on _____. ITIL describes _____, _____, _____ and _____ to be used by organizations for establishing integration with the organization's strategy, delivering value and maintaining a minimum level of competency. It allows the organization to establish a _____ from which it can plan, implement, measure, and demonstrate compliance.
    The Information Technology Infrastructure Library (ITIL) is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL describes processes, procedures, tasks and checklists to be used by organizations for establishing integration with the organization's strategy, delivering value and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, measure, and demonstrate compliance.
  17. ITIL 4, which was released in 2019, maintains the same focus on __________ _________, _________ _______ __________ and integrating the IT department into the business.
    ITIL 4, which was released in 2019, maintains the same focus on automating processes, improving service management and integrating the IT department into the business.

Flashcards[edit | edit source]

References[edit | edit source]

Type classification: this is a lesson resource.
Completion status: this resource is considered to be complete.