Windows 7 boot troubleshooting: Difference between revisions
(Created page with "To tidy up. Info collecting when trying to P2V (Physical-2-Virtual) a native (physical) Windows 7 partition to a virtual disk image for VirtualBox. {{file|win7_P2V_links.txt}...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
The new Microsoft's flagship OS come with new features in boot, and now has '''plenty''' of different ways to fail at boot, each time with very cryptic and unhelpful messages. It is very easy to get these insulting messages for instance when you change your harddisk, or restore your Windows 7 backup in a different machine (possibly a virtual one). Here I list all the issues I encountered, and how I did solve them. |
|||
== Tools == |
|||
=== bootrec === |
|||
Use '''BootRec''' to fix issues in the following items [http://support.microsoft.com/kb/927392]: |
|||
* A master boot record (MBR) |
|||
* A boot sector |
|||
* A Boot Configuration Data (BCD) store |
|||
Simply boot Windows Recovery CD, and type at prompt: |
|||
<source lang=bash> |
|||
bootrec |
|||
</source> |
|||
== Errors == |
|||
=== Corrupted / Missing Master Boot Record (MBR) === |
|||
Typical error messages when the MBR is absent / corrupted: |
|||
<source lang=text> |
|||
Missing operating system |
|||
Error loading operating system |
|||
Invalid partition table |
|||
MBR Error 1 |
|||
... |
|||
</source> |
|||
There are actually 2 possible way for corrupted MBR: |
|||
* Corrupted MBR code (detected by BIOS) |
|||
* Corrupted Partition Table (detected by MBR code) |
|||
The actual message may vary depending on the BIOS (corrupted MBR code), or the variant of MBR code installed on the disk. Note that the MBR works fine if GRUB shows up (even in rescue mode). |
|||
Solutions: |
|||
* Install new MBR - Windows<br/>Boot Windows Recovery CD, and open command prompt |
|||
<source lang=bash> |
|||
bootrec /fixmbr |
|||
</source> |
|||
* Install GRUB |
|||
<source lang=bash> |
|||
TBC |
|||
</source> |
|||
* Fix partition table |
|||
<source lang=bash> |
|||
TBC |
|||
</source> |
|||
* Set boot partition |
|||
<source lang=bash> |
|||
TBC |
|||
</source> |
|||
=== Corrupted / Missing Volume Boot Record (VBR) === |
|||
TBC |
|||
=== Corrupted / Missing BOOT.INI === |
|||
TBC |
|||
=== Corrupted / Missing \bcd Directory === |
|||
Error: |
|||
<source lang=bash> |
|||
Windows Boot Manager |
|||
File: \Windows\system32\winload.exe |
|||
Status: 0xc000000e |
|||
Info: The selected entry could not be loaded because the applicationis missing or corrupt |
|||
</source> |
|||
Fix: |
|||
* Boot Windows Recovery Disk, let auto-repair run. You'd likely get another error afterwards (0x0000007B), see below. |
|||
=== BSOD 0x0000007B === |
|||
Error: BSOD 0x0000007B, followed with error message |
|||
<source lang=text> |
|||
Windows Error Recovery |
|||
Windows failed to start. A recent hardware or software change might be the |
|||
cause. |
|||
[...] |
|||
Launch Startup Repair (recommended) |
|||
Start Windows Normally |
|||
[...] |
|||
</source> |
|||
This message is indicative that the kernel was not even loaded (no way to launch Safe Mode). It means that the BCD is missing or corrupted. |
|||
Fix: |
|||
* Launch startup repair (or use recovery dvd) |
|||
* Go to command prompt: |
|||
<source lang=bash> |
|||
bcdedit /export C:\BCD_Backup |
|||
ren C:\boot\BCD bcd.old |
|||
bootrec /rebuildbcd |
|||
</source> |
|||
=== Missing drivers === |
|||
* Fix missing drivers (BSOD 0x0000007B) — Still within Windows Recovery CD, start '''regedit''': |
|||
<source lang=reg> |
|||
Windows Registry Editor Version 5.00 |
|||
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000] |
|||
"InfPath"="mshdc.inf" |
|||
"InfSection"="msahci_Inst" |
|||
"ProviderName"="Microsoft" |
|||
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01 |
|||
"DriverDate"="6-21-2006" |
|||
"DriverVersion"="6.1.7600.16385" |
|||
"MatchingDeviceId"="pci\\cc_010601" |
|||
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller" |
|||
"Migrated"=dword:00000001 |
|||
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP] |
|||
"DisableCDDB"=- |
|||
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\atapi] |
|||
"Start"=dword:00000000 |
|||
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\msahci] |
|||
"Start"=dword:00000000 |
|||
</source> |
|||
* Boot and ***wait*** for all devices to be detected. |
|||
* '''DO NOT''' reboot when prompted, but instead start '''regedit''' again: |
|||
<source lang=reg> |
|||
Windows Registry Editor Version 5.00 |
|||
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP] |
|||
"DisableCDDB"=- |
|||
</source> |
|||
== To tidy up == |
|||
To tidy up. Info collecting when trying to P2V (Physical-2-Virtual) a native (physical) Windows 7 partition to a virtual disk image for VirtualBox. |
To tidy up. Info collecting when trying to P2V (Physical-2-Virtual) a native (physical) Windows 7 partition to a virtual disk image for VirtualBox. |
||
Latest revision as of 16:03, 8 June 2015
The new Microsoft's flagship OS come with new features in boot, and now has plenty of different ways to fail at boot, each time with very cryptic and unhelpful messages. It is very easy to get these insulting messages for instance when you change your harddisk, or restore your Windows 7 backup in a different machine (possibly a virtual one). Here I list all the issues I encountered, and how I did solve them.
Tools
bootrec
Use BootRec to fix issues in the following items [1]:
- A master boot record (MBR)
- A boot sector
- A Boot Configuration Data (BCD) store
Simply boot Windows Recovery CD, and type at prompt:
bootrec
Errors
Corrupted / Missing Master Boot Record (MBR)
Typical error messages when the MBR is absent / corrupted:
Missing operating system
Error loading operating system
Invalid partition table
MBR Error 1
...
There are actually 2 possible way for corrupted MBR:
- Corrupted MBR code (detected by BIOS)
- Corrupted Partition Table (detected by MBR code)
The actual message may vary depending on the BIOS (corrupted MBR code), or the variant of MBR code installed on the disk. Note that the MBR works fine if GRUB shows up (even in rescue mode).
Solutions:
- Install new MBR - Windows
Boot Windows Recovery CD, and open command prompt
bootrec /fixmbr
- Install GRUB
TBC
- Fix partition table
TBC
- Set boot partition
TBC
Corrupted / Missing Volume Boot Record (VBR)
TBC
Corrupted / Missing BOOT.INI
TBC
Corrupted / Missing \bcd Directory
Error:
Windows Boot Manager
File: \Windows\system32\winload.exe
Status: 0xc000000e
Info: The selected entry could not be loaded because the applicationis missing or corrupt
Fix:
- Boot Windows Recovery Disk, let auto-repair run. You'd likely get another error afterwards (0x0000007B), see below.
BSOD 0x0000007B
Error: BSOD 0x0000007B, followed with error message
Windows Error Recovery
Windows failed to start. A recent hardware or software change might be the
cause.
[...]
Launch Startup Repair (recommended)
Start Windows Normally
[...]
This message is indicative that the kernel was not even loaded (no way to launch Safe Mode). It means that the BCD is missing or corrupted.
Fix:
- Launch startup repair (or use recovery dvd)
- Go to command prompt:
bcdedit /export C:\BCD_Backup
ren C:\boot\BCD bcd.old
bootrec /rebuildbcd
Missing drivers
- Fix missing drivers (BSOD 0x0000007B) — Still within Windows Recovery CD, start regedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
- Boot and ***wait*** for all devices to be detected.
- DO NOT reboot when prompted, but instead start regedit again:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
To tidy up
To tidy up. Info collecting when trying to P2V (Physical-2-Virtual) a native (physical) Windows 7 partition to a virtual disk image for VirtualBox.
win7_P2V_links.txt
Error 0x0000007B INACCESSIBLE_BOOT_DEVICE http://triplescomputers.com/blog/casestudies/stop-error-0x0000007b-0xfffff880009a98e8-0xffffffffc000000d-0x0000000000000000-0x0000000000000000/ --> script to completely rebuild the BCD store using bcdedit.exe http://support.microsoft.com/kb/927391 msg "The Windows Boot Configuration Data file is missing required information" - The Windows Boot Manager (Bootmgr) entry is not present in the Boot Configuration Data (BCD) store. - The Boot\BCD file on the active partition is damaged or missing. --> script to rebuild using bootrec.exe Bcdedit /export C:\BCD_Backup ren c:\boot\bcd bcd.old Bootrec /rebuildbcd (+also all bootec /fixmbr; bootrec /fixboot) --> script to rebuild using bcdedit.exe (if previous one fails) http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/b4d45d9d-4c90-4ab0-ae38-f1257ce9c608/ --> About Bare Metal Restore (=P2V) --> About no injecting driver during Bare Metal Restore (BMR) recovery (DWORD DoNOtINjectDrivers) --> About modifying drivers intelide / Pcide ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ VMWare VM: aliide 3 amdide 3 atapi 0 cmdide 3 iastorv 3 intelide 0 msahci 3 pciide 3 viaide 3 LSI_SAS 0 Dell PE2970 physical machine with RAID card: aliide 3 amdide 3 atapi 0 cmdide 3 iastorv 3 intelide 3 msahci 0 pciide 3 viaide 3 LSI_SAS 3 Dell PET100 physical machine on native SATA adapter: aliide 3 amdide 3 atapi 0 cmdide 3 iastorv 3 intelide 3 msahci 0 pciide 0 viaide 3 LSI_SAS 3 Win 7 64x custom built physical machine on native SATA adapter: aliide 3 amdide 3 atapi 0 cmdide 3 iastorv 3 intelide 3 msahci 0 pciide 0 viaide 3 LSI_SAS 3 (+idem for LSI_SAS2) (P2V for Windows is called BMR apparently) http://reboot.pro/topic/14130-bsod-7b-finally-fixed-for-me-maybe-for-you-too/ --> ***EXCELLENT*** analysis on the boot process in windows. A MUST READ!!! P2V using VMware vCenter Converter http://www.sysprobs.com/physical-virtual-machine-vmware-vcenter-converter --> guide NTFS on linux http://www.tuxera.com/community/ntfs-3g-advanced/ --> ntfs-3g advanced guide http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html http://jp-andre.pagesperso-orange.fr/permissions.html --> detailed information http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html --> tools.zip, that contains ntfscp.sh, a script that copy directory and keep permissions To copy, while copy permission use ntfscp.sh Note that I don't need that to copy registry from one disk to another (Simpler is to boot in Win7, and copy using Windows Explorer) http://b.andre.pagesperso-orange.fr/extend-attr.html --> More info on NTFS extended attributes (stored as ntfs stream, containing special permission --> these attributes are copied by ntfscp.sh (and also ntfscp itself I think) --> However I can't make cp, tar or rsync copy these xattr http://tuxera.com/forum/viewtopic.php?f=2&t=29567 --> Copying Between NTFSes With Preserving Permissions Linux HW misc sudo lshw -class disk # view all disks sudo parted -l # view all partitions ls /sys/block/sd*/ # view all partitions Windows Registry http://support.microsoft.com/kb/100010 --> What are Control Sets? What is CurrentControlSet? About ControlSet001 = usually default, and COntrolSet002, usually last known good About key Select, with values Current, Default, Failed, LastKnownGood http://msdn.microsoft.com/en-us/library/windows/hardware/ff546173(v=vs.85).aspx --> About CurrentControlSet\Enum PnP manager creates a subkey for each device http://diddy.boot-land.net/firadisk/files/mounteddevices.htm --> About SYSTEM\MountedDevices should be deleted when booting on different devices (Windows will reconstruct it). Otherwise disk will be assigned a different letter (it is safe to delete values '\??\Volumne{guid}') http://technet.microsoft.com/en-us/library/cc957340.aspx --> Detailed description of SYSTEM registry, HKEY_LOCAL_MACHINE... (for Windows 2000) http://msdn.microsoft.com/en-us/library/windows/hardware/ff546165(v=vs.85).aspx --> Info on SYSTEM/CurrentCOntrolSet/Control Class --> info about the device setup class (setup class like class installer, upper-filter drivers, lower-filter drivers) CoDeviceInstallers --> class-specific co-installers DeviceClasses --> subkey for each device interface class --> + info on Services/, on Enum/, on Hardware Profiles http://msdn.microsoft.com/en-us/library/windows/hardware/ff558808(v=vs.85).aspx The following keys are link to Pnp: Control/Class Control/DeviceClasses Enum Hardware Profiles P2V - manual http://www.justsoftwaresolutions.co.uk/general/importing-windows-into-virtualbox.html About taking SYSTEM hive from a clean windows install in VM, and importing it in the P2V machine. About patching the SYSKEY (--> SYSTEM, SECURITY, SAM protected by checksum) http://www.beginningtoseethelight.org/ntsecurity/index.htm --> very detailed info on windows security, on Security Accounts Manager (SAM file), data structure, relationships, etc. VirtualBox documentation http://www.virtualbox.org/manual/ch05.html --> About virtual storage - SATA: better than IDE, but only available since Vista w/o additional drivers standard interface for SATA control = AHCI (Advanced Host Controller Interface) - SAS = Serial Attached SCSI. VM emulates it as a LSI Logic SAS control (require Windows Vista or higher, or additional drivers in XP) Windows Boot issue https://forums.virtualbox.org/viewtopic.php?f=7&t=24209&p=107595 --> About "A disk read error occured\nPress Ctrl-Alt-Del to restart" Error comes from the Volume Boot Record, info on disk geometry is wrong (trying to read a bad sector, or a sector number that does not exist on the drive). So message is printed by BIOS, from call in the MBR code See detailed explanation at http://www.xtralogic.com/support.shtml#faq_vhdu_disk_read_error Fix is to us TESTDISK to fix the volume boot record (see http://www.xtralogic.com/testdisk_rebuild_bootsector.shtml) http://en.wikipedia.org/wiki/Volume_boot_record --> Info on VBR http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006556 --> VMWare KB. List of all boot issues (and error messages), and how to fix them. But usually requires using repair disk (no real explanations of what to do) --> However lots of info, + links to other pages http://support.microsoft.com/kb/308041 --> Advanced troubleshooting for general startup problems in Windows XP Several steps, things to try, etc Not much technical things, but some pointers http://support.microsoft.com/kb/314477 --> Error message: "Windows could not start because of a computer disk hardware configuration problem" about message Windows could not start because of a computer disk hardware configuration problem. Could not read from the selected boot disk. Check boot path and disk hardware. Please check the Windows documentation about hardware disk configuration and your hardware reference manuals for additional information. Due to wrong Boot.ini file (wrong partition selected in Boot.ini (partition does not exist)) http://www.sevenforums.com/tutorials/219533-troubleshooting-windows-7-failure-boot.html --> yet another comprehensive list on boot issues, but w/o explanation. Only using 3rd party tools Admin password recovery http://social.microsoft.com/Forums/en-US/studentrockstar/thread/bd195503-06ab-47a7-b941-f5fe2c2215bb Using loophole during Windows reinstall (install files, then press Shift-F10 after 1st reboot) Copy with rsync, keeping permissions: https://mebsd.com/cli-commands/rsync-over-ssh-keeping-file-ownerships-and-permissions.html --> Copy using rsync, keeping permissions Fix sudoers: add ssh-user ALL = NOPASSWD: /usr/local/rsync then rsync -a --rsync-path="sudo rsync" /usr/local/www ssh-user@backup-server.tld:/usr/backup_dir/ Remove Bit-Locker Encryption http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/74783472-3776-4b9e-a8f4-7ab777bd99d9/ --> About removing BDEDrive after BL was disabled for C: bcdboot c:\windows /s c: Then set c: as active Question: What difference between this bcdboot command, and command bootrec above to repair a bad BCD? Anyway I used that and it works http://technet.microsoft.com/en-us/library/cc731894.aspx#BKMK_WINUI --> About disk management on Windows 7 Namely how to shrink partition from command-line (using DISKPART), or from gui Must remove restore points, cache file, hibernat.sys file, etc Still the best is to use ntfsresize (that's what I did and it worked flawless') http://technet.microsoft.com/en-us/library/cc732774.aspx --> Overview on BitLocker http://technet.microsoft.com/en-us/library/ee424315(v=ws.10).aspx --> How to turn off bitlocker o Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption. o Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker. o A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive. That's what I did, work very well http://www.howtogeek.com/howto/3187/disable-system-restore-in-windows-7/ --> Disable windows restore Go to control panel, --> System --> System protection --> Configure... --> Turn off system protection (one can also reduce space used by system restore) Best to do before shrink a drive: - remove / disable windows restore - remove cache file - remove hibernat file - empty recycle bin - boot in linux, check that System Volume Information is indeed empty Virtualbox IO APIC https://forums.virtualbox.org/viewtopic.php?f=9&t=21480 --> how to disable IO APIC after installing windows 7. But I read somewhere that IO APIC is mandatory for 64-bit. Virtualbox P2V --> use immutable mode while trying P2V, so that we can always revert (works for RAW image too) http://www.rajatarya.com/website/taming-windows-virtualbox-vm --> About RAW mode. Suggest to use custom mbr as in my notes, etc. + repair of windows In the comments, script to create grub rescue iso: #create a grub CD image sudo install xorriso grub-mkrescue ?modules=?linux ext2 fat fshelp ls boot pc ntfs? ?output=/home/myusernam/virtualbox/grub2.iso iso/ Also, another script to boot virtualbox as a separate user, who will have write access to disk device (because very bad idea to give world write access to /dev/sd*) Very complex script, not sure it is useful (won't solve my audio problem it seems') Virtualbox P2V - boot issue If can't access safe mode (with list of drivers being loaded), then it is not a driver issue, but instead a MBR / VBR / Boot.ini issue (still might result into 0x7B error or various error messages) If we see safe mode list, and get 0x7B before login screen, then that's clearly a driver issue / registry setting issue. Replacing SYSTEM hive with another one from working VM should give access to login screen If go to login screen, but reboot Possible corrupted SYSTEM / SECURITY / SAM. Pick consistency set, and see if that boots etc. http://r3dux.org/2010/01/how-to-switch-a-virtualbox-windows-guest-hard-drive-from-ide-to-sata-mode/ --> About switching from IDE to SATA On Windows 7, easiest is to add SATA controller, boot, have windows install the driver for it (on XP, require intel matrix driver), then uninstall it, reboot, etc http://communities.vmware.com/message/2030146 --> Famous comment about setting driver at boot in registry service key Basically, load remote HIVE SYSTEM, then edit as follows (0 means loaded at boot, required for windows to see the drive) Aliide = 3 Amdide =3 Atapi = 0 Cmdide = 3 iaStorV = 3 intelide = 0 msahci = 3 pciide = 3 viaide = 3 LSI_SAS = 0 (some say also for LSI_SAS2) In my case, this was not enough (had the extra setting in PnP + wrong Class/, wrong enum/ etc). Also I only use SATA, so I don't need LSI_SAS, etc http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1005208 --> Injecting SCSI controller device drivers into Windows when it fails to boot after converting it with VMware Converter (1005208) Idem, about setting LSI_SAS to 0 (+ check that C:\Windows\System32\Drivers contains lsi_sas.sys) http://blogs.technet.com/b/markrussinovich/archive/2011/11/08/3463572.aspx --> About disk ID, disk signature collision, solve it by forcing online, how to use DISKPART to restore the old disk ID reference in BCD hive, etc. A must read if disk ID not found, error 0x0000000e Note that DISKPART can be used to put disk online using the CLI Other links: http://support.microsoft.com/kb/314082 http://support.microsoft.com/kb/922976 http://www.justandrew.net/2009/10/stop-0x0000007b-on-p2vd-windows-7.html http://web2.minasi.com/forum/topic.asp?TOPIC_ID=31980 https://docs.google.com/document/d/1UFmoqJsQPO7p98Bv743xNsIF6BsdZruiJFkd3cqlb7A/edit?pli=1 http://www.registryonwindows.com/registry-security-2.php http://technet.microsoft.com/en-us/library/bb457006.aspx http://technet.microsoft.com/en-us/library/cc770856.aspx http://www.gohacking.com/how-windows-product-activation-works/ WIndows 7 tips psexec -i -d -s c:\windows\regedit.exe --> very handy to see keys that otherwise are not shown in regedit (and also to ease access to some keys - I only need to change ownership once) Linus tips # To copy dd over ssh, simply pipe through ssh of course!!! dd if=/dev/sda7 | ssh backupserver dd of=/backup/sda7.img # Note that using scp does not work # Alternative is to use regular 'cat /dev/sda' or 'cat > /dev/sda' # To debug permission issues, find PID of faulty program (e.g. courier), then strace -fp <pid> # ... and then trigger action that cause the permission issue, and see the log above # Simple shred (too pass over sdb - can also shred a file, but some limitation, see man page) sudo shred -n2 -v /dev/sdb # Other: wipe, or D-BAN (http://www.dban.org/) # Network tools (from http://www.howtogeek.com/108511/how-to-work-with-the-network-from-the-linux-terminal-11-commands-you-need-to-know/) curl & wget ping tracepath (similar to traceroute but does not require root privilege) mtr (ping and tracepath together, identify at which hop packets are lost) host (DNS lookups and reverse lookups) whois ifplugstatus ifconfig ifdown (same as ifconfig down) -- NOT ALLOWED WITH NETWORK-MANAGER ifup (same as ifconfig up) -- NOT ALLOWED WITH NETWORK-MANAGER sudo dhclient -r # release dhcp lease sudo dhclient # get new lease netstat netstat -s # view detailed stat on each interface 1080i vs 1080p http://www.howtogeek.com/132486/what-is-the-difference-between-1080p-and-1080i/