Windows 7 boot troubleshooting
Jump to navigation
Jump to search
The new Microsoft's flagship OS come with new features in boot, and now has plenty of different ways to fail at boot, each time with very cryptic and unhelpful messages. It is very easy to get these insulting messages for instance when you change your harddisk, or restore your Windows 7 backup in a different machine (possibly a virtual one). Here I list all the issues I encountered, and how I did solve them.
Tools
bootrec
Use BootRec to fix issues in the following items [1]:
- A master boot record (MBR)
- A boot sector
- A Boot Configuration Data (BCD) store
Simply boot Windows Recovery CD, and type at prompt:
bootrec
Errors
Corrupted / Missing Master Boot Record (MBR)
Typical error messages when the MBR is absent / corrupted:
Missing operating system
Error loading operating system
Invalid partition table
MBR Error 1
...
There are actually 2 possible way for corrupted MBR:
- Corrupted MBR code (detected by BIOS)
- Corrupted Partition Table (detected by MBR code)
The actual message may vary depending on the BIOS (corrupted MBR code), or the variant of MBR code installed on the disk. Note that the MBR works fine if GRUB shows up (even in rescue mode).
Solutions:
- Install new MBR - Windows
Boot Windows Recovery CD, and open command prompt
bootrec /fixmbr
- Install GRUB
TBC
- Fix partition table
TBC
- Set boot partition
TBC
Corrupted / Missing Volume Boot Record (VBR)
TBC
Corrupted / Missing BOOT.INI
TBC
Corrupted / Missing \bcd Directory
Error:
Windows Boot Manager
File: \Windows\system32\winload.exe
Status: 0xc000000e
Info: The selected entry could not be loaded because the applicationis missing or corrupt
Fix:
- Boot Windows Recovery Disk, let auto-repair run. You'd likely get another error afterwards (0x0000007B), see below.
BSOD 0x0000007B
Error: BSOD 0x0000007B, followed with error message
Windows Error Recovery
Windows failed to start. A recent hardware or software change might be the
cause.
[...]
Launch Startup Repair (recommended)
Start Windows Normally
[...]
This message is indicative that the kernel was not even loaded (no way to launch Safe Mode). It means that the BCD is missing or corrupted.
Fix:
- Launch startup repair (or use recovery dvd)
- Go to command prompt:
bcdedit /export C:\BCD_Backup
ren C:\boot\BCD bcd.old
bootrec /rebuildbcd
Missing drivers
- Fix missing drivers (BSOD 0x0000007B) — Still within Windows Recovery CD, start regedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"InfPath"="mshdc.inf"
"InfSection"="msahci_Inst"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,8c,a3,c5,94,c6,01
"DriverDate"="6-21-2006"
"DriverVersion"="6.1.7600.16385"
"MatchingDeviceId"="pci\\cc_010601"
"DriverDesc"="Standard AHCI 1.0 Serial ATA Controller"
"Migrated"=dword:00000001
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\atapi]
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\services\msahci]
"Start"=dword:00000000
- Boot and ***wait*** for all devices to be detected.
- DO NOT reboot when prompted, but instead start regedit again:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\nxl_SYSTEM\ControlSet001\Control\PnP]
"DisableCDDB"=-
To tidy up
To tidy up. Info collecting when trying to P2V (Physical-2-Virtual) a native (physical) Windows 7 partition to a virtual disk image for VirtualBox.
win7_P2V_links.txt
Error 0x0000007B INACCESSIBLE_BOOT_DEVICE
http://triplescomputers.com/blog/casestudies/stop-error-0x0000007b-0xfffff880009a98e8-0xffffffffc000000d-0x0000000000000000-0x0000000000000000/
--> script to completely rebuild the BCD store using bcdedit.exe
http://support.microsoft.com/kb/927391
msg "The Windows Boot Configuration Data file is missing required information"
- The Windows Boot Manager (Bootmgr) entry is not present in the Boot Configuration Data (BCD) store.
- The Boot\BCD file on the active partition is damaged or missing.
--> script to rebuild using bootrec.exe
Bcdedit /export C:\BCD_Backup
ren c:\boot\bcd bcd.old
Bootrec /rebuildbcd
(+also all bootec /fixmbr; bootrec /fixboot)
--> script to rebuild using bcdedit.exe (if previous one fails)
http://social.technet.microsoft.com/Forums/en-US/windowsbackup/thread/b4d45d9d-4c90-4ab0-ae38-f1257ce9c608/
--> About Bare Metal Restore (=P2V)
--> About no injecting driver during Bare Metal Restore (BMR) recovery (DWORD DoNOtINjectDrivers)
--> About modifying drivers intelide / Pcide
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
VMWare VM:
aliide 3
amdide 3
atapi 0
cmdide 3
iastorv 3
intelide 0
msahci 3
pciide 3
viaide 3
LSI_SAS 0
Dell PE2970 physical machine with RAID card:
aliide 3
amdide 3
atapi 0
cmdide 3
iastorv 3
intelide 3
msahci 0
pciide 3
viaide 3
LSI_SAS 3
Dell PET100 physical machine on native SATA adapter:
aliide 3
amdide 3
atapi 0
cmdide 3
iastorv 3
intelide 3
msahci 0
pciide 0
viaide 3
LSI_SAS 3
Win 7 64x custom built physical machine on native SATA adapter:
aliide 3
amdide 3
atapi 0
cmdide 3
iastorv 3
intelide 3
msahci 0
pciide 0
viaide 3
LSI_SAS 3
(+idem for LSI_SAS2)
(P2V for Windows is called BMR apparently)
http://reboot.pro/topic/14130-bsod-7b-finally-fixed-for-me-maybe-for-you-too/
--> ***EXCELLENT*** analysis on the boot process in windows. A MUST READ!!!
P2V using VMware vCenter Converter
http://www.sysprobs.com/physical-virtual-machine-vmware-vcenter-converter
--> guide
NTFS on linux
http://www.tuxera.com/community/ntfs-3g-advanced/
--> ntfs-3g advanced guide
http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html
http://jp-andre.pagesperso-orange.fr/permissions.html
--> detailed information
http://jp-andre.pagesperso-orange.fr/advanced-ntfs-3g.html
--> tools.zip, that contains ntfscp.sh, a script that copy directory and keep permissions
To copy, while copy permission use ntfscp.sh
Note that I don't need that to copy registry from one disk to another
(Simpler is to boot in Win7, and copy using Windows Explorer)
http://b.andre.pagesperso-orange.fr/extend-attr.html
--> More info on NTFS extended attributes (stored as ntfs stream, containing special permission
--> these attributes are copied by ntfscp.sh (and also ntfscp itself I think)
--> However I can't make cp, tar or rsync copy these xattr
http://tuxera.com/forum/viewtopic.php?f=2&t=29567
--> Copying Between NTFSes With Preserving Permissions
Linux HW misc
sudo lshw -class disk # view all disks
sudo parted -l # view all partitions
ls /sys/block/sd*/ # view all partitions
Windows Registry
http://support.microsoft.com/kb/100010
--> What are Control Sets? What is CurrentControlSet?
About ControlSet001 = usually default, and COntrolSet002, usually last known good
About key Select, with values Current, Default, Failed, LastKnownGood
http://msdn.microsoft.com/en-us/library/windows/hardware/ff546173(v=vs.85).aspx
--> About CurrentControlSet\Enum
PnP manager creates a subkey for each device
http://diddy.boot-land.net/firadisk/files/mounteddevices.htm
--> About SYSTEM\MountedDevices
should be deleted when booting on different devices (Windows will reconstruct it).
Otherwise disk will be assigned a different letter (it is safe to delete values '\??\Volumne{guid}')
http://technet.microsoft.com/en-us/library/cc957340.aspx
--> Detailed description of SYSTEM registry, HKEY_LOCAL_MACHINE... (for Windows 2000)
http://msdn.microsoft.com/en-us/library/windows/hardware/ff546165(v=vs.85).aspx
--> Info on SYSTEM/CurrentCOntrolSet/Control
Class --> info about the device setup class (setup class like class installer, upper-filter drivers, lower-filter drivers)
CoDeviceInstallers --> class-specific co-installers
DeviceClasses --> subkey for each device interface class
--> + info on Services/, on Enum/, on Hardware Profiles
http://msdn.microsoft.com/en-us/library/windows/hardware/ff558808(v=vs.85).aspx
The following keys are link to Pnp:
Control/Class
Control/DeviceClasses
Enum
Hardware Profiles
P2V - manual
http://www.justsoftwaresolutions.co.uk/general/importing-windows-into-virtualbox.html
About taking SYSTEM hive from a clean windows install in VM, and importing it in the P2V machine.
About patching the SYSKEY (--> SYSTEM, SECURITY, SAM protected by checksum)
http://www.beginningtoseethelight.org/ntsecurity/index.htm
--> very detailed info on windows security, on Security Accounts Manager (SAM file), data structure, relationships, etc.
VirtualBox documentation
http://www.virtualbox.org/manual/ch05.html
--> About virtual storage
- SATA: better than IDE, but only available since Vista w/o additional drivers
standard interface for SATA control = AHCI (Advanced Host Controller Interface)
- SAS = Serial Attached SCSI.
VM emulates it as a LSI Logic SAS control (require Windows Vista or higher, or additional drivers in XP)
Windows Boot issue
https://forums.virtualbox.org/viewtopic.php?f=7&t=24209&p=107595
--> About "A disk read error occured\nPress Ctrl-Alt-Del to restart"
Error comes from the Volume Boot Record, info on disk geometry is wrong (trying to read a bad sector, or a
sector number that does not exist on the drive). So message is printed by BIOS, from call in the MBR code
See detailed explanation at http://www.xtralogic.com/support.shtml#faq_vhdu_disk_read_error
Fix is to us TESTDISK to fix the volume boot record (see http://www.xtralogic.com/testdisk_rebuild_bootsector.shtml)
http://en.wikipedia.org/wiki/Volume_boot_record
--> Info on VBR
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006556
--> VMWare KB. List of all boot issues (and error messages), and how to fix them. But usually requires
using repair disk (no real explanations of what to do)
--> However lots of info, + links to other pages
http://support.microsoft.com/kb/308041
--> Advanced troubleshooting for general startup problems in Windows XP
Several steps, things to try, etc
Not much technical things, but some pointers
http://support.microsoft.com/kb/314477
--> Error message: "Windows could not start because of a computer disk hardware configuration problem"
about message
Windows could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk. Check boot path and disk hardware.
Please check the Windows documentation about hardware disk configuration and your hardware reference manuals for additional information.
Due to wrong Boot.ini file (wrong partition selected in Boot.ini (partition does not exist))
http://www.sevenforums.com/tutorials/219533-troubleshooting-windows-7-failure-boot.html
--> yet another comprehensive list on boot issues, but w/o explanation. Only using 3rd party tools
Admin password recovery
http://social.microsoft.com/Forums/en-US/studentrockstar/thread/bd195503-06ab-47a7-b941-f5fe2c2215bb
Using loophole during Windows reinstall (install files, then press Shift-F10 after 1st reboot)
Copy with rsync, keeping permissions:
https://mebsd.com/cli-commands/rsync-over-ssh-keeping-file-ownerships-and-permissions.html
--> Copy using rsync, keeping permissions
Fix sudoers: add
ssh-user ALL = NOPASSWD: /usr/local/rsync
then
rsync -a --rsync-path="sudo rsync" /usr/local/www ssh-user@backup-server.tld:/usr/backup_dir/
Remove Bit-Locker Encryption
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/74783472-3776-4b9e-a8f4-7ab777bd99d9/
--> About removing BDEDrive after BL was disabled for C:
bcdboot c:\windows /s c:
Then set c: as active
Question: What difference between this bcdboot command, and command bootrec above to repair a bad BCD?
Anyway I used that and it works
http://technet.microsoft.com/en-us/library/cc731894.aspx#BKMK_WINUI
--> About disk management on Windows 7
Namely how to shrink partition from command-line (using DISKPART), or from gui
Must remove restore points, cache file, hibernat.sys file, etc
Still the best is to use ntfsresize (that's what I did and it worked flawless')
http://technet.microsoft.com/en-us/library/cc732774.aspx
--> Overview on BitLocker
http://technet.microsoft.com/en-us/library/ee424315(v=ws.10).aspx
--> How to turn off bitlocker
o Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
o Find the drive on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker.
o A message is displayed, informing you that the drive will be decrypted and that decryption may take some time. Click Decrypt the drive to continue and turn off BitLocker on the drive.
That's what I did, work very well
http://www.howtogeek.com/howto/3187/disable-system-restore-in-windows-7/
--> Disable windows restore
Go to control panel, --> System --> System protection --> Configure... --> Turn off system protection
(one can also reduce space used by system restore)
Best to do before shrink a drive:
- remove / disable windows restore
- remove cache file
- remove hibernat file
- empty recycle bin
- boot in linux, check that System Volume Information is indeed empty
Virtualbox IO APIC
https://forums.virtualbox.org/viewtopic.php?f=9&t=21480
--> how to disable IO APIC after installing windows 7. But I read somewhere that IO APIC is mandatory for 64-bit.
Virtualbox P2V
--> use immutable mode while trying P2V, so that we can always revert (works for RAW image too)
http://www.rajatarya.com/website/taming-windows-virtualbox-vm
--> About RAW mode. Suggest to use custom mbr as in my notes, etc. + repair of windows
In the comments, script to create grub rescue iso:
#create a grub CD image
sudo install xorriso
grub-mkrescue ?modules=?linux ext2 fat fshelp ls boot pc ntfs? ?output=/home/myusernam/virtualbox/grub2.iso iso/
Also, another script to boot virtualbox as a separate user, who will have write access to disk device (because very bad idea to give world write access to /dev/sd*)
Very complex script, not sure it is useful (won't solve my audio problem it seems')
Virtualbox P2V - boot issue
If can't access safe mode (with list of drivers being loaded), then it is not a driver issue, but instead a MBR / VBR / Boot.ini issue (still might result into 0x7B error or various error messages)
If we see safe mode list, and get 0x7B before login screen, then that's clearly a driver issue / registry setting issue.
Replacing SYSTEM hive with another one from working VM should give access to login screen
If go to login screen, but reboot
Possible corrupted SYSTEM / SECURITY / SAM. Pick consistency set, and see if that boots
etc.
http://r3dux.org/2010/01/how-to-switch-a-virtualbox-windows-guest-hard-drive-from-ide-to-sata-mode/
--> About switching from IDE to SATA
On Windows 7, easiest is to add SATA controller, boot, have windows install the driver for it (on XP, require intel matrix driver), then uninstall it, reboot, etc
http://communities.vmware.com/message/2030146
--> Famous comment about setting driver at boot in registry service key
Basically, load remote HIVE SYSTEM, then edit as follows (0 means loaded at boot, required for windows to see the drive)
Aliide = 3
Amdide =3
Atapi = 0
Cmdide = 3
iaStorV = 3
intelide = 0
msahci = 3
pciide = 3
viaide = 3
LSI_SAS = 0
(some say also for LSI_SAS2)
In my case, this was not enough (had the extra setting in PnP + wrong Class/, wrong enum/ etc). Also I only use SATA, so I don't need LSI_SAS, etc
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1005208
--> Injecting SCSI controller device drivers into Windows when it fails to boot after converting it with VMware Converter (1005208)
Idem, about setting LSI_SAS to 0 (+ check that C:\Windows\System32\Drivers contains lsi_sas.sys)
http://blogs.technet.com/b/markrussinovich/archive/2011/11/08/3463572.aspx
--> About disk ID, disk signature collision, solve it by forcing online, how to use DISKPART to restore the old disk ID reference in BCD hive, etc. A must read
if disk ID not found, error 0x0000000e
Note that DISKPART can be used to put disk online using the CLI
Other links:
http://support.microsoft.com/kb/314082
http://support.microsoft.com/kb/922976
http://www.justandrew.net/2009/10/stop-0x0000007b-on-p2vd-windows-7.html
http://web2.minasi.com/forum/topic.asp?TOPIC_ID=31980
https://docs.google.com/document/d/1UFmoqJsQPO7p98Bv743xNsIF6BsdZruiJFkd3cqlb7A/edit?pli=1
http://www.registryonwindows.com/registry-security-2.php
http://technet.microsoft.com/en-us/library/bb457006.aspx
http://technet.microsoft.com/en-us/library/cc770856.aspx
http://www.gohacking.com/how-windows-product-activation-works/
WIndows 7 tips
psexec -i -d -s c:\windows\regedit.exe
--> very handy to see keys that otherwise are not shown in regedit (and also to ease access to some keys - I only need to change ownership once)
Linus tips
# To copy dd over ssh, simply pipe through ssh of course!!!
dd if=/dev/sda7 | ssh backupserver dd of=/backup/sda7.img
# Note that using scp does not work
# Alternative is to use regular 'cat /dev/sda' or 'cat > /dev/sda'
# To debug permission issues, find PID of faulty program (e.g. courier), then
strace -fp <pid>
# ... and then trigger action that cause the permission issue, and see the log above
# Simple shred (too pass over sdb - can also shred a file, but some limitation, see man page)
sudo shred -n2 -v /dev/sdb
# Other: wipe, or D-BAN (http://www.dban.org/)
# Network tools (from http://www.howtogeek.com/108511/how-to-work-with-the-network-from-the-linux-terminal-11-commands-you-need-to-know/)
curl & wget
ping
tracepath (similar to traceroute but does not require root privilege)
mtr (ping and tracepath together, identify at which hop packets are lost)
host (DNS lookups and reverse lookups)
whois
ifplugstatus
ifconfig
ifdown (same as ifconfig down) -- NOT ALLOWED WITH NETWORK-MANAGER
ifup (same as ifconfig up) -- NOT ALLOWED WITH NETWORK-MANAGER
sudo dhclient -r # release dhcp lease
sudo dhclient # get new lease
netstat
netstat -s # view detailed stat on each interface
1080i vs 1080p
http://www.howtogeek.com/132486/what-is-the-difference-between-1080p-and-1080i/