Absrtact: During the Windows Server 2003 startup process, there are a variety of issues, this article describes several stages of the operating system startup process, collects some common errors, and proposes solutions to these errors in the context of the Windows operating system startup process.
When diagnosing a system startup error, it is critical to determine which stage of the system error, the system boot process according to the CPU architecture slightly different, the following we briefly introduce the x86-based system start-up process of several stages:
1. Pre-Boot Sequence
2. Boot Sequence
3. Kernel Load Sequence
4. Kernel initialization Sequence
5. Logon Sequence
6. Plug and Play detection
Stage 1:pre-boot Sequence
Before the computer is ready to start the operating system, there is a pre-boot Sequence process, primarily the device boot sequence configured in the BIOS of the computer to find the boot device, Pre-Boot Sequence can divide the following steps:
(1) system power Self-Test: Mainly monitor the motherboard, CPU, memory and other computer hardware equipment used in information;
(2) Locate the appropriate boot device and load the partition table and the main boot code in the MBR,MBR, and navigate to the active partition through the main boot code;
(3) After the active partition is found through the MBR, load the BOOT sector into the memory and execute the code from the active partition;
(4) Find NTLDR file through BOOT sector, load NTLDR into memory and execute;
Possible problems and how to solve them:
(1) MBR damage
Symptom-partition table is incorrect
Symptom-Master boot code corrupted
Symptom-Ntdetect.com failed to gather hardware information
Reason:
MBR damage to boot drive due to virus or other human error editing;
Workaround:
After using the Windows PE system to boot the computer, use the Winhex tool to repair the MBR of the boot disk;
(2) Incorrect hardware configuration
Phenomenon: The main bulletin is wrong;
Cause: Critical hardware damage or improper configuration, such as memory stripe damage;
Solution: Through further hardware fault detection, for different hardware failure to do different processing;
(3) No active partitions found
Phenomenon: In accordance with the sequence of device startup, after the last stop in the following interface:
Cause: It is possible that the partition table was edited by the Fdisk tool without the specified active partition;
WORKAROUND: After you use the Windows PE system to boot the computer, use the Winhex tool to edit the partition table for the MBR of the boot disk, specify that the correct partition table entry's properties are active, and then reboot the operating system;
(4) NTLDR file missing or corrupted
Phenomenon: The output error message "NTLDR is missing", as shown in the following illustration;
Reason: NTLDR file is deleted or damaged by virus, or file system is damaged, cause NTLDR file damage;
Workaround: You can NTLDR files through system recovery or Windows Server 2003 boot disk;
(2) Incorrect BIOS configuration
Phenomenon:
Reason:
Workaround: Adjust the BIOS configuration according to the actual situation;
Stage 2:boot Sequence
When the Pre-Boot Sequence phase is complete, it begins to enter the Boot Sequence phase. You can divide the following steps:
(1) NTLDR the CPU operating mode from Real-mode to Protected-mode, and then initiates the file system drive to support the file system on the computer;
(2) NTLDR read BOOT. INI file, which is used to create initialization boot options, if you are selecting Windows Server 2003, an operating system other than Windows NT, Bootsect. The DOS file is read into memory to load the other operating system, and the Windows Server 2003 boot process is interrupted;
(3) When the System initialization boot option is selected, the boot volume is positioned according to the disk number and partition number corresponding to the boot entry;
(4) Find the Ntdetect.com file from the boot volume, Ntdetect.com the basic hardware configuration information of the detection system and write the configuration information to the HKEY_LOCAL_MACHINE key in the registry, the Ntdetect.com identified hardware including and not limited to the serial port , a port, keyboard, mouse, floppy disk, SCSI adapter and video card;
(5) Handing over control rights to NTOSKRNL. EXE, into the next phase;
Possible problems and how to solve them:
(1) Missing or corrupted startup files
phenomenon:
Reason: Ntldr,boot. Ini,bootsect. Doc,ntdetect.com or NTOSKRNL. EXE in a missing or corrupted, resulting in the operating system does not start normally, in general, through the wrong information can be accurately judged that the file is missing or damaged;
Solution: Can restore automatically through the system restoration;
(2) Boot.ini configuration is incorrect
phenomenon:
Cause: Manually edit the BOOT. INI file or modified the disk configuration;
Workaround: Check the boot after booting the computer with the Windows PE system. INI file content, and reconfigure according to the actual situation;
(3) hardware is not recognized or incorrectly configured
Phenomenon: Interface error message pointing to Ntdetect.com
Reason:
Solution: Need to further troubleshoot the specific reasons, can be removed by removing the new hardware and the corresponding driver to locate;
For some important startup file descriptions in this phase:
BOOT. Ini
used to create system selection menus during system startup, each system item has corresponding entries in the file and records the boot partition of the system. BOOT. INI file is generally located in the root directory, with System properties and hidden properties.
Bootsect. DOS
An option profile, in an environment where multiple operating systems are deployed, if you choose to boot to Windows Server 2003, an operating system other than Windows NT, this file will be loaded. Bootsect. The DOS file is located under the root directory and has system properties and hidden properties.
Ntdetect.com
Used to detect hardware devices that have been installed by the operating system and to add information from these hardware devices to the registry. The Ntdetect.com file is located in the root directory of the system partition and has system properties, hidden properties, and read-only properties.
NTOSKRNL. EXE
Used to load the Windows Server 2003 operating system, NTOSKRNL. EXE file is located in%windir%/system32.
Phase 3:kernel Load Sequence
When the Boot Sequence phase is complete, all the information collected by Ntdetect.com is passed to NTOSKRNL. Exe,kernel Load Sequence can be divided into the following steps:
(1) NTOSKRNL.EXE loading and initialization;
(2) Initializing the execution subsystem and starting the device driver with the type System-start;
Note: The implementation subsystem here refers to Process and Thread Manager, Virtual Memory Manager, I/O manager, Object Manager, Runtime libraries and other services that need to work in a kernel state.
(3) Preparing the system environment for running native applications;
Note: The native application here says that the Windows operating system provides two types of APIs, one is what we usually call the Windows API, all Windows programs need to rely on Windows APIs, the other is the Native API, some Wi Ndows components such as kernel drivers and system processes (such as Csrss.exe) rely on the Native API.
(4) Running SMSS. Exe
For some important startup file descriptions in this phase:
NTOSKRNL. EXE is critical in this phase and is used primarily to complete the following functions:
(1) Load HAL. DLL (Hardware abstraction Layer, a Kernel-mode library) that provides a low-level hardware interface in which Windows components and third-party device drivers rely on the HAL to communicate with the underlying hardware device;
(2) Load operating system control Set,control Set for controlling system configuration information (such as listing device drivers that need to be loaded);
(3) Loading low-level device drivers (such as disk driver Disk.sys);
Possible problems and how to solve them:
Phenomenon:
Cause: Hardware device drivers do not match, or the installation of a BUG security, encryption, filtering, Third-party Disk Management software, storage management software;
Workaround: Know what changes have occurred after the better solution, rollback operation, you can also borrow a group in the system's "Last Known Good Configuration" of the advanced option;
Stage 4:kernel Initialization Sequence
Kernel initialization Sequence primarily creates Hkey_local_machine\hardware registry keys and runs high-priority subsystems and services, you can divide the following steps:
(1) Once the Kernel is successfully loaded, a Hkey_local_machine\hardware registry entry is created that specifies the configuration information for the hardware device when the system starts;
(2) Initializing the device driver loaded with Kernel;
(3) Running high priority subsystem and service;
Note: High-priority subsystems include and are not limited to POSIX SUBSYSTEM,OS/2 subsystem.
Possible problem Resolution: Know what changes have been made after the better solution, rollback operation, you can also borrow a group in the system's "Last Known Good Configuration" of the advanced option;
Stage 5:logon Sequence
Smss.exe (Session Manager System) is a very critical role in the Logon Sequence and can be divided into the following steps:
(1) Create system environment variables;
(2) Initiation of the Kernel-mode (Win32k.sys) and user-mode portions (Csrss.exe) of the WIN32 subsystem;
(3) Starting the subsystem listed in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems;
(4) Smss.exe run Winlogon.exe (Windows Logon Manager);
Note: Attach a description of the function of the Winlogon.exe program:
Winlogon.exe is a system service This enables logging on and off of users. It is also responsible for loading user profile.
It invokes GINA (Graphical Identification and authentication) which displays login prompt. The GINA accepts the user login credentials and passes it back to Winlogon.
Winlogon then starts Lsass.exe (the local Security authority) and passes login credentials to LSA. LSA determine which user account databases are to being used for authentication eg:local SAM or Active Directory are in a Windows domain.
(5) After the verification of user rights, Smss.exe run Service.exe (Services SUBSYSTEM,SCM);
(6) Service.exe traverse HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to start a service of type "Autorun".
Possible problems and how to solve them:
(1) Landing failure
phenomenon:
Reason: User rights information validation does not pass;
Solution: Try to retrieve the right information, pay attention to whether the domain control caused, the ultimate solution is to use PE into the system after the use of tools to reset the password;
(2) service failed to start
Phenomenon:
Reason: Too many reasons, not one by one enumerations, cmd input eventvwr.msc open System Log to see specific details;
Solution: According to the System log records the right remedy;
Stage 6:plug and play Device detection
Plug and play Device detection is a process in which a system automatically detects the addition of a PnP device and finds the driver for the PNP device to try to function properly, by following these steps:
(1) Detect the new equipment in the start-up process, and automatically allocate system resources for the equipment;
(2) If the device is PnP and can find the corresponding driver from the corresponding Driver.cab file, the driver is extracted and installed automatically;
Possible problems and how to solve them:
PnP device is not functioning
Phenomenon:
Cause: Driver mismatch;
Workaround: Find a matching driver and install it;
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.