Diagnosing Problems In Windows
Last Updated: 31 Oct 2005 (Partial Update: 25 Aug 2010)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** PLEASE NOTE: Link(s), If Provided, May Be Wrapped ***
Troubleshooting Windows issues (particularly with NT and
beyond) is pretty straightforward, so long as you make
use of all of the native OS tools, plus a couple of free
3rd party utilities. Many people who experience problems
don't know where to start looking for the answer, or how
to avoid the majority of issues in the first place.
===================
TABLE OF CONTENTS
===================
1. COMMON SOURCES OF WINDOWS PROBLEMS
2. CHECK THE EVENTLOG
3. SCAN FOR VIRUS/SPYWARE ACTIVITY
4. RUNNING PROCESSES / OPEN HANDLES
5. FILE, REGISTRY & USER RIGHTS
6. OTHER THINGS TO CHECK
====================================
COMMON SOURCES OF WINDOWS PROBLEMS
====================================
The following issues are easily responsible for 99% of
all system instability issues, particularly with Windows:
• Bad or Flaky RAM
• Failing Hard Disk
• High CPU/Case temperatures (Insufficient cooling)
• Bad Drivers (usually with el-cheapo hardware)
• Inadequate or Dirty Power
• Overclocking (some devices cannot run out of spec)
• Improper Permissions/Rights (results in Access Denied)
• Dirty Upgrade from Win9x/ME to 2000/XP
• Virus Infection (can result in a wide variety of problems)
• Spyware Infection (can result in a wide variety of problems)
• Incorrect jumper settings on your hard drive
• Improperly terminated drivers and controller
• Disabled or Misconfigured Services
SYMPTOMS OF COMMON ISSUES
• Bad Drivers ............ BSOD (Blue Screen of Death) or Spontaneous Reboot
• Failing Hard Disk ...... BSOD or System Freeze or Application Crashing
• Overheating ............ Spontaneous Reboot or System Freeze
• Bad/Flaky RAM .......... System Freeze or Failed Install or Corrupt File Messages
• Dirty Power ............ Spontaneous Reboot or System Generated Errors
• Inadequate Power ....... BSOD or Spontaneous Reboot or System Freeze
• Overclocking ........... BSOD or Spontaneous Reboot or System Freeze
• Improper Permissions ... BSOD or System Generated Errors
• Dirty upgrade .......... BSOD or System Errors or Slowness or Erratic Behavior
• Virus Infection ........ Inexplicable slowness or Highly Erratic Behavior
• Spyware Infection ...... Inexplicable slowness or Highly Erratic Behavior
• Wrong Drive Settings ... Inexplicable slowness or Failed Install or Long Boot times
• Bad SCSI Termination ... Inexplicable slowness or Failed Install or Long Boot times
• Disabled Services ...... Poor System Performance or Installation Problems or Limited OS Functionality
====================
CHECK THE EVENTLOG
====================
One of the first places you should check if you begin to
have problems in Windows (NT/2000/XP) is the Event Log.
START --> RUN --> EVENTVWR
The info you find here can be invaluable in helping you
troubleshoot problems. In the event that you are unable
to logon to the machine, you can still attempt to view
the Event Logs from another machine on the same network.
Be sure to check all of the Event Logs, particularly:
- APPLICATION
- SYSTEM
- SECURITY
To help understand some of the messages you find
recorded within the logs, visit the following sites:
• http://www.eventid.net/
• http://www.microsoft.com/technet/support/ee/ee_advanced.aspx
• http://www.windowsnetworking.com/articles_tutorials/Monitoring-Troubleshooting-Event-Logs.html
You can search on Event IDs for more information and
possible solutions to your problems. This is a very
well-regarded site.
=================================
SCAN FOR VIRUS/SPYWARE ACTIVITY
=================================
Your antivirus should always be up to date, but if you
start to experience any weird system behavior, it is a
good idea to obtain the latest signatures and perform
a scan of your system.
Also check for SpyWare which might have come in under
the radar.
==================================
RUNNING PROCESSES / OPEN HANDLES
==================================
Some of the best tools for troubleshooting and recovery
or repair of 32-bit Windows systems can be found here:
• http://technet.microsoft.com/en-us/sysinternals/bb795533.aspx
Use PSLIST to see what processes are running, and HANDLE
to determine what file handles are being used by those
processes.
Unzip them as appropriate and place them into C:\UTILS
Next, open a Command Prompt (START -> RUN -> CMD) and
type the following commands exactly as they appear below:
C:\UTILS\PSLIST >C:\TASKLIST.INFO
C:\UTILS\HANDLE >C:\OPENFILES.INFO
FOR %V IN (TASKLIST OPENFILES) DO START NOTEPAD C:\%V.INFO
This will give you a list of processes and handles that
will allow you, or a system admin, to get valuable info
about your system's current condition.
NOTE: See scripts available near the end of this document
for generating more thorough diagnostics logs.
https://brainwavecc.com/TechDocs/Diagnostics.html
==================================
FILE, REGISTRY & USER RIGHTS
==================================
If you are having problems with applications crashing,
for instance, you can use REGMON, FILEMON and TOKENMON
to see what Registry Keys, Files, and User Rights Tokens,
respectively, are being accessed by the application or
processes in question. Also, you can use AUTORUNS to see
what apps are configured to startup at boot/logon time.
If you suspect that your system is suffering from memory
leaks, then you can use various Resource Kit utilities
to verify this, or download "User-Mode Dump Heap (UMDH)
from Microsoft's website.
Another good reason to use the aforementioned utilities
is to be establish what specific rights are needed to run
an app that insists that it needs Admin rights, when you
want to give it to people who are not local or domain
administrators. Same for needing "Power User", when you
only want your users to have "User" level rights.
• http://technet.microsoft.com/en-us/sysinternals/bb795533.aspx
• http://www.windowsitpro.com/Article/ArticleID/45878/Windows_45878.html
=======================
OTHER THINGS TO CHECK
=======================
Here are other things to check during troubleshooting:
If you are experiencing problems with a single workstation,
the first thing to do is to isolate all the differences
between the bad system and a good one. This list includes,
but is not limited to, the following:
USER ACCOUNT
USER RIGHTS
NETWORK SETTINGS
AVAILABLE DISK SPACE
POSSIBLE DISK CORRUPTION
OS VERSION & PATCHES
CUSTOM TWEAKS OR REGISTRY EDITS
OTHER SOFTWARE
HARDWARE
DRIVER VERSIONS
Once you have determined the difference(s), it is very
likely that you'll be able to solve the problem in short
order. The key is to avoid overlooking anything until
the problem has been resolved.
• Memory Allocation for Processes:
http://KB.UltraTech-llc.com/?File=TaskMgr.TXT
http://KB.UltraTech-llc.com/?File=Processes.TXT
http://KB.UltraTech-llc.com/?File=Services.TXT
• Disk Space Usage/Corruption:
http://KB.UltraTech-llc.com/?File=DiskSpace.TXT
http://KB.UltraTech-llc.com/?File=ScanDisk.TXT
• Network Settings:
http://KB.UltraTech-llc.com/?File=NetBasics.TXT
http://KB.UltraTech-llc.com/?File=Browser.TXT
http://KB.UltraTech-llc.com/?File=NameRes.TXT
• Device Manager:
http://KB.UltraTech-llc.com/?File=DeviceMgr.TXT
• OS and Version Info:
http://KB.UltraTech-llc.com/?File=SysInfo.TXT
http://KB.UltraTech-llc.com/?File=Versions.TXT
• User Rights:
http://KB.UltraTech-llc.com/?File=NTRights.TXT
http://KB.UltraTech-llc.com/?File=UserMgr.TXT
http://KB.UltraTech-llc.com/?File=UserAcct.TXT
• Registry Issues:
http://KB.UltraTech-llc.com/?File=RegEdit.TXT
• Virus & SpyWare Issues:
http://KB.UltraTech-llc.com/?File=AntiVirus.TXT
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
MICROSOFT RESOURCES
• BootVIS ................ http://www.microsoft.com/hwdev/platform/performance/fastboot/
• Diagnostic Guide ....... http://dsg.rte.microsoft.com/
• DLL INFO ............... http://support.microsoft.com/default.aspx?servicedesks/fileversion/dllinfo.asp?sd=vap&fr=0
• OEM Support Tools ...... http://www.winnetmag.com/windowsnt20002003faq/Article/ArticleID/15130/windowsnt20002003faq_15130.html
• UMDH ................... http://support.microsoft.com/?KBID=268343
• Troubleshooting Tools .. http://www.microsoft.com/windows2000/library/resources/reskit/samplechapters/pref/pref_tts_oqpg.asp
• Troubleshooting Guide .. http://www.microsoft.com/windows2000/library/resources/reskit/samplechapters/pref/pref_tts_imdz.asp
• Win2K Troubshooting .... http://www.microsoft.com/TechNet/win2000/win2ksrv/reskit/sopch14.asp
TROUBLESHOOTING TOOLS
• SYSTEMINFO ............. Native Utility -- WinXP
• Windows Support Tools .. Windows 2000/2003 CD (/SUPPORT)
• MemTriage .............. Resource Kit -- Server 2003
• AccessEnum ............. http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• Active Registry Mon .... http://www.ntutility.com/arm/
• ListDLLs ............... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• Registry Monitor ....... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• File Monitor ........... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• psFile ................. http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• Handle (CLI) ........... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• Process Explorer ....... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• Process Monitor ........ http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• AutoRuns ............... http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
• TaskInfo ............... http://www.iarsn.com/download.html
• RegDump ................ http://www.pyzzo.com/regdump/
• RegCleaner ............. http://www.macecraft.com/regsupreme/
• DumpTokenInfo .......... http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=15989
• IP Troubleshooting ..... http://ctdp.tripod.com/os/windows/wintcp/wtcptools.html
MEMORY MODULE TESTER
• Memory Tester .......... http://www.memtest86.com/
• SIMM Tester ............ http://www.simmtester.com/PAGE/products/doc/docinfo.asp
• Microsoft Memory Diag .. http://oca.microsoft.com/en/windiag.asp
HOW TO CHOOSE THE RIGHT POWER SUPPLY
• http://firingsquad.gamers.com/guides/power/
• http://www6.tomshardware.com/howto/20021021/powersupplies-05.html#practical_advice_the_perfect_power_supply
WHITEPAPERS & TECH DOCUMENTS
• http://www.windowsnetworking.com/articles_tutorials/Monitoring-Troubleshooting-Event-Logs.html
• http://www.jsiinc.com/subh/tip3900/rh3928.htm
• http://support.microsoft.com/?KBID=216368
• http://support.microsoft.com/?KBID=232830
• http://support.microsoft.com/?KBID=286198
• http://support.microsoft.com/?KBID=196453
• http://support.microsoft.com/?KBID=246199
• http://support.microsoft.com/?KBID=216368
• http://support.microsoft.com/?KBID=274038
• http://www.blizzard.u-net.com/winxphelp.html
• http://www.computerperformance.co.uk/event_viewer.htm
• http://www.billssite.com/2000prompt.htm
3RD PARTY RESOURCES
• http://eventid.net/
• http://www.tweakxp.com/
• http://www.ntfaq.com/
• http://www.jsiinc.com/reghack.htm
PERSONAL NOTES
• You can also obtain many diagnostic utilities as
part of the Windows 2000/2003 Support Tools, on the
Win2K/2K3 installation CD (SUPPORT folder)
• All of the tools at SysInternals are very useful
in making the most of Windows NT/2000/XP
• Poor drivers, bad RAM, weak Power Supplies and
Overclocking are the leading contributors of
system instability.
• Bad drivers are more likely to result in a BSOD, while
bad RAM or overheating will more likely result in a
system lockup, or spontaneous reboot.
• Hardware that was fine in Win9x may cause lockups
or crashes in Win2K/XP simply because it is border-
line or the drivers are different. NT/2000/XP tend
to stress hardware more than their low-end siblings.
• BootVIS helps you diagose Bootup problems in XP.
• REGMON and FILEMON can help you determine why apps
are loading slowly, why an app might be freezing,
what permissions are necessary to access a utility
or application, among other things...
RELATED SCRIPTS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/Scripts/?File=Debug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=IPDebug.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=GetInfo.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=BasicInfo.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=CheckDisk.BAT
• http://KB.UltraTech-llc.com/Scripts/?File=CleanTemp.BAT
RELATED TOPICS (ALSO IN THIS ARCHIVE)
• http://KB.UltraTech-llc.com/?File=OSBasics.TXT
• http://KB.UltraTech-llc.com/?File=Audit.TXT
• http://KB.UltraTech-llc.com/?File=BSOD.TXT
• http://KB.UltraTech-llc.com/?File=TaskMgr.TXT
• http://KB.UltraTech-llc.com/?File=Troubleshoot.TXT
• http://KB.UltraTech-llc.com/?File=SysInfo.TXT
• http://KB.UltraTech-llc.com/?File=InUse.TXT
• http://KB.UltraTech-llc.com/?File=OpenFiles.TXT
• http://KB.UltraTech-llc.com/?File=Processes.TXT
• http://KB.UltraTech-llc.com/?File=Services.TXT
• http://KB.UltraTech-llc.com/?File=Versions.TXT
• http://KB.UltraTech-llc.com/?File=NTRights.TXT
• http://KB.UltraTech-llc.com/?File=Perms.TXT
• http://KB.UltraTech-llc.com/?File=ResKit.TXT
• http://KB.UltraTech-llc.com/?File=RepairNT.TXT
• http://KB.UltraTech-llc.com/?File=Uptime.TXT
• http://KB.UltraTech-llc.com/?File=HelpDesk.TXT
• http://KB.UltraTech-llc.com/?File=~Searching.TXT
• http://KB.UltraTech-llc.com/?File=~Info.TXT
• http://KB.UltraTech-llc.com/?File=~MoreInfo.TXT
• http://KB.UltraTech-llc.com/Docs/?File=SupportChecklist.PDF