Windows Server 2003 Boot Process: Common Errors & Solutions July 16th, 2008
The boot process starts when you turn on your computer and ends when you log on to Windows Server 2003. There can be various reasons for startup failures. Some can be easily corrected, while others might require you to reinstall Windows Server 2003. This article will help you understand and troubleshoot most of the errors commonly occurring during the Windows Server 2003 boot process. While diagnosing a server error, it is important to first determine at which stage the error occurred. A server error can occur when the server is booting, during its running time or even when it is shutting down.
The Boot Process The boot process will slightly differ depending on whether your server is using an x86-based processor or an Itanium-based processor. This article exclusively deals with x86-based boot Process If you are running Windows Server 2003 on an x86-based platform, the boot process consists of six major stages: 1. The pre-boot sequence 2. The boot sequence 3. Kernel load sequence 4. Kernel initialization sequence 5. Logon sequence 6. Plug and Play detection
Many files are used during these stages of the boot process. The following sections describe the steps in each boot process stage, the files used, and the errors that might occur.
Stage 1: Pre-Boot Sequence A normal boot process begins with the pre-boot sequence, in which your computer starts up and prepares to boot the operating system. The computer will search for a boot device based on the boot order that was configured in the computer’s BIOS settings. Steps in the Pre-Boot Sequence The preboot sequence is not truly a part of windows booting process. The pre-boot sequence consists of the following steps: 1. When the computer is powered on, it runs a power-on self-test (POST) routine. The POST detects the processor you are using, how much memory is present, the hardware is recognized and what BIOS (Basic Input/Output System) your computer is using. 2. The BIOS points to the boot device and the Master Boot Record (MBR) is loaded. It is
also sometimes called the master boot sector or even just the boot sector.The MBR is
located on the first sector of the hard disk. It contains the partition table and master boot code, which is executable code used to locate the active partition. 3. The MBR points to the Active partition. The active partition is used to specify the
partition that should be used to boot the operating system. This is normally the C: drive. Once the MBR locates the active partition, the boot sector is loaded into memory and executed. 4. The Ntldr file is copied into memory and executed. The boot sector points to the Ntldr
file, and this file executes. The Ntldr file is used to initialize and start the Windows Server 2003 boot process. Possible Errors & Solutions If you see errors during the pre-boot sequence, they are probably not related to Windows Server 2003, since the operating system has not yet been loaded. The following table lists some common causes for errors and solutions . Symptom
Cause
Solution You can protect your system from this type of error by using a virusThere are many viruses that affect MBR and scanning software. Most of the Corrupt MBR corrupt it. commonly used virus-scanning programs can correct an infected MBR. If the POST cannot recognize your hard drive, Recheck your device Improperly the pre-boot stage will fail. This error can configuration, driver settings. Also configured occur even if the device was working properly check for any hardware hardware and you haven’t changed your configuration. malfunction and failure. This can happen if you used the Fdisk utility If the partition is FAT16 or FAT32 and did not create a partition from all of the and on a basic disk, you can boot No partition is free space. If you created your partitions as a the computer to DOS or Windows marked as part of the Windows Server 2003 installation 9x with a boot disk. Then run active and have dynamic disks, marking an active Fdisk and mark a partition as partition is done for you during installation. active. Corrupt or You can restore this file through There are chances that, Ntldr file may be missing Ntldr Automated System Recovery or a corrupted or deleted by virus attack. . file Windows Server 2003 boot disk. Back to the Top
Stage 2: Boot Sequence When the pre-boot sequence is completed, the boot sequence begins. Ntldr switches the CPU to protected mode, which is used by Windows Server 2003 and starts the appropriate file systems. The contents of the Boot.ini file are read and the information is used to build the initial boot menu selections. When Windows Server 2003 is selected, Ntdetect.com gathers the system’s basic hardware configuration data and passes the collected information back to Ntldr. The system also checks to see if more than one hardware profile is detected; if so, the hardware profile selection menu will be displayed as a part of the startup process. Possible Errors & Solutions
The following table lists some common causes for errors during the boot stage. Symptom
Cause If Ntldr, Boot.ini, Bootsect.dos, Ntdetect.com, or Ntoskrnl.exe is corrupt or missing (by a virus or Missing or corrupt malicious intent), the boot sequence boot files will fail. You will see an error message that indicates which file is missing or corrupt. Improperly It can occur when you manually edit configured Boot.ini Boot.ini or if you have made any file changes to your disk configuration.
Solution
You can restore these files through Automated System Recovery.
Recheck your configuration.
Best method to trouble shoot it is to remove all the hardware that is not Unrecognizable or If the error that appears is due to required to boot the computer. Add improperly Ntdetect.com, the issue is surely due to each piece one by one and boot your configured hardware hardware problems. computer. This will help you to identify the culprit. Important Files Along with the Ntldr file, which was described in the previous section, the following files are used during the boot sequence: Boot.ini This is used to build the operating system menu choices that are displayed during the boot process. It is also used to specify the location of the boot partition. This file is located in the root of the system partition. It has the file attributes of System and Hidden. Bootsect.dos An optional file that is loaded if you choose to load an operating system other than Windows Server 2003, Windows 2000, or Windows NT. It is used only in dual- boot or multi-boot computers. This file is located in the root of the system partition. It has the file attributes of System and Hidden. Ntdetect.com Used to detect any hardware that is installed and add that information about the hardware to the Registry. This file is located in the root of the system partition. It has the file attributes of System, Hidden, and Read-only. Ntoskrnl.exe Used to load the Windows Server 2003 operating system. This file is located in WindirSystem32 and has no file attributes. Steps in the Boot Sequence The boot sequence consists of the following steps: 1. Ntldr switches the processor from real mode to protected mode. Then it starts file system
drivers which supports your computer’s file system.
2. Ntldr is responsible for reading Boot.ini file. It displays a “boot menu which lets users
to choose the operating system to load.If we choose an operating system other than Windows server 2003 say Windows 2000, or Windows NT, the Bootsect.dos file is used to load the alternate operating system, and the Windows Server 2003 boot process terminates. 3. Ntdetect.com file performs a hardware scan/detection and any hardware that is detected
is added to registry in the HKEY_LOCAL_MACHINE key. The hardware that Ntdetect.com will recognize includes communication and parallel ports, the keyboard, the floppy disk drive, the mouse, the SCSI adapter, and the video adapter. 4. Control is passed to Ntoskrnl.exe to start the kernel load process.
Back to the Top
Stage 3: Kernel Load Sequence All of the information that is collected by Ntdetect.com is passed to Ntoskrnl.exe. The kernel load sequence consists of the following steps: 1. The Ntoskrnl.exe file is loaded and initialized. ○ Initializes executive subsystems and boot system-start device drivers. NOTE: By executive subsystems, I meant Process and Thread Manager, The Virtual Memory Manager, The Input/Output Manager, The Object Manager, Runtime Libraries which all runs in kernel mode. ○ Prepares the system for running native applications. NOTE: If you are not familiar with native applications, then it needs explanation. Windows provide two type of API. Well known Windows API (All Windows programs must interact with the Windows API regardless of the language.) and Native API. Native API is used by some windows components like kernel level drivers and system process aka csrss.exe ○ runs Smss.exe. The function of Ntoskrnl.exe: 2. The Hardware Abstraction Layer (or HAL) is loaded. The HAL is a kernel mode
library (HAL.DLL) that provides a low-level interface with the hardware. Windows components and third-party device drivers communicate with the hardware through the HAL. 3. The control for the operating system is loaded. The control set is used to control system configuration information such as a list of device drivers that should be loaded. 4. Low-level device drivers, such as disk drivers are loaded. Possible Errors & Solutions: If you have problems loading the Windows Server 2003 kernel, you will most likely need to reinstall the operating system. Back to the Top
Stage 4: Kernel Initialization Sequence
In the kernel initialization sequence, the HKEY_LOCAL_MACHINEHARDWARE Registry is created, device drivers are initialized, and high-order subsystems and services are loaded. The kernel initialization sequence consists of the following steps: 1. Once the kernel has been successfully loaded, the Registry key HKEY_LOCAL_MACHINE HARDWARE is created. This Registry key is used to specify the hardware configuration of hardware components when the computer is started. 2. The device drivers that were loaded during the kernel load phase are initialized. 3. Higher-order subsystems and services are loaded. Note: Higher order subsystem include, POSIX Subsystem, OS/2 subsystem. Possible Errors & Solutions: If you have problems during the kernel initialization sequence, you may trying booting to the Last Known Good configuration. Back to the Top
Stage 5: Logon Sequence Session Manager Subsystem or smss.exe plays a vital role in logon sequence. Its main function include. 1. It creates environment variables in the operating system. 2. It Starts the kernel and user modes of the Win32 subsystem (win32k.sys and csrss.exe). It then starts other subsystems that are listed in HKLMSystemCurrentControlSetControlSession ManagerSubSystems Registry key. 3. smss.exe starts winlogon.exe, the Windows logon manager. winlogon.exe is a system service that enables logging on and off of users. It is also responsible for loading user profile. It invokes GINA( Graphical Identification and Authentication) which displays login prompt. The GINA accepts the user login credentials and passes it back to Winlogon. Winlogon then Starts Lsass.exe (the Local Security Authority) and passes login credentials to LSA. LSA determine which user account databases is to be used for authentication eg: Local SAM or Active Directory in case you are in a windows domain. 4. smss.exe finally starts the Services subsystem (Services.exe), also known as the Service Control Manager (SCM). It executes and performs a final scan of HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices to see if there are any remaining services that need to be loaded. Possible Errors & Solutions 1. If logon errors occurs, they are usually due to an incorrect username or password or to the unavailability of a DNS server or a domain controller to authenticate the request (if the computer is a part of a domain). 2. Errors can also occur if a service cannot be loaded. If a service fails to load, you will see a message in the System Log of Event Viewer. Back to the Top
Stage 6: Plug and Play Device Detection Phase
If Windows Server 2003 has detected any new devices during the startup process, they will automatically be assigned system resources. If the device is Plug and Play and the needed driver can be obtained from the Driver.cab file, they are extracted. Device detection occurs asynchronously with the initial user logon process when the system is started.