Troubleshooting Strategies
Troubleshooting Strategies |
|
The Windows 2000 registry is a database repository for information about a computer's configuration. The registry contains information that Windows 2000 continually references during operations, such as:
The registry is organized hierarchically as a tree and consists of subtrees, keys, subkeys, and entries. The registry has five predefined keys through which all registry subkeys and assigned values are accessed.
Note
When accessing the registry of a remote computer, only the registry keys HKEY_USERS and HKEY_LOCAL_MACHINE appear.
The five subtrees, through which all registry keys, subkeys and assigned values are accessed, are defined in Table 14.7.
Table 14.7 Registry Subtrees
| Subtree | Definition |
|---|---|
| HKEY_CURRENT_USER | Contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is referred to as a user's profile. |
| HKEY_USERS | Contains the root of all user profiles on the computer. HKEY_CURRENT_USER is an alias for a key in the HKEY_USERS subtree. |
| HKEY_LOCAL_MACHINE | Contains configuration information particular to the computer (for any user). |
| HKEY_CLASSES_ROOT | Contains two types of data: data that associates file types with programs, and configuration data for COM objects. |
| HKEY_CURRENT_CONFIG | Contains information about the hardware profile used by the local computer at system startup. |
A registry editor is an advanced, Windows-based tool for changing settings in your system registry, which contains information about how your computer runs. Windows 2000 stores its configuration information in a database (the registry) that is organized in a tree format. Although the registry editors Regedit and Regedt32 allow you to inspect and modify the registry, normally you do not need to do so, and making incorrect changes can break your system. An advanced user who is prepared to edit and restore the registry can safely use a registry editor for such tasks as eliminating duplicate entries or deleting entries for programs that have been uninstalled or deleted.
Folders represent subtrees, keys, and subkeys in the registry and are shown in the left pane that is displayed when you use the registry editors. In the topic pane, the entries in a key or subkey are displayed. When you double-click an entry name, it opens an editing dialog box.
Warning
Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.
Edit your registry only if it is absolutely necessary. If there is an error in your registry and your computer ceases to function properly, you can restore the registry to its state when you last successfully started your computer. To do this, either select Last Known Good Configuration from the Hardware Profile/Configuration Recovery menu that is displayed during the startup process, or press F8 during Setup and select Last Known Good Configuration from the Windows 2000 Advanced Options menu. For more information about the Windows 2000 Advanced Options menu, which includes three safe mode options, see "Startup Process" in this book.
You can use a registry editor to add or delete keys and subkeys, and to add, delete, or change the values of entries. Entries that appear in the registry editors consist of three components. For example, in the following registry entry:
RefCount : REG_DWORD : 0x1
RefCount is the entry name, REG_WORD is the data type, and 0x1 is the value of the entry.
Regedt32 and Regedit provide the following ways to update registry information:
Note
When Auto Refresh is in effect, a check mark appears next to the command and both Refresh All and Refresh Active on the View menu are unavailable.
You cannot use Auto Refresh while displaying the registry from a remote computer. If you click Auto Refresh while displaying a remote registry, the manual refresh options (Refresh All and Refresh Active) are not available. Although Auto Refresh appears to be working as it would if a local registry window were displayed, the contents of the remote window are not automatically refreshed.
For more information about using a registry editor to save a portions of the registry as files, and about printing, importing, and exporting registry data, see Windows 2000 Server Help and the Technical Reference to the Windows 2000 Registry (Regentry.chm) on the Windows 2000 Resource Kit companion CD.
Many problems can be traced to services, device drivers, or startup control data. The Windows 2000 registry subtree HKEY_LOCAL_MACHINE contains this configuration information, so it is a good place to look for information to solve these types of problems.
Caution
Do not use the registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.
Most of the examples in this section use the Regedt32.exe registry editor.
Table 14.8 briefly describes the registry keys for the HKEY_LOCAL MACHINE subtree.
Table 14.8 Registry Keys in the HKEY_LOCAL_MACHINE Subtree
| Key | Description |
|---|---|
| HARDWARE | Describes the physical hardware in the computer, how device drivers use the hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. |
| SAM | Contains security information for user and group accounts. |
| SECURITY | Contains local security policy, such as specific user rights. |
| SOFTWARE | Describes the software installed on each computer. |
| SYSTEM | Controls system startup, device driver loading, Windows 2000 services, and operating system behavior. |
The SYSTEM key is the most useful for troubleshooting.
The registry information and examples in this section use the Transmission Control Protocol/Internet Protocol (TCP/IP) network protocol, which uses a DHCP server to get IP addresses. If your computer has a different configuration, or has third-party device drivers or services installed, the registry contains different information.
The HKEY_LOCAL_MACHINE\SYSTEM key contains information that controls system startup, device driver loading, Windows 2000 services, and operating system behavior. All startup-related data that must be stored (rather than computed during startup) is saved in the SYSTEM key.
Some of the most important troubleshooting information in the registry key HKEY_LOCAL_MACHINE\SYSTEM is the information in the control sets. A control set contains system configuration information, such as which device drivers and services to load and start. There are at least two control sets, and sometimes more, depending on how often you change system settings or have problems with the settings you choose:
The registry subkey HKEY_LOCAL_MACHINE\SYSTEM\Select identifies how the control sets are used, and determines which control set is used at startup. This subkey contains the following entries:
Note
The Windows 2000 Advanced Options menu is displayed in safe mode. For more information about safe mode, see "Startup Process" in this book.
You can start your computer in either of the following configurations:
The configurations are stored as control sets in the registry key HKEY_LOCAL_MACHINE\SYSTEM. If you made changes to your configuration when you were last logged on, such as adding drivers, changing services, or changing hardware, the two control sets contain different information. As soon as you log on, however, the information in these control sets is the same. Therefore, if you are having problems with startup and think the problems might be related to changes in your configuration, do not log on. Instead, restart the computer, and start safe mode by pressing F8 when prompted. Select the Last Known Good Configuration option when the Windows 2000 Advanced Options menu is displayed. The Last Known Good Configuration option can help you recover from the following types of problems:
Using the LastKnownGood control set does not help in the following situations:
The values for the entries in the Select subkey identify which control set is Current, Default, Failed, and LastKnownGood. For example, a value of 0x00000001 indicates ControlSet001 (Current).
ControlSet001 is modified when you make any changes using options in Control Panel. ControlSet001 will be used for the Default control set the next time you start the computer.
ControlSet002 is the LastKnownGood control set. If you choose this control set to start the computer, Windows 2000 uses ControlSet002.
This section describes using information in the Control and Services subkeys to troubleshoot problems with your computer.
When you install Windows 2000, it creates the Control and Services subkeys for each control set subkey in the HKEY_LOCAL_MACHINE\SYSTEM key. Some information, such as which services belong to which group, and the order in which to load the groups, is the same for all Windows 2000 computers. Other information, such as which devices and services to load when you start your computer, is based on the hardware and the network software installed on your computer.
Each control set has four subkeys:
Note
The Control and Services subkeys can be used for troubleshooting startup and device driver problems, respectively.
The registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
\Services contains information that controls how services are loaded. This section describes some of the entries for this subkey, with an explanation of their values.
You can see the order in which device drivers must be loaded and initialized by viewing the registry subkey HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Control\ServiceGroupOrder.
Many device drivers are arranged in groups to make startup easier. When device drivers and services are being loaded, Windows 2000 loads the groups in the order defined by the ServiceGroupOrder subkey.
When a subkey in the Services subkey has a value for the DependOnGroup entry, at least one service from the group must be loaded before this service is loaded.
The DependOnService entry identifies specific services that must be loaded before this service is loaded.
By knowing the dependencies, you can troubleshoot problems more effectively. If a service is stopped, the services that depend on that service are also stopped. When you start a service, the Service Control Manager automatically starts services on which the selected service is dependent.
If any of the files that are part of a service are missing or corrupt, an error occurs when you try to start the service.
The ErrorControl entry controls whether an error during the startup of this driver causes the system to switch to the LastKnownGood control set. If the value of this entry is 0 (Ignore, no error is reported) or 1 (Normal, error reported), startup proceeds. If the value is 2 (Severe) or 3 (Critical), an error is reported and the LastKnownGood control set is used.
If the value of the ErrorControl entry is 0x1, an error is logged in the event log, but Windows 2000 completes startup.
The ImagePath entry identifies the driver path and file name. You can use My Computer to verify the existence of the named file. The value of the ImagePath entry is
The Start entry determines when services are loaded during system startup. If a service is not starting, you need to determine when and how it should be starting, and then look for the services that should have been loaded prior to this service. Table 14.9 describes the values of the Start entry that determine when services are to be loaded.
Table 14.9 Values for the Start Entry
| Value | Meaning | Description |
|---|---|---|
| 0 | Boot | Loaded by the boot loader (NTLDR or OSLOADER) during the startup sequence. |
| 1 | System | Loaded at kernel initialization during the load sequence. |
| 2 | Auto Load | Loaded or started automatically at system startup. |
| 3 | Load On Demand | Driver is manually started by the user or another process. |
| 4 | Disabled | Driver is not to be started. If a driver is accidentally disabled, reset this value by using the Services option in Control Panel. However, file system drivers are loaded even if they have a start value of 4. |
The Type entry shows where the service fits within the Windows 2000 architecture. Table 14.10 lists a few possible values for the Type entry.
Table 14.10 Sample Values for the Type Entry
| Value | Description |
|---|---|
| 0x1 | Kernel device driver. |
| 0x2 | File system driver, which is also a kernel device driver. |
| 0x4 | Set of arguments for an adapter. |
| 0x10 | A Win32 program that can be started by the Service Controller and that obeys the service control protocol. This type of Win32 service runs in a process by itself. |
| 0x20 | A Win32 service that can share a process with other Win32 services. |
Many of the services that have a Type value of 0x20 are part of Services.exe.