Recovery Feats
The RC is extremely handy when Win2K won't boot and you need quick access to the file system so that you can diagnose and repair the problem. Because the RC provides direct access to the file system and a host of low-level commands and utilities, it lets you perform some amazing recovery feats. The RC simplifies many of the NT recovery procedures I discussed in "Recovering from NT Startup Failures," parts 1 and 2, September and November 1999.
Although most users won't look forward to an opportunity to use the RC, it's an important tool to understand. Identifying likely causes of system startup problems before they happen—and understanding the steps necessary to correct them—is also important. Therefore, I've compiled a list of the most common software-related causes of Win2K and NT startup failures, based on my experiences recovering failed Win2K and NT systems:
- Corruption or deletion of a crucial system file (e.g., Registry hive files, ntoskrnl.exe, ntdetect.com, hal.dll, boot.ini)
- Installation of an incompatible or faulty service or driver, or the corruption or deletion of a crucial service or driver
- Disk or file-system damage or corruption, including damage to directory structures, the Master Boot Record (MBR), and the Win2K or NT boot sector
- Invalid Registry data (e.g., the Registry is physically intact but contains logically erroneous data, such as out-of-range data in a service- or driver-related Registry value)
- Incorrect or overly restrictive permissions on the \%systemroot% (e.g., C:\
winnt) folder
Although this list is by no means comprehensive, it covers the majority of situations that cause Win2K and NT 4.0 startup failures. Using the RC or a Safe Mode boot, you can correct the majority of these problems. Table 1 lists the most common system startup problems and recommended methods for tackling them in Win2K.
To demonstrate the potential usefulness of the RC in these situations, imagine a scenario in which one or more Registry hive files have become corrupted on a computer that uses an NTFS-formatted system volume. In my articles about startup failure recovery, I discussed several alternative methods for dealing with such a situation in NT. For example, you can copy a known-good set of Registry hive files by using a third-party utility (e.g., ERD Commander for NT 4.0) that allows write access to NTFS volumes, or you can use a parallel installation of Win2K or NT. (The Win2K Setup Repair process is also an option, although it doesn't offer the flexibility of the other methods.) In Win2K, you can easily boot to an RC console and copy and replace Registry hive files (or other crucial system files) that have become damaged or overwritten. In my scenario, you would simply log on to the desired Win2K installation and use the RC's Copy command to copy the necessary files.
You can also use the RC to resolve problems that underlying disk or file-system corruption causes. The RC includes several commands that can help you repair a damaged disk outside of Win2K. One such command is the Chkdsk command, which is similar to the Win9x and DOS command of the same name. Two other helpful disk-repair commands are Fixmbr and Fixboot. Like Win9x's Fdisk /mbr command, Fixmbr replaces the primary system disk's MBR with a clean copy—a feature that can resolve problems in which the MBR has become damaged or infected with a virus. The equally useful Fixboot command lets you repair the Win2K boot sector if it becomes damaged or overwritten during the installation of another OS (a situation resulting in the loss of the Win2K Boot Loader at startup). Another nice inclusion in the RC is Diskpart, a disk-management utility similar to the one that Win2K Setup provides. You can use Diskpart to perform basic disk-management tasks such as adding and deleting partitions.
The RC console provides several other potentially useful commands. For example, Listsvc, Disable, and Enable let you list, disable, and enable (respectively) system services and drivers. These commands are invaluable if a faulty service or driver is at the heart of a system startup problem. Using an RC session, you can simply disable the offending service or driver, then reboot the system—no Registry editing or restores are necessary.
Because the RC exposes both Win2K and NT installation folders on dual-boot systems, users of such systems might find it useful as a recovery tool for failed NT installations. Although several Microsoft articles warn against this usage, they offer no explanations to justify this warning. When I've used the RC to run various commands on NT 4.0 installations, I've experienced no problems. Most of the RC's commands are file-system-related and therefore work fine on an NTFS5 volume shared between Win2K and NT. (You must install Service Pack 4—SP4—or later on NT to support NTFS5.) However, if you use the Win2K RC to recover an NT installation, you'll be on your own as far as Microsoft is concerned. For more information about specific RC commands and syntax, see John D. Ruley, "Key Recovery Console Commands," page 151.
Can You Toss Your Old Tools?
Considering the RC's features and capabilities, you might be wondering whether you can toss out your NT 4.0 system-recovery tools and techniques. After all, with such a powerful tool at your disposal, are third-party utilities and parallel recovery installations still necessary? Before you start trashing disks and changing your disaster-preparedness procedures, you need to understand the RC's limitations.
First, the RC can solve the majority of, but not all, system startup failures. In some situations, the RC alone might not be enough to recover a failed system—for example, when overly restrictive permissions settings on the Win2K installation folder cause a startup failure. Because the RC doesn't provide a command that lets you edit file or folder permissions on a volume, you'll need to reset the permissions manually under a parallel Win2K installation or with a third-party utility. At least one third-party tool, ERD Commander, includes a permissions-reset feature.
Also, because the RC provides only a limited command-line-based environment, it won't let you run your GUI-based backup application to access and restore data. If you're unable to boot your primary Win2K installation and you need to restore data (e.g., from a tape backup) to complete the recovery process, you'll still want to have a parallel installation available that lets you restore the system's previous state.
Finally, you might encounter circumstances in which the RC becomes inaccessible. For example, if damage preventing the primary Win2K installation from booting also affects the RC installation, you might need to use one of the aforementioned alternative methods to access and recover the primary installation.
Another practice that you shouldn't ignore is regularly updating the Emergency Repair Disk (ERD) for each of your Win2K systems. Even under Win2K, ERDs are a valuable system-recovery tool. Like an NT ERD, a Win2K ERD can help the Setup Repair process locate a Win2K installation folder and provides a known-good backup copy of the Registry. If you don't like the idea of using Win2K's backup utility (the new tool for creating and updating ERDs) to manually update ERDs on all your systems, you might want to consider using a utility such as Aelita Software Group's ERDisk 5.0. This tool lets you create remote Win2K ERD backups across the network for multiple machines and also provides remote-recovery features.
You need to be aware of a few RC bugs and gotchas. One nasty limitation is that you can't install the RC on a software-based mirror/RAID1 volume (i.e., a volume that you created with NT's Disk Administrator or Win2K's logical disk manager, not a hardware RAID controller). In terms of partition-configuration requirements, the RC installation uses rules similar to Win2K's setup rules. As with regular OS installations, you can work around this problem by breaking the mirror, installing the RC, then reestablishing the mirror.
However, another gotcha presents itself: Win2K won't let you establish mirrored volumes on basic disks—only on dynamic disks. Therefore, if you have a basic disk mirror volume and want to install the RC, you'll need to convert the disk from basic to dynamic. Another ugly glitch is that, as of this writing, the RC fails to run if you convert its host FAT16 or FAT32 volume to NTFS. This situation's solution is to reinstall the RC, using the same procedure you used initially to install it.
Prepare for the Worst
Microsoft's introduction of safe-mode booting, the RC, and other Win2K system-recovery features is an important and necessary step in NT's evolution. The RC, in particular, is a powerful yet simple built-in tool that lets you resolve most of the problems that cause system boot failures. For more information about these recovery tools, see "Win2K Recovery Resources."
Remember that you can prepare your system for disaster by installing the RC on each of your important Win2K systems and performing frequent ERD updates. By doing so, you'll significantly improve your chances of achieving a quick and painless recovery in the event of a disaster.