Hardware or Device Driver Failure
Hardware and drivers are typically supplied by the hardware vendor and issued as a CD, DVD, or download for the user to install when configuring the device.
For most of the lifetime of Windows, Microsoft has implemented a program that allowed Original Equipment Manufacturers (OEMs), upon payment of a fee, to supply their drivers to the Microsoft Windows Hardware Quality Lab (WHQL) team. The WHQL would extensively test and verify the compatibility of the driver against the selected operating system, and if the driver was functional then Microsoft would digitally sign the driver, include it in its Upgrade Advisor tool (which replaced the Hardware Compatibility List [HCL] used in the XP timeframe), and make it available as part of Windows Update. Hardware vendors could also enroll in Microsoft's "Compatible with Windows XP" or "Certified for Windows 7" programs, or later, the Windows Hardware Certification Program-all of which boosted sales through the reassurance that the device/software would be compatible.
Over the last five years, especially since Windows 7, hardware drivers have become much more robust than those found in Windows XP and especially the troublesome Vista. Windows XP suffered mainly due to the patchwork nature of its own evolution- remember that XP was launched in 2001, years before innovations such as Bluetooth and USB 2.0 had taken hold, and XP did not even Release to Manufacturing (RTM) with a firewall in place. Over its lifespan Windows XP had three major service packs (SPs) as well as thousands of smaller updates during the period that Microsoft still supported it. While this may or may not have created an unstable platform on which OEMs had to write drivers, it did create a headache for the HCL, and OEMs decided not to keep subscribing over and over again to get drivers validated for each SP.
Over time as XP became widely adopted, OEMs cut back on the driver approval process to save money. Without the habit or requirement to produce drivers that would be verified against Microsoft's strict compatibly testing, this resulted in some drivers being released that were incompatible and in several cases very suspect in terms of performance and reliability.
Windows Vista suffered from a number of driver-related issues at the time of release. After a long period of Windows stagnation (remember, Windows XP was very successful and users were reluctant to change), Vista arrived without much OEM support. The lack of adequate driver support was primarily due to Microsoft having changed the way in which Windows worked-Vista was a complete rework as far as the kernel, driver support, and security model. Nearly every legacy driver thus would no longer work with Vista. These legacy drivers would require a complete rewrite-something for which the OEMs did not have the capacity (or, for a period of time, the skilled developers with the up-to-date .NET skills to write them). Writing drivers for the new Windows therefore took some time, both to learn the new skills needed and also to achieve the required driver availability for the installed device population.
Note:
Just as with software installation, it is best practice to reboot the PC after each installation of hardware. This effectively creates a point that is either stable or unstable. Some issues may not present themselves to the user until after a reboot. Both are valuable checkpoints if troubleshooting needs to take place subsequent to the installation.
Resolving Registry Corruption
As we have mentioned, in some cases when the Registry detects inconsistencies in the Registry because "dirty" data has been written, it will attempt to self-repair during the bootup process. However, while poorly written software and drivers may not pollute the Registry with actual dirty data, they may leave the Registry in an unstable status or with areas of untidiness, which may create system instabilities whenever these areas are accessed.
Windows provides several tools that administrators can use to restore the Registry to a reliable state, including System File Checker, ChkDsk, System Restore, and Driver Rollback. You can also use third-party tools that will help repair, clean, or defragment the Registry.
System File Checker
System File Checker (SFC) is a legacy tool that still works on modern operating systems using an administrative command prompt. SCF seeks to check the integrity of each system file that exists within the Windows installation including Internet Explorer. A corrupted Windows system file can cause system instability and security vulnerabilities, and can lead to suboptimal performance during normal operations.
To invoke SFC, perform the following actions:
- Insert your Windows DVD install media (but do not launch setup).
- Open an administrative command prompt.
- Type: sfc /scannow and press Enter as shown.
SFC is included with all versions of Windows, but if you are attempting to run SFC on a Windows system that has been updated with one or more service packs, you will need to provide a DVD (or mounted ISO) of the Windows installation files that include the applied service patch. This is because SFC will check and use the SP versions of the system files to replace corrupted files.
Note:
SFC will take a long time to complete. SFC will check each system file for integrity and will repair any damaged system file that it finds.
SFC is not intended to be a regularly used troubleshooting tool; consider using it only when you encounter issues that relate to an unstable system.
ChkDsk
Another legacy tool, Check Disk (ChkDsk and ChkNTFS), will scan the computer's hard drives for errors and fix them. The tool requires administrative credentials to run since it operates at a low hardware level and needs to have exclusive access to the disk if fixing issues. To run ChkDsk, open an administrative command prompt, type the following, and press Enter.
ChkDsk C: /F
Running the ChkDsk tool on the System drive will result in the task being scheduled to run at the next system restart.
Any hard drive that is starting to fail to read or write data to the disk correctly is very likely to lead to file corruption on the system. Normally if the PC encounters a corrupted data file, this will result in some data loss and ultimately require the user to recover their files from a backup or File History. You should be specifically interested in corrupted Registry files as these can cause the system to hang or, more likely, crash.
Whenever Windows attempts and fails to read data from a corrupted system file, page file, or the Registry, Windows will display a Stop error, commonly known as a blue screen of death. If this happens, you should immediately troubleshoot your system to establish whether this is an isolated incident or whether the blue screen is an early indication of likely drive failure resulting in widespread file corruption and Windows instability. Drive failure may sound catastrophic, and it is, but normally some time prior to this a drive will exhibit the aforementioned failures, which are typical symptoms of bad sectors-areas of a disk that have become unusable. Most bad sectors are caused by physical disturbances such as voltage surges, physical damage, or manufacturing defects.
Software tools such as ScanDisk and ChkDsk are available for users to try to recover data. Typically once a bad sector is identified, the system marks it as bad so it will be hidden from the operating system and never be used again for data.
Windows 8.1 updated the Chkdsk tool so that it will run automatically in the background and actively monitor the health of NTFS volumes. Should a file system corruption be detected, NTFS now self-heals most issues when Windows is running, without requiring the tool to be run from an offline repair tool such as a recovery drive.
Note:
Under normal operational conditions you will not need to run Chkdsk if you use Windows 8.1 as the OS now monitors the file system for corrupted or bad sectors and fixes the problems as a background task.
CCleaner
Although we have already introduced the popular CCleaner tool from Piriform, it is worth including it again here in relation to resolving common Registry corruption issues. As discussed earlier, whenever software applications and hardware drivers are installed or removed from a PC there will be inevitable issues with leftover or orphaned fragments and incomplete or obsolete entries.
A Registry cleaner will carry out some or all of the following activities:
- Scan your Registry for unwanted/malicious entries
- Remove unwanted/malicious entries to mitigate against Registry bloat
- Remove outdated or superseded files
- Create backups of the Registry
- Remove incorrect file and program associations
- Restore the Registry if any maintenance task fails
- Defragment the Registry to remove any vacant spaces (empty placeholders left behind in the Registry)
- Repair or remove system files such as orphaned or shared DLL files, and locate device drivers no longer required and old ActiveX files
- Schedule scans to ensure that the Registry is scanned and errors are repaired automatically
Many third-party Registry cleaners will remove excess bloat and keys that are no longer relevant to the current system by deleting the unwanted keys and then defragmenting the Registry files.
System Restore
Turned on by default, System Restore has been a key recovery component of Windows for many years and can be extremely useful to recover a system that has encountered a variety of problems. One of the key aspects that we like is that the tool can be used by users of any ability, and can be initiated from either the Graphical User Interface (GUI) or, if the GUI is not stable or accessible, then from the Advanced Startup options within Windows 8.
System Restore is designed to apply a previously working snapshot (or system state) to your PC from an earlier date (such as yesterday or this morning), before it became corrupted, infected, or otherwise problematic-such as an infection with malware or a faulty driver. System Restore can be accessed via System Properties; select System Protection.
Note:
Performing a System Restore does not delete any of your personal files or settings, but you will lose any apps or installed programs that you have added to your system after the date of the chosen System Restore point. The installation files may still be on your PC, but their Registry entries will have been removed.
Windows 7 improved System Restore by allowing users to view a list of applications that might be affected by using System Restore. For any application other than a simple self-contained executable (such as Procmon.exe), this can be a big deal. Newly installed programs will not work after a System Restore recovery because the application entries within the Registry will not be restored during the restoration process, causing the software to fail when launched unless they are reinstalled.
Restore points are stored on the local system and managed by Windows automatically. They will be triggered when the following activities take place:
- Installation of new application
- Installation of device driver
- User manually creates a restore point within the System Properties dialog box by clicking Create...
To restore a PC that has become unresponsive or keeps crashing, use one of the following options.
Launch System Restore from Within the GUI
If you are using Vista, Windows 7, or Windows 8, you can launch the System Restore wizard by performing the following steps:
- Select System from the Administrative menu (Windows+X in Windows 8 and 8.1).
- Select System Protection.
- Click the System Restore... button.
- Choose the recommended restore point, or show more restore points.
- Click Next and follow the wizard instructions, allowing the PC to reboot.
- Once the process is complete, Windows will display the System Restore notification screen, which will advise if the process was successful or if the restore point could not be applied.
Note:
System Restore has always received mixed reviews from IT professionals; some like the tool, while others have little faith in its abilities. Our experience is that the tool is very credible and works well, especially on well-maintained systems. It remains a valuable tool in our troubleshooting toolkit and, being wizard driven, is generally not prone to user error.
Launch System Restore from the Advanced Options Menu Startup
On a Windows 7 PC, reboot the system and press F8 during the boot-up phase of startup, prior the "Starting Windows" logo being displayed. You should then see the Advanced Boot Options. To start the System Restore wizard, select the Repair Your Computer option.
If you are using Windows 8 or later, you can also invoke the Advanced Startup tools from within the GUI. If your PC will not boot into Windows due to startup failure, then the OS should automatically restart in the Recovery Environment and offer you options to help troubleshoot your PC.
If your PC does not offer you the recovery environment, insert your Windows 8 or later DVD or Recovery Disc and follow the "Press any key to boot to the DVD" prompt. Click Next, and then click Repair your computer. On the Choose an Option page, select Troubleshoot. (External link: Windows Recovery Environment (Windows RE) Overview, http://technet.microsoft.com/en-us/library/hh825173.aspx.)
On the Troubleshoot page, select Advanced options, then select System Restore.
On the System Restore screen, choose the operating system that you want to restore and then click Next. The System Restore wizard will now run, and you will be able to follow the wizard as it prompts you to select the appropriate restore point and then restart the PC.
Automatic Startup Repair
Windows 7 and later OSes can now attempt to automatically detect and repair many common startup problems without the need for user intervention. In nearly all scenarios where a PC has difficulty booting or starting, you should allow Windows to troubleshoot and fix the problem before moving on with your recovery plan to a more advanced stage. In Windows 8 the OS should initiate startup repair if any of the following issues are present:
- Windows fails to startup properly twice
- Windows is restarted unexpectedly twice within two minutes after the startup
- An error is detected during Secure Boot
- A BitLocker-related error is detected during startup on a touchonly device
If you have moved to Windows 8 from an earlier OS such as Windows XP, Vista, or Windows 7 and have tried to invoke the Advanced Boot Options by pressing F8, you will have noticed that this option is no longer available.
To allow a user to see the Advanced Boot Options, you will need to run the following command:
BCDEdit /set {bootmgr} displaybootmenu yes
You can then reboot the system and enter the Recovery Environment as shown previously, or wait for the command-line option, which allows you to press F8 and boot into the Startup Settings without requiring you to use the Windows DVD, and offers the tools. Notice that you can use either the number keys or function keys F1 to F9 to select an option.
Note:
By default the system will allow 30 seconds to decide if users wish to enter the boot recovery options during startup. This setting can be set to a lower number (such as 10) by changing the setting within the Startup and Recovery setting dialog box found in System Properties.
Last Known Good Configuration
Although this feature has been part of Windows for many years, most users either have not seen the feature or perhaps have misunderstood it.
If the user is unable to sign in to the system for whatever reason, Windows provides a little-known startup option called "Last Known Good Configuration", which will replace the current system Registry configuration (HKLM\SYSTEM\ CurrentControlSet) with a saved version of the Registry in which the boot process had been successful.
A successful boot relates to the success criteria of each of the following actions:
- Startup of auto-start services
- Load of device drivers
- User account sign in
Last Known Good Configuration should only use this feature if the problem relates to the current signed-in session and the user reported no incidents in the previous login.
The Registry stores information within the HKEY_LOCAL_MACHINE\SYSTEM Hive to indicate whether the system successfully started at the last startup. This information is located in the following subkeys:
- \CurrentControlSet (which acts as a pointer to the ControlSetxxx subkey, where xxx represents a number, such as 001, shown below in the Current value)
- \Select (which contains the following entries: Default, Current, Failed, and LastKnownGood)
During normal Windows startup, the Windows Boot Loader uses the control set given in the \Select\Default value, and if no errors are encountered then the values for the subkeys Default, Current, and LastKnownGood will all contain the same ControlSet subkey, such as ControlSet001.
If the startup process encounters issues and the user fails to sign in to a user account, the subkey for the Failed entry is updated to point to the failed configuration definition so that this is not used again.
In practice most troubleshooting issues relating to the startup process are attributable to corrupt, faulty, or incorrect drivers or loading service configurations and their interdependencies.
Note:
Last Known Good Configuration has been deprecated in Windows 8 and later in favor of the new Recovery Environment.
Roll Back Driver
If an incompatible or corrupted device driver has been installed on the PC, it is very likely to be responsible for any stability issues that may arise following the installation.
If you can sign in to Windows, you should be able to use a feature called Roll Back Driver, which will allow you to replace the updated driver with the previously installed driver, effectively rolling back the driver. In most cases this will resolve the problem. Roll Back Driver is an option found on the Properties tab of the device within Device Manager and was first introduced with Windows XP.
If the system is very unstable and will not allow normal booting into Windows, you can boot using Safe Mode, which is a version of Windows that loads a minimal set of essential drivers. Once in Safe Mode you should be able to either roll back the driver, or delete it and reinstall a working driver and then reboot.
To boot into Safe Mode, use the same process as indicated before to boot to the same menu that we saw for the Last Known Good Configuration (in Windows 7), then select to boot the PC in Safe Mode. If you are using Windows 8, boot to the Advanced Startup Settings and select Enable Safe Mode.
Many of these driver issues have been mitigated over recent years for a number of reasons, including a stable and consistent kernel model introduced with Windows Vista, and also the increased shift toward 64-bit computing, which requires all drivers to be digitally signed.