In situations where things
don't work as they should, you need to determine the level of the
problem first, and then try to identify how you can fix the problem. The
best way to do this is to identify potential problem levels. You
usually have to work with three different problem levels:
Level 1
relates to minor system issues. Most often, this will have something to
do with a minor component not working properly in Windows.
Level 2 becomes more serious and may have to do with systems not starting or with more comprehensive components being broken.
Level 3 relates to very serious problems and the issues that correspond to nonworking systems.
Windows Vista includes a
series of new tools that support the resolution of each of these types
of issues. But first, you must determine just how you go about looking
at the issues your users run into. Begin by using a basic
troubleshooting strategy.
NOTE
If you do not have a
problem tracking database, then look no further than Windows SharePoint
Services (WSS). WSS is a collaboration environment that lets you bring
together several sources of information in support of specific team
efforts. In addition, Microsoft offers a custom WSS template for a site
designed to manage help desk information.
1. Level 1: Dealing with system instability
Windows Vista includes several tools that provide information on system reliability and diagnostics, including the following:
Event Viewer:
This tool has been completely revamped to provide a solid
infrastructure for event management. This should often be one of the very first places you should look when issues arise.
Help and Support Center:
This tool has been updated since Windows XP. It includes information
that stems from the local help store as well as online data if a Web
connection is available. It profits from the new Vista search engine to
help locate solutions more easily.
Performance Information and Tools:
This tool, located in the Control Panel, provides a single interface
for the identification of potential issues related to system performance
(see Figure 1). Reach the console through Control Panel => System and Maintenance =>
Performance Information and Tools. This console gives you access to the
overall performance score on your PCs as well as quick access to tools
such as:
Manage Startup Programs lets you improve performance by controlling which programs launch when Windows does.
Adjust Visual Effects
enables you to control how a system uses Vista's graphical
capabilities, notably the Aero interface, and possibly improve
performance.
Adjust Indexing Options
can let you reduce the amount of system resources that are used to
index data. Vista uses up resources for indexing, especially in
environments in which no corresponding Search technology exists on
servers.
NOTE
To have
server-based Search tools that correspond to those in Vista, you need
one of two server-based technologies. Windows Server 2008 includes the
same Search technology as Vista and works in conjunction with the client
to offload search workloads. In addition, you can rely on Microsoft
Search Server 2008 Express which also provides a corresponding
server-based Search technology and runs on Windows Server 2003.
Adjust Power Settings
can let you increase or decrease power usage in certain connected or
disconnected scenarios and improve performance, possibly at the expense
of battery life.
Open Disk Cleanup lets you remove temporary and other files located on your disks.
Advanced Tools leads you to a series of much more powerful troubleshooting tools (see Figure 3).
Reliability and Performance Monitor: This tool is an updated performance monitor that includes a reliability history for the PC.
Task Manager: This tool provides information for ongoing performance as well as the list of running programs.
System Information: This tool provides details about the different components of the PC.
Performance Options: This tool lets you adjust visual effects, performance configurations, and Data Execution prevention.
ReadyBoost Devices: This tool enables you to control how external flash memory can be used to increase system performance.
Disk Defragmenter:
This tool can help improve disk performance by defragmenting the data
it contains. Disk Defragmenter works automatically in Vista and is
enabled to run once a week by default.
System Health Reports:
These reports are produced through the Reliability and Performance
Monitor. The reports give you a snapshot of the health status of a
system when you activate it.
These tools let you resolve most of the problems that occur on systems that are still running.
Using Vista's built-in diagnostics
In addition, Windows
Vista includes several built-in diagnostics tools. These tools are
based on Vista's new Windows Diagnostic Infrastructure (WDI), a
framework that is designed to collect information about potential
issues, provide automated resolution, and if these automated resolutions
do not work, support your interactive troubleshooting efforts. WDI
provides diagnostics at several different levels:
Disk Diagnostics:
This engine is designed to detect potential disk failures. It is also
used to guide you through data backups, disk replacements, and data
restoration procedures.
Memory Diagnostics:
This engine works with the online crash analysis database Microsoft
maintains to help identify issues related to failing memory. It lets you
test memory as the system restarts and mark bad memory sectors as
unusable.
Network Diagnostics and Troubleshooting: This engine helps identify network connectivity issues. Many of these issues can be corrected automatically with this engine.
Resource Exhaustion Prevention:
This engine will automatically warn users when system resources are too
low and will do so before a system hang can occur. It identifies which
processes are using the most memory and provides information on how you
can reclaim these resources before the system crashes.
Diagnostic information
from each one of these engines is stored within the appropriate Event
Log including the automated repairs performed by the tool (see Figure 13.4).
If the event indicates that the tool could not resolve the problem,
then it provides information about how the problem might be resolved. In
addition, if the system is connected to the Internet, then you can use
the Event Log Online Help provided by Microsoft to find more information
on a particular issue.
Using Problem Reports and Solutions
Windows Vista also
includes an automated problem reports and solutions infrastructure. Find
the Problem Reports and Solutions (PRS) interface by choosing Start
Menu => All Programs => Accessories =>
Maintenance. This tool logs all system issues as well as their
solution. It gives you access to the problem history of any system. You
can also use it to drill down into the problems that a specific PC has
encountered. Problems are categorized based on origin and issue type.
The details of each problem are documented, as shown in Figure 5, as well as potential resolution approaches.
However, this tool does
not resolve all issues. For example, you might have a historical issue
with a system that has not been resolved for some time, but you can use
PRS to periodically check for updated solutions. Microsoft maintains a
database of these issues and lists potential solutions including links
to manufacturer Web sites when the issue relates to a specific component
on your computer.
By default, PRS is
configured to automatically verify for solutions online, but you can
modify the settings. In fact, in Advanced Settings, you can even control
a blocked list of problems to ensure that critical organizational
information is not sent to Microsoft. Rely on this interface to map out
if a "new" issue has ever occurred before on a system.
Using the Reliability Monitor
The Windows Reliability
Monitor is a subset of the Windows Reliability and Performance Monitor
(RPM) section of the Computer Management console. RPM is also available
as a standalone snap-in for the Microsoft Management Console; however,
the Computer Management console is still better to use because it
includes so many other useful tools.
When you launch the
Computer Management console (Go to Start Menu and then right-click on
Computer to select Manage or Start Menu => Administrative Tools => Computer Management) and move to Reliability and Performance (Computer Management => System Tools => Reliability and Performance node), you see an instant summary of all of the core resources on the computer system, as shown in Figure 6.
This overview includes CPU, disk, network, and memory resources. Below
the Reliability and Performance node, you can see several different
items:
Monitoring tools includes both the traditional Performance Monitor and the Reliability Monitor.
Data
Collector Sets is where you store collection sets when you want to
capture performance data over longer periods of time. It also includes
Event Tracing captures.
Reports include the performance reports you generate over time.
Both Reports and
Data Collector Sets include User-Defined and System sections,
segregating the items you generate from those the system itself
generates.
To view the Reliability
Monitor, you need to move to Reliability Monitor under the Monitoring
Tools node. Note that the Reliability Monitor tracks all system changes
from the day it was installed to the day you are viewing it (see Figure 7). Each time a system change is performed, it marks it as a change point.
Reliability Monitor tracks the following different types of changes:
Each failure is marked as a
change point in the System Stability Chart histogram. You can click on
any information bubble to view the actual change the system recorded.
This makes it very easy to find out if a specific change occurred on a
system before issues arose. Indeed, it helps you really discover the
answer to the question: "Did you change anything on the system before
this issue occurred?" As you know, users are often reluctant to answer
"yes" to such a question because they fear it may be their fault. With
Reliability Monitor, you avoid such guilt issues because the system
itself tells you if a change occurred.
Reliability Monitor uses a
scheduled task to pick up and record reliability information about each
system. This task runs once a day and starts one day after the
installation of the system. You can find this task by choosing Computer
Management => System Tools => Task Scheduler => Task Scheduler Logs => Microsoft => Windows => RAC. This is a hidden task so you'll need to use View =>
à Show Hidden Tasks to see it. Do not disable this task if you want to
rely on the Reliability Monitor when you need to troubleshoot system
problems.
Using the System Configuration tool
Another useful tool for
system troubleshooting is the System Configuration tool. System
Configuration (accessed by choosing Start Menu => Administrative Tools => System Configuration) lists the configuration settings for a system. This includes:
The last item, Tool
access, gives you access to a wide selection of tools for system
troubleshooting and may be the best part of the System Configuration
dialog box itself (shown in Figure 8).
This list of tools includes anything from general Windows version
information to Remote Assistance and much more. Rely on this tool as an
application launcher when you do not know which tool to go to when
troubleshooting a particular problem.
Relying on System Restore points
Microsoft introduced the
concept of a System Restore point with Windows XP. Basically, a system
restore point is a point-in-time snapshot of the system's state before a
modification is performed. By default, each time a significant
configuration change is performed on a Vista PC, Windows captures the
state of the computer before the change is implemented. Because of this,
you can always return to this previous system state should the
configuration change destabilize the PC for some reason.
NOTE
If you use
application virtualization technologies to manage and deploy
applications within your network, you will not need System Restore as
much because a virtualized application does not modify the operating
system in any way. Therefore, when virtualized applications are
deployed, system restore points are not created.
System restore points are created under different situations:
Automatically whenever a new program or device driver is installed on the system
Automatically every day
Automatically when you use System Restore on a computer
Manually through the use of the System Protection tool
This means that you can
protect system configurations at any time. Restore points capture all
sorts of data including system files, registry settings, and program
files. It will also capture scripts or any other executable file on a
system. System Restore can protect a PC even when you use it because it
automatically creates a restore point before restoring the system to an
earlier stable configuration, so if using System Restore does not solve
the problem, then you can use it again to undo the changes it made.
NOTE
System Restore
does not modify user data files so you don't need to worry about them
should you need to move to an older configuration. You should, however,
always protect user data files.
Start System Restore by choosing Start Menu => All Programs => Accessories => System Tools => System Restore to return a system to a previous configuration (see Figure 9).
This starts a wizard that leads you through the system restoration. By
default, it selects a recommended restore that is the most recent
restore point, but you can also select from a series of restore points.
To do so, you need to select the Choose a different restore point option
on the wizard's startup page. This leads you to a list of available
restore points. Once again, by default only the restore points from the
last five days are displayed. To list more restore points, select the
Show restore points older than 5 days option, as shown in Figure 10.
Then, after you've selected the restore point to return to, you click
Finish. At this point, Windows will undo changes up to the selected
restore point.
If you prefer to create a
manual restore point, then click on open System Restore on the home
page of the wizard. Doing this opens the System Properties dialog box
and gives you access to the ability to create a specific restore point.
System Protection is enabled by default for all hard drives in a PC.
Each restore point takes up about 300MB or less. Restore points continue
to be written to a disk so long as it contains sufficient disk space.
If space is at a premium, the feature automatically overwrites older
restore points. Learn to rely on this feature to protect stable system
configurations.
