Blog Host: Bernie Klinder - Founder of LabMice.net and contributing author READ ENTIRE BIO

My basic assumption as to why people leave out this data when submitting troubleshooting questions is they don't know where to look. For most common error messages (especially application crashes), Microsoft creates an error report that includes the details of the event and the option to send the data to Microsoft. By simply clicking the option to view the details of the report, you can discover quite a bit more information about the event, whether or not you choose to send the data to Microsoft.

Another primary source of error information is the Event Viewer, which can be accessed via the Microsoft Management Console (MMC) or through the Administrative Tools menu. Event logs are the primary troubleshooting tool used by most administrators and can be very useful in tracking down the root cause of hardware, software and system problems.

For more information about program errors, a Windows utility called Dr Watson can view the information located in the log file. To open Dr. Watson, click Start, and then click Run. In the Open box, type drwtsn32.

These tools should help you locate a more precise source of the error and a detailed error report. In most cases, the error you've discovered is not unique and a fix usually exists. If the error is related to the operating system, you can search for a solution at Support.Microsoft.com. If the case of hardware or software compatibility issues, you may need to check with the appropriate vendor's support center.
Posted by Bernie Klinder The next big thing
09 MAR 2005 21:48 EST (02:48, GMT)
It's a big week for technology. Yahoo turns 10 years old. The W3C consortium is meeting to discuss the next generation Internet. Microsoft is talking about moving into business services and making software for small and medium-sized businesses. And Moore's law keeps humming along. I often wonder on what our society will look like just a few years down the road. Ten years ago we were running Windows 95 from scrappy dial-up connections. The business world saw the Internet as TV with a "buy" button. Everyone was making fantastic predictions of what the technology would mean and how it would change our lives. As usual, the media often got it wrong, and the quiet in-the-know geeks had it pegged.

I'm often struck that despite Microsoft's massive R&D budget, very few innovations have come from Microsoft. Since 1995, we've seen the explosion of broadband, PDAs, MP3 players, wireless networking, blogging, P2P file sharing, DVRs, Blackberries, Bluetooth devices and LCD monitors. There were certainly hints at many of these changes coming over the years, but what's more interesting is what didn't take off, has gone away or become near obsolete: Usenet, voice recognition software, WebTV, VCRs, Divx, pagers, Active Desktop, Microsoft Briefcase, shotgun modems, smart refrigerators, Segways and a million goofy dot.com businesses.

I've noticed that the next big thing is rarely revolutionary, but more often evolutionary -- an improvement on an existing idea. A move to improve, not a brand new direction. People looked at a problem and said, "Why do I have to do it this way?" Technology should be easier and simpler to use, not more complex. We don't need more features, information, tools or gadgets. We need to reduce the complexity of items to the point that anyone and everyone can use them. Simpler interfaces. More reliability.

I'm bringing this up partly because of all of the rapid technology change going on and the rush to add features to things just for technology's sake.

Take Windows for example: Microsoft is hard at work building Longhorn, but I can't think of a new feature that I really want except for the one they threw out -- the new Windows File System. What I do want is a more secure, stable Windows platform. Improve the current tools and features such as Windows Task Manager and Event Viewer. Replace cryptic error messages with plain English versions that automatically scan for hotfixes. Make Windows self-monitoring and healing. Improve command line functionality. Nail the security. Who needs a 3D desktop?

Microsoft is also working on the next version of Office. I can't imagine what they would add other than improving performance and security. Voice recognition is great for specific applications, but I can't see 300 people in cubicles giving up their keyboards and dictating their e-mail and Word documents. The best thing to happen to Office in the last five years has been the spam e-mail filter in Outlook 2003 and Office Update. Personalized menus drive me nuts. And don't get me started on Microsoft Clippie.

The entire reason Windows and Apple grew in popularity was that they greatly simplified the task of computing by replacing the DOS prompt with a logical graphical user interface. Fifteen years later, Windows has become too complex for most users. It has too many features that go unused. And the features it needs aren't available yet.

Which brings us back to Yahoo. What is a Yahoo anyway? It used to be a search engine. In 1999, if your Web site wasn't listed on Yahoo, you might as well not exist. Now it's branched out into so many things, it can barely define itself. Media company, portal, dating site, community and so on. No wonder people prefer Google. It's simple, and it works. I don't have to hunt through lines of text and ads to find the search bar. It's right there.

And that's really what we need. Simpler tools that function reliably and are easier to use.

How's that for the next big thing?
Posted by Bernie Klinder The Windows Appliance
08 MAR 2005 23:36 EST (04:36, GMT)
All this discussion of software product liability and making Windows rock solid brought me to an interesting question.

Why can't Windows be imbedded onto a chip?

Not the whole operating system, but the core kernel and its required critical files. Imagine a Windows system that could boot instantly and was completely incorruptible -- regardless of what happened to the data on the hard drive....You could at least be able to boot to a command prompt, or maybe even a GUI-based safe mode with networking support. No more boot disks or remembering to activate the recovery console -- the core OS is always there. Stable, incorruptible and embedded onto a chip that is part of the motherboard. Nothing but physical hardware failure could make the system unbootable.

Microsoft already makes a number of NT-based imbedded products, and Windows Mobile proves many of the concepts as well. It is possible to make a GUI-based OS with networking capability on a chip at a reasonable cost. It doesn't have to do everything Windows does now, just run troubleshooting and recovery operations. The configurable and extensible part of the operating system would reside on the hard drive with the rest of the system data. Updating the core OS files would be similar to flashing the system BIOS. But malware, spyware and common system errors could never phase the core OS files. The system would even solve Microsoft's piracy concerns, as it would be tougher to duplicate the chip, and you couldn't install the "secondary" or extended components of the operating system without the chip.

Thinking about the average computer user's needs, you could extend the Windows embedded and Windows Mobile OS models to run a desktop-level PC with only basic functions. For example, many of my friends and family members only use their PC for a limited range of functions. E-mail, browsing the Web, storing files, creating documents and so on. All the things that can be done using Windows Mobile on my Dell Axim. The problem with the Dell Axim is the screen size and lack of keyboard. It's perfect as a PDA, but lousy as a PC replacement. However, a device that looks like a small laptop with a built-in keyboard and color flat panel monitor running Windows Mobile Edition with a slot for an Compact Flash Card would be perfect. Windows Mobile already runs Internet Explorer, Outlook, Word, Excel, Solitaire and Windows Media Player. Its the perfect system for grandparents, public kiosks, hotel rooms and Luddites. If the system acts up, hit reset -- your data is stored on the CF card. Call it Windows Basic or Windows Appliance.

As part of my Microsoft MVP privileges, I have the permission to e-mail Steve Ballmer and Bill Gates directly. Maybe I'll send this idea along and see what kind of response it gets. You never know....
Posted by Bernie Klinder Liability, part 2
07 MAR 2005 23:56 EST (04:56, GMT)
I thought it was an interesting coincidence that after blogging about product liability litigation for software, the cover of the current issue of BusinessWeek is all about fixing the tort system, the part of our legal system that handles civil lawsuits including product liability. It seems odd that one side of the fence wants to expand product liability to include software, while the other wants to rein in the legal system that has gone amuck. Our current system of suing the deepest pockets we can find for whatever bothers us began with good intentions back in the '50s when legal scholars argued that civil lawsuits should do more than compensate victims for their losses -- they should serve as a financial incentive for companies to prevent accidents and improve the safety of their products. The unfortunate result was that these civil lawsuits have become big business, and consumers are constantly bombarded with messages encouraging them to reach out and sue someone.

I have to add for a moment that I'm not against product liability or holding companies liable for defective products. But these steps need to be implemented intelligently and not just run up the flagpole. In my opinion, the only people who will benefit from software liability laws would be lawyers. I haven't experienced any tangible benefit from the governments multi-million dollar anti-trust case against Microsoft. Or from the 1996 false advertising lawsuit against Intel, which awarded the right to claim a $50 discount off a new microprocessor to 500,000 people. (Incidentally, only 150 people took advantage of the offer.) In our brave new world of software product liability, software companies would be flooded with class action lawsuits for every disclosed product bug, and the people actually affected by the bug would get next to nothing. Did I mention the cost of the software would go up to cover the costs of the product liability?
Posted by Bernie Klinder Liability for whom?
04 MAR 2005 21:54 EST (02:54, GMT)
There's been some discussion in the media lately (including in the Wall Street Journal) regarding holding software vendors legally liable for damage caused by flaws in their software. The logic is that most manufacturing companies are liable for flaws in their products, and companies spend millions annually troubleshooting software and recovering from security breaches due to bugs. While this movement is popular with the masses as well as politicians pandering for cheap votes, it is a colossally bad idea. Here's why:

1. The costs of product liability would ultimately be born by the consumers. If you think software is expensive now, wait until companies are on the hook for billions in potential lawsuits and liabilities. Companies have to pass these costs along in their pricing or go out of business. This is a variation of the old political trick of promising voters that they will lower personal income tax and increase the tax on corporations. You may get a fatter paycheck for a while, but everything you buy will be more expensive because companies pass the additional costs along to consumers. Cheap PCs and software would be a thing of the past. Say good-bye to freeware and shareware as well.

2. Fear of litigation will stifle innovation. The more complex an application is, the more likely it is to have a few bugs. The testing cycle required to eliminate every bug would significantly slow down product cycles and new features. Instead of new versions of software becoming available every 2-3 years, you'll wait 5-7 years. To push products out faster would require more testing, which increases development costs and ultimately the costs of software for consumers.

3. Use restrictions. The other way to ensure reliability is to lock down the software completely. One of the reasons Apple computers are so stable is that Apple tightly controls the hardware the OS runs as well as the software written for it. You can't load Mac OS on any off-the-shelf PC or run as many programs on it. Hold software companies liable for their products, and they'll probably specify what hardware and software platforms are supported, and perhaps even ship their software preloaded on a machine that cannot be configured or loaded with additional software. The entire success of the PC market was based on the portability of the operating system to a variety of compatible platforms, which lowered costs.

4. Small software companies would suffer the most. Perhaps Microsoft, Oracle and a few other major vendors have the legal muscle and bankroll to fend off a swarm of lawsuits, but I'm betting new start-ups and smaller companies that produce specialized software don't. One significant lawsuit would put them out of business forever and would discourage others from entering the market. The only hope for any company is to produce only small simple applications that are very limited in scope. Reducing the size and complexity of software means reducing functionality, scalability and customizability.

5. The blame game will heat up. Actually proving which bug was responsible for your data loss or downtime is already a challenge. Third-party software vendors blame the operating system, and the OS vendors blame poorly written software and drivers. Most security breaches occur from the inside or exploit old vulnerabilities that should have been patched. Then there is all the things users do themselves. Custom scripts, registry hacks, other applications, hardware failures, interoperability problems and any other interaction may be deemed a contributing cause and drag out the proceedings. Proving the exact state the software was in and the definitive cause of the failure will require new levels of computer forensics. And, in the end, only the attorneys will win.

6. Exclusion clauses. Your current software license agreement severely limits the vendor's liability for harm or data loss regarding their software. If you legally abolish this "out," vendors will have to counter with specific exclusion clauses that void warranties or expressed liabilities. Sort of like the "use only as directed" label on other consumer products or a companies insistence that all product maintenance and updates have to performed by their service technicians, using specific parts and on a specific schedule.

I'm sure that some see this as an opportunity for the open source movement to gain popularity. Would software companies have to give their software away to get around product liability laws and then charge for support and training to cover development costs? Could the open source community keep up with the demands of the global business community? Would every company have to develop all of their industry-specific applications in-house?

There isn't a significant piece of software on the planet that doesn't have a bug in it. To truly secure or stabilize any computer, you would need to lock it down to the point of being useless. And given the choice between the mildly buggy software that is affordable, extensible, portable, scalable and flexible or the alternative, I'll take the version I've got.
Posted by Bernie Klinder We have met the enemy, and it is us...
03 MAR 2005 23:35 EST (04:35, GMT)
As a follow up to yesterday's topic of reloading OS systems, I'd like to discuss the reasons why operating systems fail and what measures we can take to prevent or at least minimize failure. Over the years, I've done quite a bit of troubleshooting on both Windows NT-based servers and workstations, and I've noticed that most troubleshooting falls into the following categories:

1. The user did it to themselves. This is the most common cause for workstation-related issues. Over-tweaking settings, attempting to clean up files, boosting performance, loading some goofy software, forgetting a password, deleting files and so on. These things are generally preventable at the domain level via software restriction policies and a few well placed security policies. If you lock down your enterprise, your help desk calls will drop significantly.

2. OS bugs. Despite dramatic improvements in successive versions, Windows still has its share of problems. As a Microsoft MVP, I know how hard the people at Redmond are working to improve the quality of their products, improve processes and prevent future issues, but these things take time. Unfortunately, promises of future improvements don't help administrators trying to manage current systems. The best we can do here is report issues to Microsoft as they come and keep our systems up to date as much as possible.

3. Software issues. Incompatibilities between third-party software, buggy patches or service packs, registry corruptions, corrupt system files and poorly written hardware drivers plague Windows servers and workstations. Software testing is a common practice at larger IT departments, but isn't done as often in smaller environments. If you need to install software before testing it, back up your systems first.

4. Network issues. Failing to connect or authenticate to domain controllers, network resources, the Web and so on. These can be difficult to troubleshoot because of the combination of factors that can contribute to a failure. The larger the network, the more this becomes an issue. Good network design, documentation and the right tools can help administrators isolate and identify problems quickly.

5. Hardware issues. Incompatible hardware, failed hard drives, memory, power supplies, memory and so on. Anything with a moving part will fail eventually. That's just the way things are. But you can minimize failure of components by ensuring a reliable and stable power source and by keeping your components as cool and dust free as possible.

6. Security issues. Someone maliciously attacks your network from the inside or outside. (This includes spyware, Trojan horses, viruses and other unauthorized software.) Technically, it's preventable, as most hackers use known security exploits to expose the operating system.

Ideally, you should never have to reload your OS unless your hard drive failed and your disk is simply unrecoverable. Between the backup utility, the recovery console and the System Restore tools, you should be able to get yourself out of just about any mess. In theory. That theory assumes you backup your system regularly, and you know how to use the Recovery Console.

Every time a client calls me and says, "My system won't boot. Can you help me?" I ask for the Emergency Recovery Disk and the location of the backup media. That's usually followed by a minute of silence and a blank stare.

Before giving up and simply wiping your hard drive clean and starting over, you should try two things:

1. If your system can boot to Safe Mode, log on as the local Administrator and run the System File Check utility. You run this either from the Command Prompt, or clicking Start > Run and typing "sfc /scannow".

   The utility checks the integrity of the Windows System Files and replaces them if necessary. This alone has recovered more systems in less time than any tool I've ever used.

2. If your system cannot boot to Safe Mode, and the Recovery Console can't resolve your issue, try using the Repair option. Boot your system using the Setup Disks or a Bootable CD-ROM, and, instead of doing a complete reinstall, choose "Repair" instead. The Repair option may rewrite your registry and your previously installed applications may not work, but it buys you enough time to backup your critical data before wiping your system clean. If you have been backing up your system on a regular basis, this option will also allow you to access those backup files and restore your system's registry.

1. Partition your hard drive into two drives, or use a second drive (external or internal) to store backups. Most desktops come with 40GB drives. Saving 10-15GB on a separate partition for backups should be plenty of room. For laptop users, consider using an external USB hard drive.

2. After you've installed XP, enable the Recovery Console

3. Make a copy of the XP installation (i386) folder onto your local drive.

4. After activating XP, make a full backup of the clean operating system and store it on the extra drive. Load your applications, mail settings, service packs, product updates, security settings and anything else you typically configure and back it up again.

5. Create an Emergency Repair Disk (Windows 2000) or an Automated System Recovery Disk (Windows XP Pro and Windows Server 2003). Put it in an envelope and tape it to the side of your workstation's case, or store it in a safe place where you know you can find it when needed.

6. Start backing up your systems on a regular basis, or consider using Drive Imaging software such as Symantec's Norton Ghost to make complete copies of your entire disk and schedule regular backups as well. The advantage of Ghost is that it uses its own boot disk that can access CD-/DVD-ROM drives, network cards and external USB drives even if Windows won't start. In small environments, Ghost will save you lots of time restoring workstation and laptop images in the event of failures. I've even used it to back up single domain controllers in small business environments that don't have multiple servers. Symantec also makes a product called Live State Recovery, which is very similar to Ghost.

7. If you're a network administrator, consider purchasing Winternals Administrator Pack. At $1,2000, it's out of reach for most home users, but on a medium-sized network, these tools are worth their weight in gold!

In the course of cleaning a number of infected systems, I've had the chance to experiment with a variety of solutions. For many people, the tools of choice have been a combination of AdAware and SpyBot, two freeware tools that work very well when used together. In recent weeks, I've been testing Microsoft's AntiSpyware Beta as well as WebRoot's SpySweeper. On a number of occasions I discovered that AdAware and SpyBot found a sizeable number of programs and did a fairly good job of eliminating them. Afterwards, I installed and ran Microsoft's AntiSpyware Beta, which located another dozen or so items that were missed in the first scan. I followed this scan by installing and running SpySweeper, which located another dozen items that were missed by the other three programs. In all, over 50 spyware programs were found and there are still items that were missed, partly because spyware is being developed and distributed at a rate faster than these companies can keep up.

Obviously. taking a reactive "cleanup" approach isn't working well. However, preventative measures such as firewalls and spyware detection software aren't 100% effective either. While Microsoft's software restriction policies are moderately effective, they're a pain to implement. Tools such as DLL checking can significantly degrade performance, and disabling ActiveX and cookies in IE makes it more difficult to view legitimate sites that aren't afflicted with spyware. Some experts advocate dumping IE in favor of Firefox, but as this browser increases in popularity, it seems logical that it will also become the target of spyware.

One innovative solution for Internet Explorer that I've been testing is a Registry modification from Spyware Guide, which blocks known malicious ActiveX controls from running (since IE and ActiveX controls seem to be the favorite tool for spyware creators). For a small, relatively simple solution, it has been remarkably effective based on some short term observations. Spyware Guide also has a comprehensive list of Spyware programs that can be helpful in identifying and cleaning up spyware. Another useful tool has been ProcessLibrary.com, which provides a searchable list of known processes that can be found using the Task Manager in Windows. If you don't recognize a new process, plug it into their search engine and you'll find out its source and function.

What I'm curious about is what has been the impact of spyware in your organization and what tools or solutions have been most effective in combating it. I am especially interested in the growing arena of corporate and enterprise solutions from McAfee and Symantec. Are their solutions working in your environment? Are they working as well as some of the older and more established anti-spyware tools? Drop me a line and let me know.
Posted by Bernie Klinder Taking a byte out of Windows
28 FEB 2005 04:59 EST (09:59, GMT)
Troubleshooting anything is a task often loathed by many system administrators. As a group, we'd rather be implementing, creating, building and expanding than fixing things. We expect that computers on our network should just work, like our appliances at home. Plug it in, power it up, fill it with data, applications or whatever, and it should just run. Period. Never mind poorly written applications, lousy device drivers or a few bugs in the 30 million lines of code that comprise the current version of Windows Server. We understand mechanical failure; hard drives and power supplies fail all the time. They wear out. That makes sense to our logical brains. But when something less tangible goes bad -- like the operating system -- we lose patience. We often can't physically see the problem, all we know is the system keeps crashing and offering up some cryptic error code that only means something to a few programmers in Redmond. We get angry, and soon begin to resent the idea of troubleshooting. As a result, the task of troubleshooting is handed off to the new guy or rotated around like some loathsome burden.

And therein lies the problem. Troubleshooting anything is a science. You have to understand how things work they way they do and how parts relate to one another; you have to have a methodology for isolating a root cause. Ignoring the problem or passing it off like a hot potato just makes things worse. The best way to approach a problem is to be unemotional about it and approach it as a challenge or a puzzle. It's natural to be frustrated and view fixing things as an unproductive task, but we need to set these emotions aside and focus on the problem at hand. Every software application has bugs, and no operating system is perfect, especially Windows. I won't get into the Unix/Linux/Novell/Apple debate. Suffice it to say that Windows isn't going anywhere for a while, and pretending things wouldn't break with a different OS may provide an outlet for our frustrations, but it doesn't solve our basic issue.

Prior to being a network administrator, I spent 10 years as a paramedic in Cleveland, Ohio. In that job, rapid troubleshooting skills are essential. That troubleshooting ability is based on a time-tested methodology that is translated into specific protocols and steps each paramedic follows to resolve the problem at hand. Medical emergencies are broken down into "troubleshooting trees," or flowcharts that indicate what problems to rule out first and where to look next. These procedures were logical and methodical and were drilled into us so we didn't panic and "blank out" in an emergency. When I made the transition from medicine to IT, troubleshooting came easy to me. I just applied the same methodology I'd been using on the street. While troubleshooting Windows isn't as glamorous or exciting as a being a paramedic, it's a lot less messy. And the pay is better.

Over the next few weeks, I hope to share some those troubleshooting skills with you. I'll take on some real-world Windows OS problems and offer solutions; I'll add articles, and suggestions and highlight tools that will make your troubleshooting tasks easier. I'll also be addressing the idea of preventative medicine and how to head off problems before they start. Jumping from emergency to emergency may be part of the job for a paramedic, but it's no way to run a network.

In the meantime, send me your OS-related troubleshooting questions and war stories. My crystal ball is in the shop, so be sure to include as much detail as possible such as:

• Your OS version (Windows 2000/2003/XP)
• Any specific error messages you may get (event logs errors, screen messages and so on)
• When the problem started
• Any changes prior to the problem starting
• Basic configuration data related to your issue -- for example, if this is a network problem, I'll need details of how your network is configured with domain/workgroup, LAN/WAN, general topology and so on
• Service Pack level
• What you've tried already to resolve the issue