First Fatal KSOD on Vista

To summarize:

XP Home on our SFF Shuttle desktop system. Vista Home Premium (x32) on both our laptops. Win 7 RC Ultimate (x64) (VHD booted) on both of those same laptops. Win 7 RC Ultimate on Alvis’s laptop (native install).

The XP system has seen a few BSOD’s over the years, but always I have been able to recover the system and get past it.

The Vista systems have seen more than a few BSOD over the past year.  Almost exclusively they have been related to video-driver updates.  There have also been a handful of times that I thought I was getting one of Vista’s blacK Screens Of Death (KSOD) after reboots from Windows Updates.  However in the first case, judicious use of the System Restore point or “Last Known Good Configuration” has always saved my bacon.  In the latter case, patience was the key and after leaving it on the black screen with the cursor on reboot eventually (up to 30 min sometimes) the system eventually completed it’s updating and progressed on normally.

I’ve never seen any KSOD or BSOD on either of the Win 7 systems during booting or as a crash. Ever.

So when little bro texted me earlier last week saying he was rolling in from the Red Baton with his Dell XPS system stuck on a KSOD I couldn’t help but get a little excited.

Yesterday, from 3:30 to 8:00 PM we watched football, had guy-talk, ate Sonic, and had a grand ole time as I attempted to get the system and his data safely back in operation.  Oh yeah, Mom and her four-legged white-shag carpet hung out as well enjoying her sons’ banter.

Digger had already done all the right things up to that point to attempt to restore the Vista system to good graces.  Unfortunately it just wasn’t cooperative.

The patient was a still-young Dell XPS system, quad Intel cores, 4 GB RAM, with two appx 500 GB HDD’s.

It was last seen functioning fine on Wed. when he returned it was locked up and rebooting into Vista brought up the green loading bard which progressed to a black screen with no cursor movement.  Leaving in this state for hours brought no changes.

So I sat down and evaluated the situation with him.

It wasn’t a boot-loader issue as he could successfully get to the Vista loading process displays.  And, since I had set it up to dual-boot Win 7 RC (x64) via VHD earlier in the year, that system was still loading with no complaints..allowing him to function just fine (though his user-data was still in the Vista system).

It saw that Vista system as a “D” drive but was “inaccessible” due to not setting security permissions to allow him access to it via Win 7.  Certainly we could have done that (as I have done on our own dual-boot laptops) but I was still in the initial troubleshooting stages and didn’t want to complicate things.

I had brought over with me my custom Win PE 3.0 bootable USB stick so I booted the system with it, and then just copied his Vista “user” folder over to his secondary hard-drive to “rescue” his personal files, music, etc. Just over 130 GB in data.  Sheesh!

With that safely tucked away, were were now good to proceed with attempting to get the main system going again.

Based on his trouble description and what I was seeing, I was suspecting that he was encountering some kind of driver loading error.  Maybe an update was recently applied that killed it during the loading process, or some kind of service was failing to load.

I tried to use Nir Sofer’s Drop-Dead-Quick Blue Screen of Death Diagnosis Utility but unfortunately, though bro is a geek, he hadn’t configured his system to save crash-dumps automatically.  So even though he had briefly seen a BSOD flash once during one reboot attempt, we couldn’t access any clues from it.

The various safe-mode boot options didn’t help, they also died on the KSOD with an unmovable cursor.

Last Known Good Configuration didn’t help at all either.  Same thing.  Nor did booting to a command-prompt.

I had a Vista recovery disk burned (as did bro.) so I re-did those options.  (See also Creating a Windows Vista Recovery CD - TechRepublic.com.)  The “Startup Repair” option seemed helpful but I learned (and he had earlier found out) no problems were detected.  “System Restore” was unhelpful as he had also not set his system to enable automatic/periodic System Restore Point creations.  Bummer.

So running out of our “usual” options for repair, I turned next to the tips in this post shared by BackRoomTech Julie.

• Fix for Windows Vista Black Screen of Death, aka KSOD « the back room tech

That post (and the subsequently updated source post, REVISED: How to fix the Vista KSOD (blacK Screen Of Death) | LogBlog) required some geek-fu.  Again turning to my Win PE 3.0 boot stick, I mounted the Registry Hive, checked the recommended key, but alas, it was set to what it should have been.

In the comments I did find several other neat tips, such as pressing the left-shift key five or so times quickly to enable the “sticky-keys” dialog to come up.

- After boot up, wait a few minutes at the KSOD until disk activity stops
- Shift key five times, or hold shift for 8 seconds, until Sticky/Filter keys pops up
- Say ‘Yes’
- Configuration menu for sticky/filter keys comes up. Under the Help menu, choose “Is this version of Windows legal”
- Internet Explorer is launched. In the address bar, enter C:\Windows\explorer.exe

From there (if you can get there) you can then attempt to run msconfig to disable your startup options.

Some folks got lucky with this approach, but in our case either Sticky Keys was disabled or the system just wouldn’t get to a point where we could activate it.

There were also a few comments that said if you renamed/deleted the Logs folder (’Go to C:\Windows\System32\Winevt\ and rename your Logs folder to Logs_Bad, and make a new Logs folder’) it might help resolve a KSOD error.  No go.

Most of these tips are lined out in detail here in this very fine post:

• Vista Black Screen of Death (KSoD) – Lanarkshire IT Services

Truth be told, there are many, many reasons why a Vista system can KSOD. In some cases restoration is possible, but in most (particularly with no previous System Restore Points available) success may be limited.

So with all known avenues exhausted, it was time to flip the switch and reload Vista.

Bro had brought along his Dell OEM System Restore disk.  We popped it in and began the “Fresh Install” process.  About 45 minutes later it was completed.

The following were known or unexpected treats I discovered:

1. Because the previous Windows system was still present, it automatically found and applied his original OEM Vista key.  No reactivation was required.
2. The old Windows folder was renamed to Windows.OLD. This will be beneficial later.
3. The custom bootmgr wasn’t modified by this process. (referring to our dual-boot with VHD mod). After the new Vista system was installed, we could still boot to the Win 7 VHD system with no impact! Nice.

When we got his Vista system through the initial profile/system setup, we looked for updated and found almost 70+ were required.  I also found that the OEM disk set it up as SP1 level.  Instead of doing all those updates, then putting SP2 on the system, I tried to just download SP2 directly.

And found that I am spoiled.

Mom’s home (where we were at) is equipped with DSL broadband.  I have cable broadband at home.  A Vista SP2 download would normally take me anywhere from five to ten minutes at home.  At mom’s, the download was reporting a seven-hour download time.  Egads!

I had brought a lot of files with me but not that one.  On the other hand, the job wouldn’t be done (in my book) until the system was fully patched and updated.  Even though bro. could take care of that himself back in the Red Baton.

However, just maybe…just maybe…we might be set.

Knowing that Windows almost always keeps a copy of the downloaded update packages on file, I did a quick search for the Vista SP2 setup file in the Windows.OLD folders using the wildcard *KB948465*.  Sure enough, there it was!  I copied it to a fresh “temp” folder and in no-time flat had his Vista system updated to SP2.  A few more update checks got the remaining hardware/software updates Windows needed.

Done.

We may never know what caused the KSOD on his system.  He still has a few key programs to reload back at his place, but only a few as he is now committed to waiting for the public release of Windows 7 in the next few weeks.  Then he can pave Vista and get a fresh load of Windows 7…which he seems to be much more impressed with anyway.

And no, Windows 7 is not immune from the KSOD either.

While researching a solution to the Vista issue, I stumbled on this announcement that came out related to Windows 7 just last week.

• Windows 7 RTM Black Screen of Death after Forced Shutdown - Outpost Users Support Forum

In hind-sight, the only other thing I should have done was to toss Harlan Carvey’s RegRipper or Mark Woan’s RegExtract at the hive files.  They weren’t corrupted and I was able to “off-line mount” each of them in regedit while troubleshooting. While this certainly wasn’t a forensics response, the system-data that they could rip out of the registry might have provided me the needed clues to determine what had been going on at the point of initial system failure.  So sysadmins, don’t forget the benefit of these tools for system troubleshooting and troubleshooting information gathering. Be familiar with them.  I’m going to ask bro. to extract these original hive files for me (or do it over a remote-wire connection) and analyze the results…maybe later this week.

Here’s looking at you, KSOD.

Claus V.