



 |
Troubleshooting and Configuring the Windows NT/95 Registry
-3-
Potential Registry Problems
If the Registry is severely damaged, access to hardware and software may be drastically
limited, and the system may not even boot. Even in a case of a minor problem, an
application may not work as it was designed, or may perform erratically.
Although Registry problems are rare, when they occur it can be devastating to
the system, to applications, or even to data. The Registry is protected while it
is running, so it is not possible to copy, delete, or change the contents, except
through a "certified" program (installation programs, registry editing
tools, and security changes through User Manager for Domains and the Explorer). Because
of this protection, the Registry is quite secure--but it is not bulletproof. Problems
can and do occur, and you need to be prepared to recognize them so you can fix them.
How to Recognize When You Have a
Registry Problem
Most of us have heard of or felt the following symptoms, all of them characteristic
of Registry problems:
- "It worked yesterday, but it won't work today."
- "It worked until I added this software/hardware, and now I can't use it."
- "My system doesn't work the way it used to."
- "When I try to shut down the computer, it just keeps beeping and beeping."
- "My computer won't start up."
- "Eeeeeek! It's the dreaded Blue Screen of Death!" (See Figure 3.1.)
Figure
3.1. An example
of the Blue Screen of Death in Windows NT.
NOTE: The STOP message in Windows NT
(lovingly called the Blue Screen of Death) identifies the type of exception. The
second line qualifies the exception, showing whether it was user mode (involving
user-mode operating system software) or kernel mode (involving the operating
system or third-party drivers or hardware). The third and fourth lines describe
which components were actually involved and at what addresses. The error in Figure
3.1 shows that it was a SCSI driver that failed. Check for compatibility and be sure
you have the correct driver. It could also be that the settings were in error, meaning
either they were wrong when they were added, or the Registry got corrupted and reported
them incorrectly.
Each one of the symptoms or complaints listed is serious, although the seriousness
of the problems varies. In any case, Registry problems will force you to take the
time for repair, wasting precious productivity for your organization.
Recognizing the actual problem may not be as easy as recognizing the symptom.
When problems occur, you generally assume, rightly or not, that it was something
you did. That seems to be ingrained in us from our youth. For example, if a program
starts acting strangely, we try to retrace our keystrokes to determine our mistakes.
This is reinforced by the first question that comes from the mouths of support staff:
"What did you do?" (with emphasis placed on different words based on their
disposition at the time).
It might not even have anything to do with user mistakes. Problems in the Registry
occur for various reasons, and often the symptoms mask the real nature of the problem.
Registry Problems
Rather than dealing with the symptoms, deal with the problems that can occur.
With every type of control available through the Registry, there is a corresponding
potential problem, as illustrated in Figure 3.2.
Sometimes, it feels like a whole set of dominoes falling down. One problem affects
another, which limits the use of another item, and so on. An example would be the
effect of a Registry error in the configuration of a network card. Without the correct
information, the card cannot be activated. Without the card activated, no data can
be transferred on the network, the server cannot be contacted for logon, and no user
validation is possible. The user gets an error message that no domain controller
can be found, and network resources may not be available. Is it really a problem
with the server? Not at all.
Figure
3.2. The cascading effects of errors in the Registry.
The process can be difficult to stop, and often it is difficult to determine exactly
what caused it and where it started.
It is obvious, however, where it ends: a loss of productivity for the organization,
wasted time, and possibly even severe financial losses.
If the Registry gets corrupted for any reason, system or application functions
may fail, and a support technician must isolate the problem and repair it.
The Registry normally works, most of the time, without any problems. It can, however,
get corrupted in many ways. Programs that you add to the system, system changes and
problems, and manual changes are the three main ways that errors are introduced.
Of course, the results of these errors can vary in their scope and seriousness.
The three most common ways the Registry gets corrupted are
- Applications and drivers are added to the system
- Hardware changes from settings or failure
- Users make changes to the Registry
It is impossible to prevent all errors from happening. If you know what can happen,
it is easier to troubleshoot errors. By protecting the Registry (as outlined in Chapter
4, "Protecting the NT Registry," and Chapter 6, "Protecting the Windows
95 Registry"), you always have a safety net. By using the tools and procedures
discussed in Chapter 5, "Recovering from an NT Registry Failure," and in
Chapter 7, "Recovering from a Windows 95 Registry Failure," you can recover
from even the most severe problems. Take a look at each of the types of problems
in more depth.
Program Errors
Adding and removing programs account for the majority of errors found in the Registry.
Most users add between six and seven applications, and add or upgrade drivers, four
or five times per year. During initial installation and setup, the numbers are even
greater.
WARNING: One
of the original requirements for programs to receive the "Designed for Windows
95" logo was that the application is also compatible with Windows NT. That requirement
has been reduced to "tested on Windows NT." At the very worst, if the application
doesn't work with NT, it is supposed to "degrade gracefully," which means
it will not damage NT. Unfortunately, that is not always the case, particularly with
applications that use Plug and Play. With no support from NT for Plug and Play, many
applications make unfortunate assumptions that create serious problems in the Registry.
To their credit, Microsoft shipped a Software Compatibility List with the early betas
of NT 4.0. Unfortunately, they did not continue that with the shipping version, assuming
that all the applications in the Windows 95 list would work. Here are the most common
reasons that applications cause problems with the Registry:
- Poorly written application (bugs)--There are no applications without bugs
or errors. In the best case, the errors that are there are minor, esoteric problems
that you may never see, which were left alone because of time and money constraints.
To a programmer, a problem may be minor, but it becomes a major problem to you if
it crashes your system. With the current pace of operating-system and application-version
changes and updates, it is nearly impossible to ensure that everything will work
together correctly. Also, today's common practice of releasing "beta" software
to allow programmers and users to prepare adequately is a two-edged sword. As an
example, with NT 4.0 beta 2, Microsoft released features that did not make the final
release and significantly changed other features. Applications that expected or required
certain elements may not work as well as planned.
- The widespread lack of flowcharting program logic and using only pseudo-code
to program may also create severe problems. The logic may simply be flawed. A programmer
may have inadvertently hit an uppercase O when a zero was called for. Many software
vendors have been forced to severely slash their development budgets, and users often
face the brunt of errors.
NOTE: It sounds as if I don't appreciate
programmers. Actually, I do. I believe they do a tremendous job, even when faced
with unbelievable deadlines, massive budget cuts, incredible hours, and more tedium
than most people could ever live through. I am amazed daily that computers and software
can do what is considered commonplace. Keep it up.
- Driver incompatibility--Most drivers are tested in as many environments
as possible before being shipped to the general public. The open architecture of
the PC world creates significant risk because any type of eclectic combination of
parts and pieces is possible. Testing all combinations and ensuring the compatibility
of all the devices is impossible. The other challenge arises when drivers for Windows
95 are used for Windows NT. In all but one type of driver, the drivers are unique
between the platforms. Windows 95 drivers may directly access the hardware they control,
and Windows NT drivers are prohibited from doing that. The exception to the rule
of unique drivers is modem drivers. The same drivers that are written for Windows
95 will work with Windows NT. NT 4.0 modem drivers will also work with Windows 95.
However, NT 3.5x drivers will not.
- Incorrect drivers used--If an incorrect driver is used to activate a device,
that device may not work as designed. For example, Xircom has a great PCMCIA modem
for laptop computers. It uses a specific driver that is on the manufacturer's driver
diskette, and the driver also ships with NT. However, depending on the firmware version
on the card, the driver may not work. There is an old version and a new version of
the card, and each requires a specific driver to work correctly.
NOTE: Because of the relationship
between Windows 95 and Plug and Play, drivers in Windows 95 normally do not have
the same problem as in Windows NT. If a driver is replaced on the hard disk by accident,
or if the firmware changes, Windows 95 will simply install a new driver.
- Incorrect entries added to the Registry by the application during installation--During
installation, most applications use a file called SETUP.INF for detailed
information about what disks are required, which directories should be created, where
to copy files, and Registry entries that need to be made to make the application
work correctly. If there is a mistake in the SETUP.INF file, the change
will still be made, and there may be serious problems.
- Incorrect associations set between applications and file types by an application--When
an application is installed, default document types are recorded in the Registry.
A user can then double-click to start the application and load the document. Many
times, other applications use the same extension. For example, the last graphics
program loaded will be the one launched when a TIF graphic is activated based on
the settings in the Registry. Occasionally, completely different, non-compatible
applications will use the same extensions on their document files, and the document-loading
shortcut won't work. In the best of cases, you may still have to change the associated
application to another.
- Errors created during the uninstall process--Whether you remove applications
through Add/Remove programs in the Control Panel, through a proprietary uninstall
feature of the application, or through a third-party utility, you run a risk of damaging
the Registry. Besides taking out the program, auxiliary, and data files, an uninstall
routine may attempt to remove Registry entries as well. It may inadvertently remove
required entries for other applications because it is nearly impossible for the system
to know all the entries accessed by an application.
- Errors in fonts--When the font ID in the Registry gets corrupted, you
will see a different font than the one listed in the application. It can be annoying
and may require you to remove some or all of your fonts and replace them. For an
example, see Figure 3.3.
Figure
3.3. The actual
font does not match the name of the font.
Unfortunately, you may find out about these problems too late, after you have lost
time, money, and/or data. Also, you are almost powerless to truly solve them, because
someone else wrote the program, and most people do not have the expertise required
to change the application itself. The best you can do as an administrator is to repair
the Registry and look for an update or replacement.
- DO YOU REALLY WANT BUG-FREE APPLICATIONS?
- The term "bug-free applications" means that the program will work,
as promised, the first time and each and every time. In order to have that, everyone
would either have to have systems that are all exactly alike, or wait for every possible
bug to be worked out before we got the programs. I am not sure we would like either.
On the other hand, do we have to put up with error-prone, buggy, poorly designed,
and poorly executed programs? No! Even the software behemoths have learned the hard
way that they need to have well-designed, well-written, and extremely well-tested
software to compete. Vote with your feet, and with your pen. Let them know how you
feel, and then always get the best software and drivers you can. If the software
and hardware/driver companies want to stay in the business, they will have to continually
strive to do better.
System Problems
If the computer system itself has a problem, the Registry can become corrupted.
Usually, these errors can be prevented with proper system care and management.
- Virus--Viruses are an insidious attempt to affect our systems by changing
the nature of files. Much as viruses attack the human body by replacing good cells
with bad, or damaging the cells that are there, computer viruses do the same thing
with files on disk drives. You get them the same way, too. Contact with infected
drives allows the viruses to migrate to a clean disk. Normally, you get them from
floppies that have been infected by another system, from files downloaded from online
and Internet services, and very occasionally, from application installation disks.
TIP: Windows NT is actually quite
resistant to most strains of computer viruses. For example, it will not allow viruses
to invade the boot sector. Some of the new viruses, such as Word macro viruses, can
be devastating to the Registry. A simple virus-checking program, such as those from
Symantec/Norton Utilities and McAfee and Associates, works very well.
- The actual NT Registry size is greater than the Maximum Registry Size in the
Control Panel--The maximum Registry size is directly related to the size of the
maximum paging file. Although it cannot get larger than 12MB, if your system has
only 32MB of RAM, the maximum Registry size is 8MB. If the size of the Registry hits
or tries to exceed the maximum Registry size, it will no longer be usable, and may
cause a STOP error.
- What you can do about this problem is to change the maximum Registry size with
the System functions in the Control Panel. Select the Virtual Memory button in the
Performance tab, and set the Maximum Registry Size as shown in Figure 3.4. If the
paging file size needs to be adjusted, you will be prompted automatically.
Figure
3.4. Changing the
Maximum Registry Size.
WARNING:
Reducing the size of the paging file in the Virtual Memory portion of
the System section of the Control Panel in NT may reduce the maximum Registry size.
Even though the system will warn you, some of those warnings go unheeded, and the
Registry may be in peril. It is highly recommended that you make sure the maximum
Registry size is at least 2MB larger than the current size. If you are going to be
adding hardware or several new user accounts, check this before proceeding.
This is not a problem in Windows 95; it always has a variable size for the Registry.
- Electrical surges, spikes, or brownouts--Nearly all power problems can
be easily avoided with good surge protectors and UPS devices (uninterruptible power
supplies). Starting at less than $50 for good surge devices and less than $100 for
UPS devices, it's cheap insurance against error. Not only will a UPS make your hardware
last longer, but if anything is being written to or read from the hard disk at the
time of the power problem, it is most likely that information will be damaged or
destroyed unless a UPS keeps the system running, even without normal power.
- Disk problems--Most of the time you will replace hard disks because of
capacity limitations far sooner than you would because of hardware failure. If the
whole hard drive fails, of course, you will have to restore your Registry from a
backup. The other concern is the failure of individual sectors or clusters on the
drive. Although it is highly unlikely with today's systems, a fault in the surface
of the drive media may make parts of the disk unreadable, including those where the
Registry files are located. Regular maintenance is critical, and a good backup is
vital.
TIP: Windows NT file systems include
the capability to hot-fix the drive (that is, repair errors on the fly) most of the
time without your even being aware that there was a problem. If you have a Registry
problem resulting in the Blue Screen of Death, it may help to run CHKDSK.EXE
from the \WINNT\SYSTEM32 directory.
Manual Changes
When people manually edit the Registry, they are prone to make errors because
of the complexity of the data, and the errors may be significant enough to cause
the system to quit working. It is very unfortunate that Microsoft has chosen to deal
with the Registry and Registry editing as a "black art," leaving many people
in the dark as to the real uses of all the settings in the systems.
Microsoft's refusal to adequately, and publicly, supply information about the
correct settings is extremely frustrating to system administrators. Certainly, more
damage has and will be done because of lack of knowledge than because of too much
information. Most of the actual edited changes that are made by users are done with
the Registry editors.
Copying Another Systems Registry
Copying other Registries is a very serious mistake many users make. Just because
it works on the other machine doesn't mean it will automatically work on this one.
Much of what is in the Registry is specific to the individual system, even if the
hardware is the same. Copying the files that make up the Registry to another system
will not work. Characteristically, if another system's Registry is used, most of
the hardware will not work, and user and security issues may make the data and application
information inaccessible.
There are some parts of the Registry items that can be used for another system,
however, and the special procedure for doing that is shown in
Chapter 11, "Remote Registry Editing."
Summary
If you could eliminate all the problems listed in this chapter, Windows NT and
95 would run without failure almost indefinitely. That is probably not realistic.
However, knowing how the Registry can get corrupted can help you use better system-management
techniques and may prompt you to take better care of it.
|