50331b-enu studentguide m03
Post on 14-Apr-2018
227 Views
Preview:
TRANSCRIPT
-
7/30/2019 50331B-EnU StudentGuide M03
1/40
Module 3: Resolve SoftwareFailure
Table of Contents
Overview .................................................................................................................................................................... 3-1Lesson 1: Event Viewer ............................................................................................................................................. 3-2Lesson 2: Event Forwarding ...................................................................................................................................... 3-8Lesson 3: Application Compatibility Toolkit .............................................................................................................. 3-12Lesson 4: Windows Troubleshooting Platform ......................................................................................................... 3-16Lesson 5: Windows Experience Index ..................................................................................................................... 3-20Lesson 6: Testing Compatibility with Safe Mode .......... .......... ........... .......... ........... .......... ........... .......... ........... ........ 3-23Lesson 7: System Restore ....................................................................................................................................... 3-26Resolve Software Failure ......................................................................................................................................... 3-29Review Module 3: Resolve Software Failure Issues .......... ........... .......... ........... .......... ........... .......... ........... ........ 3-31Labs Module 3: Resolve Software Failure ........... .......... ........... .......... ........... .......... .......... ........... .......... ........... ... 3-33
-
7/30/2019 50331B-EnU StudentGuide M03
2/40
-
7/30/2019 50331B-EnU StudentGuide M03
3/40
Module 3: Resolve Software Failure 3-1
Overview
Event Viewer
Event Forwarding
Application Compatibility Toolkit
Windows Troubleshooting Platform
Windows Experience Index
Testing Compatibility with Safe Mode
System Restore
Resolve Software Failure
Even the best efforts to be proactive in preventing software failures will not have 100 percent success. There must
be a strategy in place to deal with application and operating system failures when they occur. The response to a
problem depends on the severity of the failure and how much time will be given to bring the system back to a working
condition.
Examining appropriate log files can provide helpful information in diagnosing the problem and in coming up with
possible solutions. Severe errors can be a warning precursor to more serious problems as well. Notifications can be
setup to automatically send messages to administrators when resources are close to their limit.
Some system failures can be fixed easily with upgrades, disabling features or reinstallation. Using the Safe Mode
and Last Known Good Configuration boot options are effective methods of quickly fixing some software issues as
well.
If the system cannot be fixed, using backups to restore data and system files might be the only option. Because of
the loss of data usually involved, this is often considered a last resort.
In this chapter, you will learn how to use the different methods available to solve software failure. Regardless of how
sever the problem is, there is usually a method available to recover from it. Proper planning is necessary to takeadvantage of some of these methods.
-
7/30/2019 50331B-EnU StudentGuide M03
4/40
3-2 Module 3: Resolve Software Failure
Lesson 1: Event Viewer
Event Log Types
Event Message Properties
Integration with Task Scheduler
Event Log Settings
The Event Viewer is used on Windows systems to monitor and troubleshoot issues on a computer. When there is a
problem with an application, the logs in Event Viewer are one of the first areas checked to get more information about
the details of a problem.
-
7/30/2019 50331B-EnU StudentGuide M03
5/40
Module 3: Resolve Software Failure 3-3
Event Log Types
The Application log stores information about programs running on the computer. The Security log stores data about
whether or not an attempt to use user rights was successful or not. To store information about how applications and
users are accessing resources, some additional configuration might be necessary. The System Log stores general
system information about how the operating system and its services are running. The Setup log stores information
about new application installs. Information here can help with problems that occurred during a recent installation.
In addition to logging computer events, the console can be customized to merge information from different machines
and event log files to allow easier management of computers on the network. The filtering options make it easier to
track down specific problems and the integration with task scheduler allows you to configure automatic responses to
events.
-
7/30/2019 50331B-EnU StudentGuide M03
6/40
3-4 Module 3: Resolve Software Failure
Event Message Properties
All events logged on a system will have properties associated with it. The properties are:
Level: This is used to indicate the severity of the event. Information messages show a change in a system
component that does not affect the stability of the system. Warning messages occur when the change to acomponent is more serious and might impact the stability or performance of the computer. Errors indicate
that there is a problem that might affect the functionality of the computer. Critical messages are the most
severe and indicate that some resource on the system has stopped functioning. Any of these severity levels
can be seen in a system or application log.
When working in the Security Log, the Level property will indicate either a Success Audit orFailure Audit.
When user rights are used to accomplish some task, like changing permissions or logging onto a system,
the computer can be configured to store these details for examining by an administrator.
Date and Time: The date and time the event was logged can be used to find out if other activities that
occurred at the same time might have caused problems on the computer.
Source: The name of the software that logged the event is indicated here. Filtering on this parameter is
helping in knowing when and how often an application is experiencing problems on the system.
Event ID: This number identifies a particular type of event that can be researched using other tools. If a fix
for a particular event ID has already been created, that solution can be easily found by doing research over
the Internet (e.g. www.technet.com).
http://www.technet.com/http://www.technet.com/ -
7/30/2019 50331B-EnU StudentGuide M03
7/40
Module 3: Resolve Software Failure 3-5
Computer: The name of the computer on which the event happened is only useful when events from
multiple computers are being managed on a single system.
-
7/30/2019 50331B-EnU StudentGuide M03
8/40
3-6 Module 3: Resolve Software Failure
Integration with Task Scheduler
One of the most helpful troubleshooting features in Event Viewer is the ability to link a whole log file or a specific
event in it with a task. If you are concerned about the activity on a computer and want to be notified whenever a
particular event is logged, this option can be used to send email messages automatically when the event occurs.
You can also configure an automatic response by running a program or script that will fix the problem. If a command-
line tool is being executed, you can specify any needed parameters for it when the task is created. There is also an
option to display a customized message in response to the event. Users can be warned about any improper actions
they are taking and how the system might be affected by their current actions.
-
7/30/2019 50331B-EnU StudentGuide M03
9/40
Module 3: Resolve Software Failure 3-7
Event Log Configuration
Archiving Logs
Changing Log Location
Wevtutil.exe
The information in the log files can be very useful, but only if it is allows you to examine information as far back as
necessary. Log information is often kept for a minimum of 30-days to allow recent problems to be diagnosed more
easily. Using the properties of any log file you can modify their size and location. The XML structure of the log files
means that they store data more efficiently. Using the archiving option is one way to make sure that events are never
overwritten. The configuration properties for the Event Viewer log files can also be managed from the command-line
with the wevtutil.exe tool.
-
7/30/2019 50331B-EnU StudentGuide M03
10/40
3-8 Module 3: Resolve Software Failure
Lesson 2: Event Forwarding
Event Forwarding Configuration
Creating Subscriptions
Managing application and operating system failure on a large number of desktops can be tedious without an
enterprise monitoring solution. Managing the errors and logs from a central location is more efficient and makes it
easier to find and track trends in system performance. Windows 7 does not have a built-in enterprise monitoring
solution, but the features of Event Forwarding will allow an administrator or desktop technician to use some of the
functionality of such a tool.
-
7/30/2019 50331B-EnU StudentGuide M03
11/40
Module 3: Resolve Software Failure 3-9
Event Forwarding Configuration
Collector Computers
Permissions
Network Settings
Collector computers can be configured to copy log details from multiple source machines on the network. All the log
information can be collected, or specific events that are deemed important can be collected. The data being sent can
be limited to a particular period of time, like 30-days, or a date range can be specified. Events can be gleaned from
specific log files or be marked based upon the source of the event. Event IDs, keywords and categories can also be
used to filter the messages that will be forwarded. The default destination log on the collector for these events is
called Forwarded Events, but an alternate log like System or Application can also be designated.
When necessary, a specific account with read access to the log information on the source computer can be specified.
Otherwise, the computer account can be used. For computers that will not always have adequate bandwidth for
sending messages to the source machines, the delivery optimization settings allow you to specify alternative settings
that can minimize bandwidth usage. Events forwarded over the network are normally retrieved by the collector using
HTTP on port 5985, but the port number can be modified and secure HTTPS used for better security.
-
7/30/2019 50331B-EnU StudentGuide M03
12/40
3-10 Module 3: Resolve Software Failure
Creating Subscriptions
Using GPO Settings
Windows Remote Management
Creating Events
A collector-initiated subscription can be configured manually by using the event viewer to add each source computer
as a new subscription and specifying what information will be collected and where it will be stored locally. For larger
networks where there are more than a few machines or if the machine names will change regularly, using a source-
initiated subscription will be the better option. Using group policy, the designated computers can be configured as
source machines that will forward events to a collector computer. To do this, open a GPO and go to Computer
Configuration > Administrative Templates > Windows Components > Event Forwarding. This feature is supported on
both Windows 7 and Vista desktops.
Both the source and collector computers must be configured to support Windows Remote Management. Running the
command winrm.exe qcq with administrator privileges will accomplish this. The Event Collector service must also
be configured on the collector. The command wecutil.exe qc /q will do this.
Multiple independent Event Collectors can be setup on the network or a single collector can be configured from which
others will pull their events. Specific collectors might also be configured to collect different types of events like
security, setup or application information. These systems should only collect information pertinent to the job duties of
a technician to avoid a situation where too many messages will mean ignoring all of them.
-
7/30/2019 50331B-EnU StudentGuide M03
13/40
Module 3: Resolve Software Failure 3-11
In some cases, the collectors are configured to generate messages automatically in response to certain errors that
need an immediate response. These message configurations can be tested using the eventcreate.exe command.
This command-line utility can generate events that are logged in the Event Viewer. One example of this command is
eventcreate.exe /s desktop02 /id 900 /t error /l application /d This is a test. This command would generate an
event on a computer named desktop02 with an event id of 900. The event would be classified as an error in the
application log file and would show a description of This is a test. Testing task scheduler messages with this tool
will allow you to ensure that when the actual event happens, the expected response will take place.
-
7/30/2019 50331B-EnU StudentGuide M03
14/40
3-12 Module 3: Resolve Software Failure
Lesson 3: Application Compatibility Toolkit
Compatibility Issues
Mitigating Compatibility Problems
The failure of an application to run properly on desktop computers is often due to compatibility issues with the
software, drivers or hardware components on the system. Sometimes compatibility issues might arise when working
with Internet or Intranet web-sites. All of these situations can be diagnosed, and sometimes fixed with the Application
Compatibility Toolkit. While it is best to use this tool before deploying an approved application, it can also be used to
fix issues that come up after the fact. It can also be useful in determining if software updates will affect the system.
-
7/30/2019 50331B-EnU StudentGuide M03
15/40
Module 3: Resolve Software Failure 3-13
Compatibility Issues
User Account Control
Internet Explorer Protected Mode
Operating System Version Changes
64-bit vs. 32-bit Applications
Windows Resource Protection
Deprecated Features & Files
Some of the compatibility issues that come up for older applications might be because of new features in Windows 7
and Internet Explorer 8. The following technologies are common areas where issues might come up:
User Account Control: UAC is a security feature that limits permissions on a system when an
administrator logs in. It prevents unauthorized applications from using elevated privileges to perform
malicious operations. Applications that do not support UAC often show this during the install phase, but
some problems might only surface when the application is being used.
Internet Explorer Protected Mode: This feature also protects against malicious programs using elevated
privileges to perform unauthorized actions. Legitimate web applications that need to install resources or
modify system files and registry entries might also be affected.
Operating System Version Changes: Some applications will not install or run unless they are running on a
system that uses the specified version number for the operating system. The major version number of
Windows XP is 5, Windows Vista is 6 and Windows 7 is 7. You might need to check with the application
developer to see how to get an upgrade that resolves this problem.
64-bit vs. 32-bit Applications: 32-bit applications can be run on the 64-bit version of Windows 7, but they
are executed in the Windows on Windows 64 (WOW64) emulator. This will not work for all applications and
sometimes an upgrade will be necessary. The emulator might also work for some 16-bit applications, but
these must be tested thoroughly. Windows Resource Protection: Some older programs and software are designed to modify registry areas
and system files that are now protected in Windows 7. WRP allows those applications to work by redirecting
them to unprotected temporary work areas instead.
-
7/30/2019 50331B-EnU StudentGuide M03
16/40
3-14 Module 3: Resolve Software Failure
Deprecated Features & Files: Some options and files that were available in Windows XP and Vista are no
longer supported in Windows 7. Support for and application updates on software that use Session 0
features, GINA DLLs and other options that are slated for removal, should be considered carefully.
-
7/30/2019 50331B-EnU StudentGuide M03
17/40
Module 3: Resolve Software Failure 3-15
Mitigating Compatibility Issues
Registry Changes
Removing Files
Application Configuration
The ACT can give suggestions on fixing compatibility problems. Some of the suggestions might involve changes to
applicable registry entries. These might change how and if version information is passed to the application or where
in the registry data is written to. In some cases, the solution might involve removing certain files or registry settings or
simply instructing the program to ignore the error if its implications are not considered serious.
-
7/30/2019 50331B-EnU StudentGuide M03
18/40
3-16 Module 3: Resolve Software Failure
Lesson 4: Windows Troubleshooting Platform
Operating System Troubleshooters
Creating Troubleshooters
Troubleshooting Pack Components
When users are able to quickly resolve software problems on their own, this increases their productivity and reduces
the administrative load of IT technicians. The Windows Troubleshooting Platform helps in this area by helping end-
users to detect and solve computer problems on their own. This is accomplished through the use of built-in
troubleshooters. Additional troubleshooters can be created by internal developers and other IT professionals for
issues that can be solved without the assistance of help-desk staff.
-
7/30/2019 50331B-EnU StudentGuide M03
19/40
Module 3: Resolve Software Failure 3-17
Operating System Troubleshooters
Fix Hardware Problems
Fix Configuration Problems
Action Center
Download Troubleshooters
The built-in troubleshooters are available to fix problems related to audio, video and performance issues. The
program compatibility tool can also be executed to find and fix problems with older software. They can be launched
from the Control Panel by going to System and Security and then to the Action Center. Additional troubleshooters
can be downloaded to resolve known problems. The troubleshooters can be configured to automatically fix the
issues they find or to list them without applying a solution.
-
7/30/2019 50331B-EnU StudentGuide M03
20/40
3-18 Module 3: Resolve Software Failure
Creating Troubleshooters
PowerShell Scripts
WMI Components
Software Development Kit
The extensibility of this feature makes it very useful for fixing common software problems that might come up from
time to time. Software issues that used to be solved by sending technicians to desktops or by issuing detailed
instructions to end-users are now fixed by using preconfigured troubleshooting solutions. Troubleshooting packs are
a collection of PowerShell scripts and relevant metadata. They use a standard wizard that provides a similar
experience for built-in and customized troubleshooters.
Even without development experience, these solutions can be created by technicians with some knowledge of
Windows Management Instrumentation and PowerShell scripting. The WMI components will allow the creation of
troubleshooters that fix problems with the operating system, devices, peripherals and network resources. The
Windows 7 SDK is used to create Troubleshooting Packs by using the TSPBuilder.exe utility.
Deployment of customized troubleshooting packs can be done manually or through Group Policy Objects. The
certificate used to sign the pack must be trusted by the desktops that will use it, but this can also be done through
GPO settings as well.
-
7/30/2019 50331B-EnU StudentGuide M03
21/40
Module 3: Resolve Software Failure 3-19
Troubleshooting Pack Components
Troubleshooter Script
Root Cause
Resolver Script
Verifier Script
Each troubleshooting pack is made up of a troubleshooter script, one or more root causes, a resolver script and a
verifier script:
Troubleshooter Script: This script is the starting point for the troubleshooter and it will specify the verifier
script or scripts that will be executed to find the root cause of the problem. The root causes can be
automatically fixed or presented to the end user for examination.
Root Cause: This is the problem that the troubleshooter is being executed to fix. Each problem will have a
resolver associated with it and there can be multiple root causes or resolvers per troubleshooter.
Resolver Script: The script associated with a particular root cause or problem.
Verifier Script: These scripts are used to detect root causes and to verify that the resolver has fixed the
problem.
Each troubleshooting pack project will have a name and other particulars assigned to it like a version number. A
proper description and information about supported platforms should also be included in the metadata.
-
7/30/2019 50331B-EnU StudentGuide M03
22/40
3-20 Module 3: Resolve Software Failure
Lesson 5: Windows Experience Index
How to Use the Base Score
Optimizing Performance with Base ScoreInformation
Some software problems on a system might be due to hardware components that perform poorly although they meet
or exceed Windows 7 minimum requirements. One way to find out how Windows applications will perform on a
computer is to get the Windows Experience Index base score for it. The base score ranges from 1.0 to 7.9 with
higher numbers indicating that you should get better performance on the system. The standards for the tests will
sometimes change, so more information about a certain type of hard-drive might result in it getting a lower base score
than it received previously.
The base score of a system is based on the subscore of individual hardware components. The processor, memory,
hard drive and graphics components are rated individually using the same scale as the base score and the lowest
subscore will become the base score for the computer. If it is found that some applications will not perform properly
on machines with a low base score, that information can be used make decisions on future deployments.
-
7/30/2019 50331B-EnU StudentGuide M03
23/40
Module 3: Resolve Software Failure 3-21
How to Use the Base Score
Subscores
2.0
3.0
4.0 5.0
6.0
To view the base score on a computer, open Performance Information and Tools in the Control Panel. If the score
is not already displayed, click the Rate this computerbutton to get your rating. Since the lowest subscore is always
used, the base score will represent the minimum performance level expected from that computer.
A score of 2.0 or less means that machine can perform general computing tasks like running desktop applications or
Internet browsing. A rating of 3.0 or higher would be needed to run Aero and other basic Windows 7 features. A
score of between 4.0 and 5.0 means the system can run multiple applications at the same time and easily support
new Windows 7 features. Scores of 6.0 and higher indicate that the system can perform graphics-intensive
operations and carry out tasks that require disk-intensive operations.
-
7/30/2019 50331B-EnU StudentGuide M03
24/40
3-22 Module 3: Resolve Software Failure
Optimizing Performance using Base Score
High scores on all but one component can significantly affect a computers base score. If graphics, memory and
processor components are all rated above 6.0 but the hard-disk is rated 2.0, the base score cannot be higher than
2.0. In some cases, improving sub-components might be practical to allow an existing machine to support an
application. Here are some suggestions for improving the Windows Experience Index score by fixing the component
that is performing the worst:
Hard-Disk: Clean up the drive by deleting unnecessary files or moving them off the primary hard drive. The
score might improve if more free space is available. Defragmenting the drive is also recommended and
adjusting the indexing options can speed up searches for files on the computer.
Graphics: Modify the visual effects to reduce the load on the graphics card and adjust display settings.
Memory / Processor: Reduce the number of programs that start up automatically at boot time and disable
or set to manual services that are not needed or used regularly.
Other things that might be changed to improve performance include the power settings, device drivers and using
ReadyBoost features. After the improvements are made, the assessment can be re-run to see if the base score
improves.
-
7/30/2019 50331B-EnU StudentGuide M03
25/40
-
7/30/2019 50331B-EnU StudentGuide M03
26/40
3-24 Module 3: Resolve Software Failure
Safe Mode
Safe Mode
Safe Mode with Command Prompt
Safe Mode with Networking
The Safe Mode options that are available include the following:
Safe Mode: The computer starts with the normal GUI but only critical drivers and services will be running.
The network drivers are also disabled. The option is often used to test local programs that do not need
network access. Make sure that all the resources needed for the test are on the local drive or on DVD and
other easily accessible media.
Safe Mode with Command Prompt: Only critical drivers and services are loaded, but the interface will be
the command prompt. The GUI and networking components are disabled. This is normally used when the
option above is not usable because of problems with video drivers. The help options can be used to get
information about parameters needed for command-line tools used to make changes to the system.
Safe Mode with Networking: Has all the features of Safe Mode with a minimal configuration, but the
networking components will be enabled. For applications that are only accessible over the network or that
need network resources, this option provides that access. If web-sites or web applications are being tested,
it might also be necessary to disable add-ons and test compatibility options in Internet Explorer.
-
7/30/2019 50331B-EnU StudentGuide M03
27/40
Module 3: Resolve Software Failure 3-25
Safe Mode Options
Malware Check
Delete User Profile
Check Log Files
In addition to the above options, Safe Mode can be loaded with the boot log option to store the startup processes in
Ntbtlog.txt, base video to use a minimal VGA configuration orOS boot information to show the driver names as
they are being loaded during the startup process. These options are available during startup by pressing F8 or by
changing the boot options with bcdedit.exe. The boot options can also be managed with the System Configuration
tool by running msconfig.exe. The System Configuration tool provides the additional option to make the boot option
changes permanent.
While in Safe Mode, it is sometimes advantageous to do a virus and spyware scan to make sure that this is not the
cause of the application problem. Deleting the existing user profile or using a different one is another useful test.
The Event logs should also be checked for additional details that might point to the source of boot or application
problems.
If Safe Mode cannot be used during system startup, then hardware issues like faulty memory or hard disks might be
the problem. BIOS configuration changes might cause some boot problems. A scan for malicious software that does
not involve booting the local operating system might be needed to fix some problems.
-
7/30/2019 50331B-EnU StudentGuide M03
28/40
3-26 Module 3: Resolve Software Failure
Lesson 7: System Restore
Configuring System Restore
How to Use
The System Restore feature allows the configuration of the machine to be reverted to an older setup. When
application changes cause problems on the computer, this feature allows you to bring the system back to a working
state by using an older configuration. It allows these restores to take place without losing or changing user
documents on the machine. Only registry settings, system files and programs are modified during a restore.
Changes to script and batch files are also saved. The tools also make it easy for users to perform these tasks on
their own.
-
7/30/2019 50331B-EnU StudentGuide M03
29/40
Module 3: Resolve Software Failure 3-27
Configuring System Restore
Automatic Restore Points
System Restore Tool
Startup Options
If the application problems do not prevent you from logging into the computer, System Restore can be accessed from
the System Tools folder under Accessories. It can be used to manually create restore points. Automatic restore
points are created when doing updates or installing new software. Weekly restore points are also scheduled by
default. Any saved restore point can be used. The tool allows you to see a list of applications that will be affected by
doing a specific restore. Some programs might need to be reinstalled after the changes.
The System Restore tool is also accessible through the startup options when you press F8. When you choose the
Repair Your Computeroption, it loads the System Recovery Options from which you have access to System
Restore. It will provide the options to choose restore points and verify affected programs identical to the interface in
System Tools.
-
7/30/2019 50331B-EnU StudentGuide M03
30/40
3-28 Module 3: Resolve Software Failure
How to Use System Restore
Schedule Restore Points
Undo System Restore
Requirements
When system files are corrupted or deleted, it is often best to use the most recent restore point. If the application
causing the problems has been showing signs of problems for some time however, an older restore point might be
more prudent. Always verify the applications that will be affected by the changes. Automatic restore points will have
a descriptive named assigned to them based on the change that was made, like Installed New Software. Windows
updates will also create restore points. Those that are manually created should have a descriptive name assigned to
them. All restore points will have a date and time stamp associated with them.
System restores can be undone if they do not have the desired effect. Restore points are created each time you
apply a system restore. This is not the case however, when doing restore operations in Safe Mode or when using the
System Recovery Options. If there is uncertainty as to which restore point to apply, try applying other available points
until the problem is fixed. If software needs to be reinstalled, the application problem should be tested again after
this.
System Restore is automatically turned on for computers as a part of the System Protection feature. It requires that
the system use the NTFS file system. The amount of drive space used for restore points can also be controlled and
old restore points can be deleted to free up space. When new restore points are created and the drive resources set
aside for this purpose are already used up, older restore points will be automatically deleted to make room for the
new ones.
-
7/30/2019 50331B-EnU StudentGuide M03
31/40
Module 3: Resolve Software Failure 3-29
Resolve Software Failure
Review the scenarios and problems presented along with
their solutions
RESOLVE SOFTWARE FAILURES
The productivity of users is directly affected by whether or not their computers are working. System problems on
desktops need to resolved quickly to maintain access to resources need to complete job tasks. The restore options
in Windows 7 make it easier for technicians to diagnose and fix problems. They also allow user to easily fix some
problems on their own. Here are some problems that might arise and how to fix them.
An error message keeps appearing on the screen when a user works with a particular application.
Verify the error message in the Event Viewer and find a solution to it using the Knowledge Base or other resources at
www.technet.com.
You want to mitigate any compatibility issues that might occur with an older application before deploying it
to network computers.
Use the Application Compatibility Toolkit to verify if there will be any problems and to get suggestions as to how they
can be fixed.
The installation of a new application crashes a computer and you are not able to log back into the computer.
Use the Last Known Good Configuration and if that does not work, try using Safe Mode to boot the system and
remove the application.
A recent Windows Update is interfering with a custom application that is needed by all users. How can you
fix the application quickly?
Use the System Restore tool to revert to the system configuration the machine had before the Windows Update.
A recent problem with a critical application only happens on computers that have a certain operating system
feature disabled. How can you easily test computers for this feature and apply the fix if they need it?
Create a Troubleshooting Pack and deploy it using a GPO.
http://www.technet.com/http://www.technet.com/ -
7/30/2019 50331B-EnU StudentGuide M03
32/40
3-30 Module 3: Resolve Software Failure
You support an application that sometimes generates a non-critical error message when being used. How
can you configure an automatic response to these errors?
Use the Event Viewer to attach a task to that error event. This can be managed from a single computer by using
Event Forwarding.
You need a consistent system of rating the performance of network computers so better decisions can be
made when deploying new applications. What system is already in place that can be used to do this?Use the Windows Experience Index which rates the performance of hardware components on the desktop.
A user is having trouble explaining what they did before getting an error message in an application. Without
connecting to their desktop, how can you get better details about what they are doing?
Have the user run the Problem Steps Recorder to create a record of what they did then have them send the file to
you.
You are unable to run an Intranet web-site application from some of the computers on the network. How can
this problem be diagnosed?
Try the compatibility mode in Internet Explorer. You can also try connecting to the web-site in Safe Mode to see if
other application drivers might be causing a problem.
You need to generate an error and send a notification of it whenever users run a script by developers. Howcan these tasks be done?
Use the eventcreate.exe command to generate the error message in Event Viewer and attach a task to that event
that will send an email or display a message.
-
7/30/2019 50331B-EnU StudentGuide M03
33/40
Module 3: Resolve Software Failure 3-31
Review Module 3: Resolve Software Failure Issues
Examine the review questions as a class
REVIEW
1. What are the four possible levels that events can have in the system or application logs?
2. What command-line utility can be used to manage Event Viewer log files?
3. What tool is used to configure Remote Management on a desktop?
4. What can the eventcreate.exe command be used to do?
5. What service manages subscriptions to events from remote computers?
6. What functionality is provided by Windows Resource Protection?
7. What feature allows 32-bit applications to be run on Windows 7 64-bit operating systems?
8. What kind of scripts are used to design a troubleshooting pack?
9. What tool is used to create troubleshooting packs?
-
7/30/2019 50331B-EnU StudentGuide M03
34/40
3-32 Module 3: Resolve Software Failure
10. What three different types of scripts might you create in a troubleshooter pack?
11. How is the Windows Experience Index base score calculated?
12. How can the Windows Experience Index subscore of the primary hard disk be improved?
13. What tool can be used to change the boot options for a computer?
14. True or False. Drivers and Services can be disabled using Safe Mode with Command-Prompt.
15. True or False. System Restore can be used to retrieve deleted user files.
-
7/30/2019 50331B-EnU StudentGuide M03
35/40
Module 3: Resolve Software Failure 3-33
Labs Module 3: Resolve Software Failure
Exercise 1: Install Applications written for older O.S.
Exercise 2: Using the Program Compatibility Tool
Exercise 3: Disable the Network Adapter
Exercise 4: Use the Troubleshooter to Enable the Adapter
Exercise 5: Create PowerShell script for Troubleshooter
Exercise 6: Install Windows 7 SDK
Exercise 7: Create a Troubleshooting Pack with the SDK
Exercise 8: Configure Event Forwarding
Exercise 9: Configure System Restore
Overview: Test the Program Compatibility tool on applications written for older versions of
Windows. Use the Software Development Kit to create a test a Troubleshooter. Configure System
Restores. Install Windows 7 deployment tools. Create and work with a Virtual Hard Drive (VHD).
Start both the Windows 7 client and domain controller images for this lab. If there are
connectivity issues during the exercises, temporarily stop the Windows Firewall service.
Estimated time to complete this lab is 105 minutes.
Exercise 1: Install applications written for older versions of Windows
1. Copy xlviewer.exe and wdviewer.exe from \\NYC-DC1\CLASSFILES TO E:\TEMP.
2. Install both applications using their default settings. Run the installations with elevated privileges as
administrator.
3. Execute both applications to make sure they run without error messages.
Exercise 2: Use Program Compatibility tool to configure settings for older applications
1. Click Start > Control Panel > Programs > Run programs made for previous versions of Windows.
2. From the Program Compatibility window, click Advanced, then click Run as administrator.
3. Click Next.
4. Select Microsoft Office Excel Viewer 2003 from the list and click Next.
5. Choose Try Recommended Settings
6. Notice the compatibility mode applied.
7. Click Start the program to verify that it runs without errors and then close the program down.
http://server01/CLASSFILEShttp://server01/CLASSFILES -
7/30/2019 50331B-EnU StudentGuide M03
36/40
3-34 Module 3: Resolve Software Failure
8. In the Program Compatibility window, click Next.
9. Click Yes, save these settings for the program.
10. Click View detailed information to see the Troubleshooting report.
11. Click Next then click Close.
12. Perform the steps in this task again for the Microsoft Office Word Viewer 2003 application.
Exercise 3: Disable the Network Adapter with a PowerShell Script
1. Open the Command Prompt as an administrator
2. Type powershell.exe and execute it. (Note: Notice the change in the prompt with PS indicating that you
are in a powershell.
3. Use the ipconfig /all command to get the MAC / Physical address of your adapter and make a note of it.
MAC Address ____________________. Note: represent the MAC address as being delimited by colons ( :
) instead of dashes ( - ).
4. Run the wmiobject to get more information about the adapter by running the following command:
get-wmiobject win32_networkadapter | where {$_.MACAddressEQ }.
represents the mac address delimited by colons ( : ) instead of dashes ( - ).
5. Assign the adapter information to a variable named $NIC with the following command:
$NIC = get-wmiobject win32_networkadapter | where {$_.MACAddressEQ }.6. Disable the network adapter using the variable:
$NIC.disable()
(Note: The $NIC.enable() command could enable the NIC but we will use the Troubleshooter instead)
7. Run ipconfig to verify that the network adapter is disabled.
Exercise 4: Use the Troubleshooter to enable the network adapter
1. Click Start and in the Search programs and files window, type Network Diagnostics
2. Click Identify and repair network problems
3. The Windows Network Diagnostics window should indicate that the adapter is disabled.
4. Click View detailed information. Click Next.
5. Click Try these repairs as an administrator6. After the adapter is enabled, click Close.
Exercise 5: Configure Powershell scripts to change the NICs IP address (To be used when
creating the Troubleshooter with the SDK)
1. Open a Command Prompt as administrator.
2. Run powershell.exe
3. Get the execution policy for scripts by running this command: Get-ExecutionPolicy
4. Configure the system to execute powershell scripts: Set-ExecutionPolicy unrestricted
5. Verify that the execution policy is now set to unrestricted: Get-ExecutionPolicy
6. Exit powershell, but stay in the Command Prompt.7. Run the command: xcopy \\NYC-DC1\classfiles\MOD03\*.ps1 e:\temp\ /s/v
8. Modify the E:\Temp\static_ip.ps1 file with notepad and replace the MAC address in the script with the one
for your NIC. Save the file.
9. Modify the E:\Temp\dynamic_ip.ps1 file with notepad and replace the MAC address in the script with the one
for your NIC. Save the file.
10. Run the command: powershell.exe e:\temp\static_ip.ps1
11. Use ipconfig to verify that the machine now has a static IP address
12. Run the command: powershell.exe e:\temp\dynamic_ip.ps1
13. Use ipconfig to verify that the machine is using a dynamic IP address
http://server01/classfiles/MOD03/*.ps1http://server01/classfiles/MOD03/*.ps1 -
7/30/2019 50331B-EnU StudentGuide M03
37/40
Module 3: Resolve Software Failure 3-35
14. Run the static_ip.ps1 script again to change the IP back to a static address.
Exercise 6: Install Windows 7 Software Development Kit (SDK).
1. Click Start and navigate to Control Panel > Programs > Programs and Features > Turn Windows features on
or off.2. In the Windows Features window, make sure that all the Microsoft .NET Framework components are
selected and installed.
3. Click OK.
4. Restart the computer and login again as Admin1.
5. Use the Virtual Machine Connection menu bar option (Media) to insert the Windows 7 Software
Development Kit ISO. Execute the setup.exe program from the SDK ISO as an administrator.
6. During the setup install all components except for the .NET Framework.
7. Accept all other default settings to complete the setup.
8. Before finishing the install, make sure that View the Windows SDK Release Notes is checked.
9. Read section 1.1 Recommended Resources,4.1 Installation and Related Content, 4.5 File System
Layout and 6.3 Ways to Find Support and Send Feedback in the Release Notes document.
10. Close the document.
Exercise 7: Create a Troubleshooting Pack with the Software Development Kit
1. Click Start > All Programs > Microsoft Windows SDK > Tools > Windows Troubleshooting Pack Designer.
2. From the Windows Troubleshooting Pack Designer, click Project > New.
3. From the Create a Troubleshooting Pack window, name the project Configure DHCP Client and change
the location to E:\Temp.
4. In the Privacy URL box, type http://NYC-DC1
5. Click Add New Root Cause
6. In the Root Cause ID box, type STATIC_IP
7. In the Root Cause Name box, type Client computers with a static IP address
8. Click Define Troubleshooter
9. Under Troubleshooter Properties, note the default options but do not change them.10. Click Define Resolver.
11. For the Resolver Name box, type Assign Dynamic IP Address and change Elevation to YES.
12. Click Define Verifier. Note the information provided but do not change the default settings.
13. Click Edit Root Cause Scripts.
14. Click the Edit Resolver Script link.
15. In the new dialog window, paste the code from the dynamic_ip.ps1 script.
16. Save and exit from the dialog window.
17. From the Menu bar of the Windows Troubleshooting Pack Designer, click Project > Save.
18. From the Menu bar of the Windows Troubleshooting Pack Designer, click Build > Run.
19. Accept all the default settings to do a test run of the pack.
20. Verify that the Troubleshooter worked by making sure the computer has a dynamic IP address.
21. In the Windows TroubleshootingPack Designer window, click Build > Build Pack.
22. Click View Output Folder to see the package files.
23. Close Windows Explorer and the Designer.
-
7/30/2019 50331B-EnU StudentGuide M03
38/40
3-36 Module 3: Resolve Software Failure
Exercise 8: Join the Domain and Configure Event Forwarding
1. Restart the system and login to VIRTUAL1 as Admin1.
2. Click Start > right click Computer and click Properties. Under Computer name, domain, and workgroup
settings, click Change Settings. In the Computer Name tab, click Change. Under Member of, click
Domain and type CONTOSO.COM. Click OK. Type the Admin1 credentials and click OK.3. Close all dialog windows and restart the VIRTUAL1 machine after successfully joining the domain. Login to
VIRTUAL1 as VIRTUAL1\Admin1.
4. Open the Computer Management console as an Administrator. Navigate to Local Users and Groups >
Groups. Open the properties window for the Administrators group. Add the Contoso\Classroom
Administrators group to the members list.
5. Open a Command Prompt with administrator credentials.
6. Run the command: winrm quickconfig (Note: This allows users on other systems to subscribe to events on
your computer)
7. Accept the changes if prompted to do so.
8. Run the command: wecutil qc. Accept the service changes when prompted.
9. Login to the domain controller (NYC-DC1) as Contoso\Administrator with a password of Pa$$w0rd. Run the
Active Directory Users and Computers snap-in as an Administrator.
10. Open the Builtin container.11. Open the properties of the Event Log Readers group. Click Add. Click Object Types and check off the
Computers object type. Click OK. In the Enter the object names to select window, type VIRTUAL1 and
click Check Names to verify the computer name is typed correctly. Click OK twice to close the Event Log
Readers properties window.
12. In the Event Viewer folder, navigate to Subscriptions.
13. Right click the Subscriptions tab and choose Create Subscription
14. In the Subscriptions Properties window, name the subscription Windows Logs
15. Set the Destination log to Forwarded Events
16. For the Subscription type, choose Collector initiated. Click the Select Computers button to add
VIRTUAL1 and Test the connection. Click OK.
17. Click Select Events and in the Query Filter window, use the drop-down window for Event Logs to
choose the Application, Security, Setup and System Event Logs. Click OK.
18. Click OK in the Subscription Properties window.19. Restart VIRTUAL1 and login to the system as VIRTUAL1\Admin1.
20. On NYC-DC1 in the Computer Management console, open the System Tools > Event Viewer > Windows
Logs > Forwarded Events folder. Verify that there are entries from the VIRTUAL1 machine.
21. In the Subscriptions folder, Disable the newly created subscription.
22. Optional Step: Use the information from the previous steps to configure Virtual1 with a subscription of
NYC-DC1 System and Application Logs.
Exercise 9: Configure System Restore
1. On Virtual1, navigate to Control Panel > System and Security > System.
2. Click the System protection link.
3. In the System Properties window on the System Protection tab, click the Create button to create a new
restore point named Pre_Application_Install. Close the System Properties window.
4. Run the command \\NYC-DC1\CLASSFILES\TOOLS\XLVIEWER.EXE to install Excel Viewer.
5. Accept the default settings to complete the setup.
6. Execute the application to verify that it installed properly. Close the application.
7. Open the System Properties window and go to the System Protection tab. Click System Restore.
8. Click the link for Is this process reversible? and read the documentation. Close it when done.
9. Click Scan for affected programs. Close the dialog window after it shows the Excel application.
10. Click the Choose a different restore point radio button and click Next.
http://server01/CLASSFILES/TOOLS/XLVIEWER.EXEhttp://server01/CLASSFILES/TOOLS/XLVIEWER.EXE -
7/30/2019 50331B-EnU StudentGuide M03
39/40
Module 3: Resolve Software Failure 3-37
11. Choose the Pre_Application_Install restore point and click Next.
12. Click Finish and then Yes.
13. Verify that the Excel application has been removed after the reboot of the system.
14. Restart the system and boot into the original Windows 7 installation.
15. Login as Admin1 and create a Restore Point named Post_Lab3.
-
7/30/2019 50331B-EnU StudentGuide M03
40/40
3-38 Module 3: Resolve Software Failure
top related