Friday, 4 November 2011

TROUBLESHOOTING BLUE SCREEN OF DEATH (BSOD)

In this step-by-step guide I teach you how to troubleshoot and analyze the crash dump file that is the direct result of the infamous Blue Screen of Death in Windows 2000, Windows XP, Windows Vista and Server 2003 or 2008 and also Windows 7 and Windows Server 2008 R2 operating systems.

Introduction: When you least expect it your computer might show you a so called Blue Screen of Death (BSOD) and restart the computer automatically. The BSOD is always the result of a critical system error and Windows can no longer keep on running when that occur and instead crashes. About 80 percent of all BSODs occur because of bad drivers. Hardware problems such as corrupt memory modules or a broken hard drive generally also produce a BSOD every now and then.

Stop the computer from restarting automatically: The standard setting for when a crash occurs is that Windows restarts automatically, which means you cannot read the error message in the actual blue screen before the computer restarts. You can adjust this setting in
System > Advanced system settings > Startup and recovery settings and uncheck “automatically restart”. But even if you then have the chance to read the error message on the blue screen it does not necessarily mean that you can understand it and find the cause of the problem. That’s where this guide comes in handy.

Install the necessary software go get started: We will be working with the Microsoft tool Windows Debugging Tools which can be downloaded fir free from Microsoft, http://www.microsoft.com/whdc/devtools/debugging/default.mspx.  Depending on which platform you are running you must choose the appropriate debugger for x86, x64 or the ia64 platform. Install the application with the standard settings and then start it from the Start menu, it’s called WinDbg. To be able to get a result from the debugging you will need the symbol files. These can be downloaded as one package but it is much more convenient to setup Windows Debugging Tools to download files as necessary. To set this up go to Open and choose Symbol file path. Now type a path to a directory on the hard drive, for example:

SRV*C:\symbolfiles*http://msdl.microsoft.com/download/symbols

Load and analyze the crash dump file: When your computer crashes a snapshot of the memory is dumped to a file on your computer. This is the file that contains the key to the crash and to analyze it first open it by going to Open and then choosing Open Crash Dump. Usually the crash dump file is named MEMORY.DMP and is located in the root of the WINDOWS (or WINNT) folder. There can also be mini dumps in the “minidumps” folder in WINDOWS which can be used if there are no MEMORY.DMP files available. Browse to the DMP file and choose to load it and if you get a question if you want to save the workspace you choose Yes. The necessary symbol files will now be downloaded from Microsoft. When that part is done the crash dump file will be analyzed but to find out more details about the crash you have to type: !analyze -V and then press Enter. An analysis is now done and you will get information about which files and drivers are involved in the crash, or if there is faulty hardware that is likely causing the crashes.

Summary: You can with the above information at least find out what the cause of the crash is and most times the crashes happen due to bad drivers. Which driver is causing the crash can be found out by either the driver name or by using your favorite search engine to lookup the file name mention in the analysis. For example nv4_disp.sys is related to Nvidia and ati2dvag.sys is related to ATI. If you learn that a specific driver is causing the crash immediately go to the hardware vendor’s site and see if there is an updated driver available, if not submit a bug report with the hardware vendor or computer manufacturer.

Thursday, 7 April 2011

WINDOWS SUPPORT ENGINEER INTERVIEW QUESTIONS

Windows support engineer questions
1. What is the best summary route for the network range listed below:-

172.16.168.0/24 through 172.16.175.0/24 inclusive
172.16.168.0/21
172.16.167.0/23
172.16.176.0/28
172.16.0.0/16
2. What is one advantage of RIPv2 over RIPv1?
split horizon
triggered updates
VLSM support
Unicast
3. For the address 172.17.7.245/28, what is the subnet mask?
255.255.255.0
255.255.248.0
255.255.255.240
255.255.254.0
4. For the address 172.17.7.245/28, what is the host part?
.5
.240
7.245
.245
5. You have 3 critical VMware machines on the network and are considering HA. What are you investigating?
High Availability which allows you move one VMware machine to another piece of hardware with nearly no downtime.
High Absolution and the removal of responsibility from the technical team if the VM servers stop working
Highly Asynchronous which allows independence of each machine from the standard core network authentication dependencies.
High Applications that allows you to keep the applications running regardless if only 2 of the Servers are running
6. The VERITAS Backup Exec on your network is reporting the current nightly backup job is completing with exceptions. What are the probable causes of this?
The VERITAS Backup is not happy backing up certain files and is making exceptions of them in the job.
VERITAS Backup Exec cannot backup certain applications due to licensing restrictions without purchasing the required agents.
This can be either temp files that are locked and in use at the time of the backup or emails that are left open in users email clients that are causing the exceptions.
The job is not completing in its allotted runtime.
7. A user complains to you that every time they log onto a Terminal Server session although they have the printer installed locally it does not turn up in the TS session. All other users of the TS Server have different printers and are not reporting a problem. What could be the problem?
The Printer drivers are different versions.
There is no Printer functionality in Terminal Services
The Printer is not turned on at logon to the TS Server
The printer is a Dot Matrix Printer
8.The company you work for has an existing Microsoft Exchange 2003 installation and you have been tasked with moving the company to a Microsoft Exchange 2007 implementation. What is the biggest change and commercial consideration when moving from Exchange 2003 to 2007?
The time it takes to migrate the mailboxes.
32 bit to 64 bit operating systems so generally you need new hardware.
The cumbersome process of manual exporting everyone’s Mailboxes to PST
The use of Powershell commands.
9. The Apple Mac that you are working on keeps prompting you for a new password for the Wireless Access Point you are trying to work through. Where would you go to configure this?
The Airport Wlan scanner
Network Settings Applet
The Keychain.
The onsite Administrator
10. You are given a Blackberry device that shows a red cross against any email being sent from the device but it receives fine. What is the problem?
The Besadmin account does not have send as rights.
The Blackberry device does not have the correct user details.
There is no network coverage
The message has the wrong email address for the recipient
Which are the main limitations of Microsoft's Small Business Server 2000 product over the full products?
Can only have 5 users accessing the system Can only have 1 server cannected to the LAN Can only have 1 email domain
Can only have 5 users accessing the system Can only have 2 servers cannected to the LAN Can only have 1 domain
Can only have 50 users accessing the system Can only have 1 domain controller Can only have 1 domain
Can only have 200 users accessing the system Can only have 2 domain controllers and 3 BDCs Can only have 1 domain
Which of the following is LEAST prefered for a large corporate backing up 500Gb of data?
Retrospect
BackupExec
ArcServe
Microsoft Backup
What is the significance of the 127.0.0.1 address?
The first address assigned from a Draytek router with default config
It is the Loopback address for testing a NIC
It is the RIPE database server for testing unresponsive DNS addresses
It is the Root DNS server on the internet
What is an HP JetDirect box?
A device for travel agents to aid checking flight information
A device to connect a printer to the LAN
A smart LAN device to hold Microsoft JET databases
A device that compacts network traffic for faster internet responses
Which of the following commands would enable you to delete a problem email from a POP account?
telnet pop.server.org 110 user: myname pass: mypass list dele 1
telnet pop.server.org 25 user: myname pass: mypass list del 1
telnet pop.server.org 110 username myname password mypass show rm 1
telnet pop.server.org 25 user: myname pass: mypass list rm 1
Which of the following shows the commands to send an email using SMTP with the Telnet console?
ehlo domain.com mail_from: user@domain.com mail_to: user1@domain.com data .
ehlo domain.com mail from: user@domain.com mail to: user1@domain.com data .
hello domain.com mail from: user@domain.com rcpt to: user1@domain.com data .
ehlo domain.com mail from: user@domain.com rcpt to: user1@domain.com data .

When Simon has his laptop in the office he can send and receive his email but when he takes his laptop home and connects to his home ADSL connection he can only receive. What is the most likely cause?
His ADSL account is not email enabled as he has a 'wires-only' install.
The SMTP server specified in his account only works at work. He will have to change it to send email at home.
He must logon as a different user on his laptop when at home. You cannot use the same user account.
There is a compatability issue between his laptops network port and the ADSL router.

You have just installed SP2 on a Windows XP workstation and now the Antivirus software is no-longer working. Which is the best way forward to fix this issue?
Remove service pack 2, it does not work with non-MS antivirus software.
Open the relevant ports on the XP firewall.
Reinstall XP.
Buy a new copy of the antivirus program as the previous version is not licensed to work with firewalls.

You have been called to fix an Exchange 2000 (standard/SP1) server where the private store is un-mounted. You notice the 'priv1.edb' file is approx. 7Gb and the 'priv1.stm' file is approx. 9Gb. What do you think is the problem?
The combined store size has reached the 16Gb maximum limit.
The server needs more RAM to hold the private store in memory.
The '.stm' file has become larger than the '.edb' file.
The Exchange server has automatically installed service pack 2 and the server needs restarting.

What impact may Kazza, Emule, Bit Torrent or other P2P programs have on a companies network?
Less pop-ups
Speed up the internet connection
Slow down the internet connection
Protect from viruses

What function does the LMHOST file provide?
Links dll files
Help with name resolution
Help with LAN manager discovery
Helps with LM synchronisation

What type of server supplies a host with an IP address??
IPSS
HTTP
DNS
DHCP

Which one of the following could be a reason for Microsoft Word not loading?
word.doc is corrupt
winword.doc is corrupt
normal.exe is corrupt
normal.dot is corrupt

What sort of database would you use eseutil on?
Oracle
Microsoft Exchange
MySQL
Access

If you had a company who's name was "anycompany" , what would be the best domain name to use for them when setting up a new Windows 2003 domain?
local.anycompany
www.anycompany.com
anycompany.local
anycompany.com

Which is a valid private IP address
10.134.23.4
192.123.4.28
14.14.3.5
217.158.140.53


What is IP spoofing?
Where an invalid IP header is created
Where somebody alters their destination IP address
Where somebody alters their originating IP address
Where somebody listens to IP traffic

What type of connector is most often used to connect machines to hubs and switches?
Type 3 connector
RJ45
RJ11
USB2

Which of the following applications can allow multiple LAN clients to access the internet via a single machine?
Hyper relay server
IIS
ISA server
Microsoft routing gateway

How would you find all the current IP sessions on a PC?
list ip
netstat
ipstat
list sessions

If a host had an ip address of 123.123.2.5 and the internet gateway had an address of 123.123.2.1, what would the ROUTE ADD command look like?
ROUTE ADD 0.0.0.0 MASK 0.0.0.0 123.123.2.1
ROUTE ADD ALL 123.123.2.1
ROUTE ADD 123.123.2.5 255.255.255.255
ROUTE ADD 0.0.0.0 123.123.2.1

What is the broadcast address of a machine with an IP address of 123.123.2.5 and a subnet mask of 255.255.255.224
123.123.2.128
123.123.2.31
123.123.2.224
123.123.2.33

What is the primary use of the PING command?
Type of remote machine
The availability of a remote machine
Speed of a remote machine
Number of hops to a remote machine

What application would be launched if you ran a file ending with .mdb?
Excel
Powerpoint
Project
Access

What client service allows you to logon to a domain?
Network client services
Client for Netware
Client for Microsoft domains
Client for Microsoft networks

How many email addresses can an exchange user have?
3
1
10+
5

Stopping which Exchange service stops all the other exchange services?
Private information store
System attendant
Information store
Public information store

What port does DNS use?
1077
53
25
33

What service would you restart if printing stopped?
Print loader
Print buffer
Netlogon
Print spooler

What port does SMTP use?
110
21
143
25

To configure a PPTP VPN, what port and protocol are required for a successful session?
IP protocol 500(GRE) and TCP port 10000
IP protocol 50(GRE) and TCP port 1723
IP protocol 50(GRE) and UDP port 10000
IP protocol 47(GRE) and TCP port 1723

How would I obtain the running configuration of a Cisco 2600 router in Privileged Mode?
show start
show run
configure run
get run

If you have 5 x 72gb disks in a single RAID 5 array, approximately how much usable disk space will you have?
360GB
288GB
72GB
144GB