Troubleshooting Windows NT 4.0

First Published: Smart Computing Reference Series
Date Published: April 2004
By Kevin Savetz
Windows NT 4.0 is well known as one of Microsoft's most enduring OSes (operating systems). Although WinNT doesn't have all of the bells and whistles that newer OSes have, it does have characteristics maybe more important: security and stability. But no OS is foolproof. Your WinNT system needs maintenance and troubleshooting occasionally. We'll look at ways to keep WinNT running smoothly and how to fix things when it isn't.

Upgrade To The Latest & Greatest. If you're having a problem with WinNT, or even if you aren't, it's a good idea to make sure you have the latest updates installed on your WinNT system. For the most part, WinNT's bugs and vulnerabilities have been discovered, squashed, and patched. Updates are rare, so once you install the most recent patches, you can rest content knowing you've got the most stable version available.

In 1999, Microsoft released Service Pack 6a, the latest and final service pack (a collection of important fixes and updates) for WinNT. To determine which service pack you have installed, open the Windows NT Diagnostics utility (click Start, Programs, Administrative Tools [Common], and then Windows NT Diagnostics). The Version tab displays which service pack is installed. If the tab shows a service pack less than 6 (version 6a displays as 6), down-load Service Pack 6a from Microsoft's download site (http://www.tinyurl.com/6qok) and install it. Service Pack 6a includes changes from all previous service packs, so there's no need to also install earlier versions.

Even when Service Pack 6a is installed, your system may need more up-dates. After releasing 6a, Microsoft switched to a Web-based system for delivering patches called Microsoft Windows Update. Point your Web browser to http://windowsupdate.microsoft.com. The site will show a list of OS and Web browser updates not installed on your PC. At a minimum, you should install the Critical Updates, which are enhancements, such as security fixes, that Microsoft deems essential. Also consider scrolling down to the Recommended Updates and Additional Windows Features for more software upgrades to install.

To update your system, select the additions that you want (such as the Critical Updates Package), and press the Download button and follow the prompts. After the updates are downloaded, they'll be installed automatically. You may want to check the Windows Update Web site occasionally for new patches, but these days, new patches for WinNT are few and far between. Ê

Hardware Compatibility. If you look at WinNT's original documentation, you'll find that it frequently mentions the Hardware Compatibility List. This is a list of hardware that was tested for compatibility with WinNT. You can essentially ignore the list now, as it's as obsolete as the 2X CD-ROM drives and 14.4Kbps (kilobits per second) modems listed in it. Microsoft stopped updating the list ages ago, but there are numerous PCs and peripherals that support WinNT but aren't listed. Most PCs, from ancient 486s to today's speediest systems, can run WinNT.

However, there are limits to WinNT's hardware capabilities, primarily related to peripheral and not systems. WinNT doesn't support FireWire and USB (Universal Serial Bus) add-ons, although a handful of USB products do work around this limitation. Most serial modems, printers, Ethernet adapters, video cards, and SCSI (Small Computer System Interface) and IDE (Integrated Drive Electronics) storage devices will work without a hitch. Other devices, such as scanners and sound cards, may or may not be compatible. If you're not sure if a peripheral will work with WinNT, check the hardware's documentation or manufacturer's Web site, but don't trust the Hardware Compatibility List explicitly.

Application Performance. If servers, databases, or other programs on your computer don't seem to be fast enough, you may be able to speed them up by adjusting WinNT's virtual memory and performance settings. These are controlled in the System Properties control panel, which manages several important aspects of system performance. Access the Control Panel by clicking Start, pointing to Settings and then Control Panel, and double-clicking System. You can also right-click My Computer on the Desktop and choose Properties.

The Performance tab lets you set the performance of the foreground application (the program you're currently using) relative to background applications (tasks the computer does behind the scenes, such as run a server). The default Maximum setting means the program you are using, such as a word processor, gets all the computing power it needs, even to the detriment of other programs running. If the computer runs a Web server or performs other important work in the background, move the slider to None. This gives background applications equal priority, making servers run more smoothly.

Virtual Memory settings are also under the Performance tab. These control how much drive space is set aside as extra RAM, which is memory that information is written to and accessed from randomly (and more quickly) than information stored on a hard drive. When a PC's RAM is exhausted, Windows can free up memory by temporarily moving, or "paging," some information to the hard drive. You can specify how much hard drive space, and on which drives, WinNT may use for virtual memory.

It is generally fine to let Windows take care of these settings, but if you have drive space to spare, consider giving a few extra mega-bytes to virtual memory. Allocating two times the amount of physical RAM should provide more than enough elbowroom. The total drive space amount that's used for virtual memory must be greater than the amount of physical RAM.

If you really need performance, it's better to have enough physical RAM installed in your machine than to rely on virtual memory. Moving data in and out of virtual memory is much slower than using actual RAM, but it can let the system do more at once than it otherwise could.

Troubleshoot System Crashes. The official term for an OS crash is a "stop error." It is more commonly known as the BSOD (Blue Screen of Death), named for the blue background and cryptic error messages that display when Windows crashes. If your computer is running a Web server or other always-on applications, a crash mean the server or applications are down until someone reboots the computer. The Startup/Shutdown tab of the System Properties control panel provides tools for recovering from, and finding the cause of, crashes.

You can use this option to tell Windows what do to when a crash occurs. By default, the OS will log the crash in the system log. By looking at the log with the Event Viewer, you may be able to find the crash's cause. (More on the Event Viewer later.) Another option tells Windows to Send An Administrative Alert when there's a crash, which puts a message on the screen of another computer on the LAN (local-area network). This isn't useful unless you maintain a large LAN. If you do, use the Servers control panel to specify who should be notified of administrative alerts. Yet another option lets you save detailed information to a file about the crash, which isn't too useful except to programmers. The final option, Automatically Reboot, is useful. It forces Windows to restart after a crash, bringing your server back online instead of just hanging.

The Event Viewer. The Event Viewer (to find it, click Start, Programs, Administrative Tools [Common], and Event Viewer) is an informative tool for diagnosing problems with WinNT and applications. The Event Viewer displays a log of events that have occurred, ranging from simple warnings to critical errors.

Sometimes when there is a problem with your system, WinNT will indicate something is wrong soon after you boot up, advising you to look to the Event Viewer for more information. Other times, the only hint that something isn't working right is, well, something isn't working right. Then it's your prerogative to check the Event Viewer for clues.

The Event Viewer may seem daunting at first, but it can actually be quite informative. Color codes indicate the importance of each event at a glance: blue for nonessential information, such as the computer booted up or a service pack was installed; yellow for warnings, such as a printer driver was deleted; and red for errors that could be showstoppers, such as two computers on the LAN having the same name.

For each event, you'll see the date and time it occurred. The Source field shows the software or part of the OS that logged the event and the Category field helps classify the cause of the event. Double-click any event to find out more about it. In the window that appears, you'll typically see a plain-English description of the problem, as well as the time and date it occurred. Press Next or Previous to view details about the next or previous event in the log. By default, events are sorted by date, with the most recent event at the top of the list and older ones further down. The Next button shows the next event in the list, which is actually the previous event that occurred. You can choose Oldest First from the View menu to reverse the order of the events.

The Event Viewer shows three types of events: System events (occurrences within WinNT, such a driver failing to load), Application events (occurrences within other programs), and Security events (such as failed attempts to log in to WinNT. Only the Administrator can view Security events). Switch among these event logs by choosing System, Security, or Application from the Log menu. The System and Application logs are generally the most helpful for diagnosing problems. If a specific program is crashing, the Application log could provide a clue to the problem. If there is a problem with the OS, look to the System log.

WinNT will only record events in the Security log if you enable the security auditing option. To do so, open WinNT's User Manager application (click Start, Programs, Administrative Tools [Common], and then User Manager) and select Audit from the Policies menu and select which security-related events you want to log.

Although it may look like there are countless things wrong with your system, there's often a domino effect with system events. Essentially, one error triggers another, and so on. Read the details about events carefully, finding the first one that occurred in that time period, and you may find the source of the problem. For instance, our WinNT setup thought there were two PCs with the same name on the LAN. This caused a litany of other error messages and warnings. Correcting the DHCP (Dynamic Host Configuration Protocol) setting in the Network control panel cured the problem and other symptoms it caused.

The Event Viewer's filter tool (choose Filter from the View menu) can help find the source of a problem. Checkboxes let you limit displayed events to informational messages, warnings, or errors. Choose only Errors to get to the crux of a problem. You can also tell the Event Viewer to show events that occurred between specific dates and times, which can be useful for narrowing down a problem. Choose All Events from the View menu to remove any filters you applied.

By default, Windows will keep logs for at least a week before erasing old logs to make room for new ones. This can help with troubleshooting by letting you view events from several days ago. You can change how long WinNT stores logs by choosing Log Settings from the Log menu. You can erase the log files immediately by choosing Clear All Events from that menu. If you are logged on as the Administrator, you can also view event logs that are from other computers on the LAN by choosing Select Computer from the Log menu and then pointing to a different PC on the LAN.

Reinstall WinNT. If you've been running Windows NT for months or even years, you may find that things don't work as reliably as they used to, no matter what you do to correct the problems. It may be time to reinstall the OS.

Over time, Windows can become clogged with settings that it no longer needs. Software can become corrupted, making it work unreliably. The Registry, a database that stores configuration information and hardware settings, is particularly important. If it's corrupted, your computer will crash.

If your computer frequently locks up or crashes on a regular basis, and not just with a single application but also across the board, it's time to reinstall. Before you begin, make sure you have everything you might need, including:

The Event Viewer shows that a lot goes on behind the scenes of even the simplest Windows NT configuration.

Before you reinstall Windows, back up your data to floppy diskette, tape, or other removable media. It's possible to erase your hard drive using the installation application, so make sure there's a safe copy of your important information.

The fastest way to reinstall is to install over the existing OS, or install right over the current Windows directory (which is probably C:\WINNT). If this works, you won't have to reinstall any of your applications or data. However, this method is least likely to fix serious problems. It won't create a fresh Registry, so any corrupt settings in the Windows Registry will remain. Still, a quickie reinstall may be worth trying if you can't reinstall your applications.

For a more thorough reinstallation, you can remove most of the old OS by installing a fresh copy of WinNT. In addition to a new copy of the system software, this process will create a new Windows Registry, which can clear up many common problems. Your data, such as word processor documents, will remain intact. However, you'll have to reinstall many of your applications. (Although your applications will still be on the hard drive, you'll have to reinstall programs that require additions to the Windows Registry.)

With the latter method, your old WinNT installation will remain on the hard drive until you erase it by moving the old WINNT directory to the Recycle Bin. When the computer starts, it will let you choose to boot the new or old installation, letting you switch back to the old version if necessary.

To reinstall by either method, insert your Windows installation diskette/disc and run Setup.exe or Autorun.exe. Follow the prompts that display. When the installer reports that it has found a copy of Windows on your hard drive, press Enter to reinstall over the existing OS or N to install a fresh copy in a new directory. Don't change the type of file system or repartition the drive, as either option could potentially destroy your existing data.

After you reinstall Windows by either method, don't forget to reinstall service packs and Windows Update fixes, too.

WinNT's Days Are Numbered. If, despite its age, Windows NT 4 remains a useful OS for you, more power to you. Released in September 1996, WinNT is no longer really profitable for Microsoft. The company stopped selling WinNT to end users and to OEMs (original equipment manufacturers) last year; support will be offered through 2004. On Jan. 1, 2005, eight years and four months after its initial release, Windows NT 4.0 will essentially be dead to Microsoft, so say "goodbye" to pay-per-incident and premier support, security fixes, and online support.

Like users of all OSes, WinNT users must endure some troubleshooting. But the fact that people still use and trust WinNT is a testament to its overall stability. If your OS starts acting up, a bit of maintenance should be all it needs to get back on track for another seven years of service.

Hot Tip: System Maintenance Utilities In WinNT

Windows NT provides plenty of maintenance utilities to help monitor and tweak performance. You can find most of these by clicking Start, Programs, and Administrative Tools [Common]. You'll need to be logged on as Administrator to fully utilize these programs.

Backup-A simple, effective tool for backing up hard drives to removable media. Although it is primarily meant for backing up to tape, it can also back up to floppy diskette. Before using Backup, you must use the Tape Devices control panel (click Start, Settings, Control Panel, and then Tape Devices) to configure the tape or floppy drive.

CHKDSK-Short for check disk, this is a disk diagnostics and repair tool. To run it, click Start, Run, and type COMMAND. Press ENTER and type CHKDSK. The tool will scan the hard drive for errors. If it finds any, type CHKDSK /F and the program will fix the problems. Run this program occasionally as a preventative measure, even if you're not having trouble with disks or files.

Disk Administrator-Partition, format, and assign drive letters to hard drives.

Event Viewer-This tool views WinNT's system logs and is useful for diagnosing application crashes and problems.

Performance Monitor-Monitor CPU, memory, network, and hard drive activity.

Windows NT Diagnostics-View information about the PC's BIOS, CPU, memory, drives, display, and other hardware resources.

Reprinted with permission from Computer Power User magazine.


Articles by Kevin Savetz