Windows 8 recovery notes-to-self

This post was written by eli on July 29, 2015
Posted Under: Microsoft

Just some jots as I tried to fix a Windows 8.1 laptop that didn’t boot (not mine, of course, I can’t stand Windows 8). It went “Preparing automatic repair” immediately on powerup, and then a light blue (not BSOD-blue) screen saying “Automatic Repair”, “Your PC did not start correctly”. Offering me to Restart or “Advanced Options”. This is where the saga begins.

Spoiler: Eventually, an accidental attempt brought things back to normal.

What installation is this?

I had some trouble telling if the installation was 32 or 64 bit. “systeminfo” didn’t work on command prompt, so I had to guess based upon the existing files. Be sure to look in C: and not in X: (are they the same?).

The ways I could tell it’s a 64-bit installation:

  • The presence of C:\Program Files (x86)  as well as C:\Program Files (only the latter is present in a 32-bit installation).
  • The presence of C:\Windows\SysWOW64, which is intended for running 32-bit programs under a 64-bit OS.

Note that C:\Windows\System32 is present in both 32- and 64-bit versions.

Random ideas

Some things one might want to try out:

  • Run Linux on a LiveUSB stick and run Applications > System Tools > Disk Utility (or similar path) to get some S.M.A.R.T. info from the hard disk.
  • Run chkdsk /R on Windows’ command prompt to hopefully fix the disk issues
  • Create installation media on Window’s site (Google for it), as the self-fixing tools ask for it. The exact version of Windows is required for that, so “systeminfo” on command prompt should be helpful (if it says X86-based PC it’s 32 bit Windows, otherwise X64-based PC). In principle, looking at the computer’s properties is easier, but in recovery mode only command prompt is available.
  • Choose “Refresh your PC” under “Troubleshoot” in the set of menus that appear when the computer fails to boot properly. The plug in the installation media when requested (don’t do it beforehand, as it won’t count). Not that it helped. I got “The media inserted is not valid. Try again.” So much for a descriptive error message, after preparing that silly USB stick for an hour or so.

So I went for booting the computer from USB, and got the “The drive where Windows is installed is locked. Unlock the drive and try again” error when trying to repair the OS. Following this page, I ran diskpart at command prompt and typed “list volume” which indeed printed out the disk partitions. This was done to make sure none appears as “RAW”, which would indicate that I don’t want to touch anything before the disk has been restored to a sane condition.

I also tried

bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd

but in vain. There was no difference.

sfc

It’s supposed to be the savior, isn’t it?

Looking for corrupted system files (System File Checker): “sfc /scannow” completed (verification 100% complete) but said that “Windows Resource Protection could not perform the requested operation”. The log file was found in X:\WINDOWS\LOGS\CBS\CBS.LOG (note the X:, it was put in the boot volume, not C:) with notepad (don’t forget to look for “All Files” and not just *.txt).

The reason it did nothing was that I didn’t run it as an Administrator. So going again, as an Administrator, I got “There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.” So I rebooted, and got the same message again. Very helpful. This page suggests looking what is pending in c:\windows\winsxs\pending.xml, and indeed such file existed. A long XML file, full with info about things that were about to happen.

Following this page I went for

dism.exe /image:C:\ /cleanup-image /revertpendingactions

which is an extremely annoying utility in that it claims that it doesn’t recognize the /cleanup-image nor /revertpendingactions options unless the line is typed exactly as above. Did I say something about helpful error messages?

So eventually it finished, and claimed to have done that successfully, but sfc still said there was pending system repair. Rebooting didn’t help. The pending.xml file was still there.

Trying dism again, it claimed having an error reverting an image, and sending me to a log file. Which, as one would expect, contained tons of rubbish and not much to go with. The reported error was 0x800f082f, which seems to be an undocumented error code. This post supplied a hack for working it around, but it wasn’t required in my case — the problem was the pending.xml file

As it previously complained about not having “sufficient scratch space” I also supplied the /scratchdir:c:\delme option the following time (with c:\delme being just an empty directory).

At this point I decided to rename pending.xml to was-pending.xml using notepad, which wasn’t all that simple (Remember to use the C: path, and not the X: default, remember to view all files and not just .txt, and note that changes are not updated in the GUI until I leave the directory and view it again. Things are weird when running in rescue mode). It would make more sense to use some File Manager, but “explorer” on command prompt wasn’t recognized.

sfc claimed not have completed the operation successfully (with a status_not_implemented error in the log). But that didn’t make any difference either.

Boot logging

This can be triggered off with F8 in theory, but probably only when things are relatively OK: Instead, at the Automatic Repair opening screen, go Advanced Options > Troubleshoot > Advanced Options > Startup Settings > Restart. So Windows reboots, but this time with a menu. Pick option 2, Enable boot logging. And boot, which fails again, of course with the same Automatic Repair Screen.

So go Advanced Options > Troubleshoot > Advanced Options > Command Prompt, enter as admin, and open type “notepad”.  Well, the file was supposed to be there as C:\windows\ntbtlog.txt, but no such file was there. Microsoft has a rather useless possible explanation.

The breakthrough

Based upon the same menu for enabling Boot logging, I picked (8) “Disable early-launch anti-malware protection”. And after a little while, the computer was suddenly up and running!

From a running Windows position, I was offered to run System Restore to a known, recent configurations, and agreed.

The computer started munching and crunching, after which it restarted, and brought me back to the Automatic Repair screen. But now it mentioned a log file on this initial screen: C:\Windows\System32\Logfiles\Srt\SrtTrail.txt. And there it said: Boot critical file C:\Windows\system32\drivers\mfeelamk.sys is corrupt. And also that C:\tbs.sys is corrupt.

So turning off that malware option again, a successful boot was completed again, and again with a message that System Restore had failed.

Indeed there was no C:\tbs.sys file at all, but it was found on C:\Windows\system32\drivers\ with zero lenght. The mfeelamk.sys file turns out to be McAfee’s anti-malware driver, and let’s believe that it was problematic indeed. But that explains why turning off early malware check solved the issue.

So I renamed the tbs.sys  so that Windows won’t find it (requires changing ownership and then permissions first) and ran sfc /scannow (from a running system this time, which is much slower). It ended up saying that it found some corrupt files, but was unable to fix some of them.

And then the computer booted up as usual. As simple as that.

So in hindsight, the problem was with one or two driver files which failed to load. Instead of saying that, Windows went “I’m sorry, you’re too stupid to be exposed to that information” and left me to guessing. And most people don’t complain. Just reinstall everything. Or even better, buy a new computer.

Lessons learned

  • Always run chkdsk /r before trying to mess with the computer
  • sfc /scannow in rescue mode is worthless
  • Don’t try to be clever when fixing a Windows computer. The breakthrough step can’t be figured out logically on a senseless system. Just try things at random.
  • Prepare a recovery USB stick, while all is fairly OK

Reader Comments

You saved my life! Thanks

#1 
Written By Nic on July 19th, 2019 @ 12:05

Add a Comment

required, use real name
required, will not be published
optional, your blog address