Background
This is an option that would come in handy when you end up with a broken Windows installation that wouldn't boot and you are left with no backups or retore points. This article revolves around a personal experience of repairing a Windows Server 2012 R2 instance in the year of 2023 and the given steps would ideally work for any proceeding Windows versions.
VMware P2V Converted VM
I was tasked with restoring a VM that was converted from Physical to Virtual using VMware's P2V Converter, which did not opt-in to include the VMware Tools during the conversion.
State of the Machine
While the actual reasons for the outcome of the P2V conversion is unclear to me, investigating revealed the following as the state of the VM.
- The windows Boot Log indicated that the BasicDisplay.sys driver (Windows default display driver) failed to load in compatible with the VMware virtual machine hardware version, which was on version 19.
- The windows Operating System was corrupted. I realized this after, I managed to inject the VMware Tools Display driver into the Operating System VMDK and boot up the VM. The boot sequence ends with a System File Checker failing to repair the System Drive. More details on manually adding VMware drivers into an offline windows installation can be found on this article Manually Adding VMware Tools Drivers into a Offline Windows Installation.
Offline Windows Repair
Booting into Windows PE
Boot the VM into Windows Advanced Boot Options as shown below. During system boot, hit F8 and then select the Repair Your Computer option.
Mount a windows DVD/ISO (if Physical/VM respectively) on to the machine, that has the same flavor of windows as per the operating system you are trying to recover from. In my case, it would be a Windows Server 2012 R2 ISO file mounted as a DVD drive within the VM. Select Troubleshoot and then select Command Prompt.
Select the Account you want to use to assume the command prompt as. In my case, it would be Administrator and enter the credentials.
Understanding the Disk Layout
Now you are on a command prompt with within the Windows Recovery Environment. Now we need to understand the disk layout for the environment.
type in DISKPART and then LIST VOL to show the current drives mounted.
Now, I will be using DISM to perform a Offline Repair of the Operating System. Essentially what will be happening is, DISM will assess the operating system and identify problems. It will then use the mounted DVD/ISO as the source for repairing.
Using DISM to Repair a Offline Windows Image
DISM /Image:D: /Cleanup-Image /RestoreHealth /Source:wim:E:\sources\install.wim:2 /LimitAccess
The above command can be broken down
/Image - Defines the Windows Image that requires to be repaired.
/Cleanup-Image and /RestoreHealth in combine - Targets the operating system and performs a cleanup and recovery options on the mounted operating system.
/Source:wim - Defines the source to be used for the repair and specifies that it needs to use a WIM file. Notice the ":1" at the end of the "install.wim". This is the index for the operating system versions on the DVD/ISO. The ISO I loaded comes with Windows Server 2012 R2
- Standard Core
- Standard (GUI)
- Datacenter Core
- Datacenter (GUI)
This can be verified by running the following command.
DISM /Get-ImageInfo /ImageFile:E:\sources\install.wim
The command will show an output as below. Accordingly, the index for my operating system that I'm running the repair against would be Index:2
/LimitAccess - This tells DISM not to connect to the Internet.
More details on the DISM commands and capabilities can be found on this Microsoft article DISM Command-Line Options.
Note that running this command would take approximately 15 to 30 mins and may depend on your system. Do note, that the progress usually goes upto 20% and stays there for some time. On completion, you will see the below output.
Using SFC (System File Checker) to Verify the Integrity of a Offline Windows Image
Next I would run a SFC scan to verify the integrity of Windows as well. The command I use would be
SFC /SCANNOW /OFFBOOTDIR=D:\ /OFFWINDIR=D:\Windows
While the usual SFC uses SFC /SCANNOW when executed within a live windows environment, since we are executing the command offline, we need to specify the Offline Boot Directory and the Offline Windows Directory.
Once completed, exit the Windows PE and reboot into Windows normally which should now allow you to boot up into your environment.
I my case, I still had to boot into Advanced Boot Options and select Disable Driver Signature Enforcement in order to accommodate the VMware display driver that I had to manually inject into the operating system as mentioned initially. After successfully login in, I installed VMware Tools by running the installation files from VMware and rebooted the environment, which brought the system into normal boot/operational status.
No comments:
Post a Comment