Offline Windows Repair via DISM and SFC

 Background

This is an option that would come in handy when you end up with a broken Windows installation that wouldn't boot and you are left with no backups or retore points. This article revolves around a personal experience of repairing a Windows Server 2012 R2 instance in the year of 2023 and the given steps would ideally work for any proceeding Windows versions.

VMware P2V Converted VM

I was tasked with restoring a VM that was converted from Physical to Virtual using VMware's P2V Converter, which did not opt-in to include the VMware Tools during the conversion.

State of the Machine

While the actual reasons for the outcome of the P2V conversion is unclear to me, investigating revealed the following as the state of the VM. 

• The windows Boot Log indicated that the BasicDisplay.sys driver (Windows default display driver) failed to load in compatible with the VMware virtual machine hardware version, which was on version 19.
  
  
• The windows Operating System was corrupted. I realized this after, I managed to inject the VMware Tools Display driver into the Operating System VMDK and boot up the VM. The boot sequence ends with a System File Checker failing to repair the System Drive. More details on manually adding VMware drivers into an offline windows installation can be found on this article Manually Adding VMware Tools Drivers into a Offline Windows Installation.

Offline Windows Repair

Booting into Windows PE

Boot the VM into Windows Advanced Boot Options as shown below. During system boot, hit F8 and then select the Repair Your Computer option.

Mount a windows DVD/ISO (if Physical/VM respectively) on to the machine, that has the same flavor of windows as per the operating system you are trying to recover from. In my case, it would be a Windows Server 2012 R2 ISO file mounted as a DVD drive within the VM. Select Troubleshoot and then select Command Prompt.

 

Select the Account you want to use to assume the command prompt as. In my case, it would be Administrator and enter the credentials.

 

Understanding the Disk Layout

Now you are on a command prompt with within the Windows Recovery Environment. Now we need to understand the disk layout for the environment.

type in  DISKPART  and then  LIST VOL  to show the current drives mounted.

Take note of the DVD/ISO drive you mounted and the original C:\ drive of the operating system you need to repair. This would usually be the drive that contains the C:\Windows folder. In my case, the ISO is mounted on the E:\ drive and the the offline operating system is on the D:\ drive.

Now, I will be using DISM to perform a Offline Repair of the Operating System. Essentially what will be happening is, DISM will assess the operating system and identify problems. It will then use the mounted DVD/ISO as the source for repairing.

Using DISM to Repair a Offline Windows Image

 DISM  /Image:D:  /Cleanup-Image  /RestoreHealth  /Source:wim:E:\sources\install.wim:2  /LimitAccess 

The above command can be broken down

/Image - Defines the Windows Image that requires to be repaired.

/Cleanup-Image and /RestoreHealth in combine -  Targets the operating system and performs a cleanup and recovery options on the mounted operating system.

/Source:wim - Defines the source to be used for the repair and specifies that it needs to use a WIM file. Notice the ":1" at the end of the "install.wim". This is the index for the operating system versions on the DVD/ISO. The ISO I loaded comes with Windows Server 2012 R2

• Standard Core
• Standard (GUI)
• Datacenter Core
• Datacenter (GUI)

This can be verified by running the following command.

 DISM /Get-ImageInfo /ImageFile:E:\sources\install.wim 

The command will show an output as below. Accordingly, the index for my operating system that I'm running the repair against would be Index:2

 /LimitAccess - This tells DISM not to connect to the Internet.

More details on the DISM commands and capabilities can be found on this Microsoft article DISM Command-Line Options.

Note that running this command would take approximately 15 to 30 mins and may depend on your system. Do note, that the progress usually goes upto 20% and stays there for some time. On completion, you will see the below output.

 

Using SFC (System File Checker) to Verify the Integrity of a Offline Windows Image

Next I would run a SFC scan to verify the integrity of Windows as well. The command I use would be

 SFC /SCANNOW /OFFBOOTDIR=D:\ /OFFWINDIR=D:\Windows 

While the usual SFC uses SFC /SCANNOW when executed within a live windows environment, since we are executing the command offline, we need to specify the Offline Boot Directory and the Offline Windows Directory.

Once completed, exit the Windows PE and reboot into Windows normally which should now allow you to boot up into your environment.

I my case, I still had to boot into Advanced Boot Options and select Disable Driver Signature Enforcement in order to accommodate the VMware display driver that I had to manually inject into the operating system as mentioned initially. After successfully login in, I installed VMware Tools by running the installation files from VMware and rebooted the environment, which brought the system into normal boot/operational status.

Manually Adding VMware Tools Drivers into a Offline Windows Installation

Background

This is an option that would come in handy when you are in a situation, where you are unable to load a Windows VM in VMware due to the lack of drivers. I ran into a similar situation with a Windows box that was converted from Physical to Virtual without enabling VMware Tools installation on the destination, during conversation. This resulted with the converted Windows box on VMware booting up to the Windows Splash screen and then resulting with a black screen. The boot log indicated that Windows could not load the Display driver.

Preparation

Turn down the VM and copy the VMDK that contains the Operating System to a separate temporary folder. Spin up a new Windows VM or you could use an existing VM for this purpose. Attach the copied VMDK as an existing hard drive to the new VM and load into Windows.

I used a fresh temporary VM (without VMware Tools installed) for this purpose, so it allowed me to directly attached the VMware Tools ISO into the VM from the vCenter Console. You could chose the best option that suites you to get the VMware Tools install sources loaded up into your VM.

In my case, I'm after the VMware Display driver. In your case, you could go after the driver you intend to, and the process will still be the same, except for the driver I chose to copy from.

Extract the VMware drivers to a local folder, which should look like below, after extraction. To extract the drivers, follow this guide from VMware, Extracting the drivers from VMware Tools bundled with VMware Workstation (2032184)

The drivers you seek will be in the directory [extracted_folder]\VMware\VMware Tools\VMware\Drivers.

Since I'm after the display driver, I copied the video_wddm folder into a folder I created under C:\vmdrivers\.

Make sure the VMDK containing the Operating System of the problematic VM is successfully mounted within this environment. In my case, it would be the F:\ drive as shown.

Using DISM to Inject Drivers into an Offline Windows Installation

You would need to first identify the following information.

• Image: In my case, this would be the VMDK attached to this environment as an existing disk. Value for the command would be F:.
  
  
• Driver: This will be the driver you want to inject into the image. You need to point DISM towards the INF file in the driver directory. DISM will then inflate the driver as needed using the applicable components within the folder. In my case, this would be C:\vmdrivers\video_wddm\Vista\vm3d.inf.

Accordingly, the command to be executed would be as below. Make sure this is executed using an elevated command prompt.

 DISM /Image:F: /Add-Driver /Driver:C:\vmdrivers\video_wddm\Vista\vm3d.inf 

Verify the driver got successfully injected into the image, by running the below command. All drivers loaded within the image will be listed. To make my life easy, I piped the output to a text file and did a search for VMware.

 DISM /Image:F: /Get-Drivers 

 

Documentation on the further use of DISM and Drivers can be found in this Microsoft Article Add and Remove Driver packages to an offline Windows Image.

Finally I shutdown the VM and re-attached the VMDK to it's original VM and booted it up with the successful loading of the display driver.