Tuesday, June 10, 2014

Lets talk dirty (bit)- Windows Error recovery after backup/restore

Windows uses a boot status “C:\Windows\bootstat.dat” file to record the fact that it has progressed through various stages and stores information about the last successful boot and shutdown. This allows the Boot Manager, and the Startup Repair tool to detect abnormal shutdown and offer the user recovery and diagnostic boot options.  The bootstat.dat is a hidden system file and can only be changed by windows bootmanager. I explored all available option using bcdedit and there is no way to read the file content or clear the “unclean shutdown” flag from it. The only thing you can do using bcdedit is change the location of file or turn on/off bcd entry session preservation.

Actually, the behavior you are seeing after vss based backup and restore is not really a dirty bit issue. This looks like a normal behavior because when we took the vss snapshot windows was in running state. So as per bootstat.dat file, the state of windows is running in backed up snapshot. And now when we are running it after restore then windows think it was not shutdown properly. So for windows point of view, the shutdown was unexpected because per bootstat file, last windows state was running.

The fact that windows does not allow to change bootstat.dat log file so I think there is no good way to fix this behavior. We can try backing up this file when Windows is in shutdown state and then overwrite the existing file in backup vhd. But again this is not a clean solution and we may leave vhd in to non-bootable state if the timestamp of two files are way off.

I also tried taking normal windows image backup (which also uses vss snapshots and create VHD) and after restore it had the same behavior (showed windows recovery screen upon first boot).

No comments: