This chapter covers systematic troubleshooting of Windows issues, a core competency for the 220-1102 exam. Approximately 10-15% of exam questions fall under Domain 3.0 (Software Troubleshooting), with objective 3.1 specifically addressing Windows problems. You will learn to diagnose and resolve boot failures, application crashes, performance slowdowns, and blue screen errors using a structured methodology. Mastery of these techniques is essential for any IT support professional.
Jump to a section
Imagine your car won't start. You don't immediately pull the engine apart; you start with simple checks: Is there fuel? Is the battery dead? Did you leave the lights on? Similarly, troubleshooting Windows issues begins with the most obvious and common causes. The car's dashboard warning lights are like Windows error messages or Event Viewer logs — they give you clues. The starter motor's sound when you turn the key is analogous to the boot sequence: if you hear a click but no crank, it points to a battery or starter issue, just as a blinking cursor on a black screen might point to a bootloader problem. A mechanic uses a multimeter to test battery voltage (12.6V resting) just as a technician uses System File Checker (SFC /scannow) to check system file integrity. If the car cranks but doesn't start, you check spark and fuel — in Windows, if the OS loads but crashes, you check drivers and services. The diagnostic process is methodical: start with the simplest, most likely cause, then escalate. This chapter applies that same structured approach to Windows failures, ensuring you don't waste time on complex fixes when the solution is a loose cable or a corrupted driver.
Understanding the Windows Troubleshooting Methodology
The CompTIA A+ troubleshooting methodology is a six-step process: (1) Identify the problem, (2) Establish a theory of probable cause, (3) Test the theory to determine cause, (4) Establish a plan of action and implement the fix, (5) Verify full system functionality and implement preventive measures, (6) Document findings, actions, and outcomes. For Windows issues, this methodology must be adapted to the OS environment. The exam expects you to apply this process to specific Windows problems, not just recite the steps.
Common Windows Symptoms and Their Causes
Blue Screen of Death (BSOD) or Stop Error: These occur when Windows encounters a critical error from which it cannot recover. Common causes include faulty drivers, incompatible hardware, corrupt system files, or overheating. The error code (e.g., 0x0000001A) and parameter information are key to diagnosis.
Boot Failures: These range from 'Bootmgr is missing' to 'NTLDR is missing' (on older systems) or 'Invalid boot.ini'. Causes include corrupt boot configuration data (BCD), damaged master boot record (MBR), failed hard drive, or incorrect boot order in BIOS/UEFI.
Application Crashes and Hangs: An application may stop responding (hang) or close unexpectedly (crash). Causes include insufficient memory, corrupt program files, incompatible software, or malware. Event Viewer can show crash details under Windows Logs > Application.
Performance Issues: Slow boot, slow application launch, high CPU/memory usage. Causes include too many startup programs, malware, insufficient RAM, fragmented hard drive (HDD), or failing hardware.
Step-by-Step Troubleshooting Process for Windows
Step 1: Identify the Problem - Gather information: What error messages appear? When did the problem start? What changes were made recently? Use tools like Event Viewer (eventvwr.msc) to review logs. For BSOD, note the stop code and any driver mentioned. - Determine the scope: Is it one user, one application, or the entire system? For example, if only one user cannot log in, the issue may be a corrupted user profile.
Step 2: Establish a Theory of Probable Cause - List possible causes based on symptoms. For a BSOD with stop code 0x0000001A (MEMORY_MANAGEMENT), likely causes are faulty RAM, corrupt page file, or incompatible driver. Prioritize by likelihood: recent changes (driver update, new hardware) are more probable. - Use the 'most likely first' principle. For a boot failure after a Windows update, the update itself is the prime suspect.
Step 3: Test the Theory - Use built-in tools: For boot issues, boot into Safe Mode (F8 or Shift + Restart) to see if the problem persists. If Safe Mode works, the cause is likely a driver or service. Use System Configuration (msconfig) to disable startup items and services. - For BSOD, analyze the minidump file with Windows Debugger (WinDbg) or BlueScreenView. Check memory using Windows Memory Diagnostic (mdsched.exe). Run System File Checker (sfc /scannow) to repair system files. - For performance issues, use Task Manager to identify high resource usage. Use Resource Monitor (resmon) for deeper analysis. Check for malware with Windows Defender.
Step 4: Establish a Plan of Action and Implement the Fix - Based on the confirmed cause, apply the fix. For driver issues: roll back driver (Device Manager > Driver > Roll Back Driver) or update to latest version. For corrupt system files: run SFC and DISM (DISM /Online /Cleanup-Image /RestoreHealth). For boot issues: use Startup Repair from Windows Recovery Environment (WinRE) or rebuild BCD with bootrec commands. - Always have a backup before making changes. Create a system restore point if possible.
Step 5: Verify Full System Functionality - After applying the fix, test the system thoroughly. Reboot and confirm the original symptom is resolved. Run the application or perform the task that previously failed. Check Event Viewer for new errors. Ensure all features work (network, printing, etc.).
Step 6: Document Findings, Actions, and Outcomes - Record the problem description, steps taken, and resolution. This documentation helps with future troubleshooting and can be used for knowledge base articles. Include error codes, commands used, and any configuration changes.
Key Tools and Their Uses
Event Viewer (eventvwr.msc): Centralized log of system, security, and application events. Filter by level (Error, Warning) and look for events with ID 41 (Kernel-Power) for unexpected shutdowns, ID 1001 for application crashes, ID 6008 for improper shutdown.
Reliability Monitor: Provides a timeline of system stability with critical events. Access via Control Panel > Security and Maintenance > Reliability Monitor.
Task Manager (taskmgr.exe): Shows running processes, performance graphs, startup programs. Use to end unresponsive tasks, identify high resource usage, and disable startup items.
Resource Monitor (resmon.exe): Detailed real-time data on CPU, memory, disk, and network usage. Useful for pinpointing which process is causing high disk activity.
System File Checker (sfc /scannow): Scans all protected system files and replaces corrupted ones with cached copies. Must be run as administrator.
Deployment Imaging Service and Management Tool (DISM): Used to repair Windows image files. Common commands: DISM /Online /Cleanup-Image /CheckHealth, /ScanHealth, /RestoreHealth.
Windows Memory Diagnostic (mdsched.exe): Tests RAM for errors. Choose to restart now and run the test. Results appear after reboot.
System Configuration (msconfig): Manage boot options, startup programs, and services. Use 'Selective Startup' to disable all non-Microsoft services for troubleshooting.
Safe Mode: Boots Windows with minimal drivers and services. Access via F8 at boot (legacy) or Shift + Restart from login screen. Use to troubleshoot driver or software conflicts.
Windows Recovery Environment (WinRE): Advanced troubleshooting tools including Startup Repair, System Restore, Command Prompt, and Reset this PC. Access via bootable media or by interrupting boot three times.
Bootrec.exe: Command-line tool for fixing boot issues. Commands: bootrec /FixMbr, /FixBoot, /ScanOs, /RebuildBcd.
Chkdsk.exe: Checks disk for file system errors and bad sectors. Run with /f to fix errors, /r to locate bad sectors and recover readable information. Example: chkdsk C: /f /r.
Common Troubleshooting Scenarios
Scenario 1: Windows fails to boot after a power outage. - Symptom: Black screen with blinking cursor or 'Bootmgr is missing'. - Probable cause: Corrupt boot sector or BCD. - Action: Boot from Windows installation media, select Repair your computer > Troubleshoot > Advanced Options > Command Prompt. Run bootrec /FixMbr, bootrec /FixBoot, bootrec /RebuildBcd. If that fails, use Startup Repair.
Scenario 2: Application crashes with 'Not Responding'. - Symptom: Application freezes and must be closed via Task Manager. - Probable cause: Insufficient memory, corrupt installation, or incompatible add-on. - Action: Check Event Viewer for application error details. Try running the application as administrator. Reinstall the application. Use Compatibility Troubleshooter.
Scenario 3: Slow performance after installing new software. - Symptom: System sluggish, high CPU usage by a process. - Probable cause: New software is resource-intensive or has a background service. - Action: Use Task Manager to identify the process. Disable the service via services.msc or uninstall the software. Check startup programs and disable unnecessary ones.
Preventive Measures
Keep Windows updated via Windows Update.
Use antivirus and keep it updated.
Regularly back up data and create system restore points.
Monitor disk health with tools like SMART status in BIOS or third-party apps.
Avoid installing unnecessary software and browser toolbars.
Use a standard user account for daily tasks to limit system changes.
1. Gather Information and Identify Symptoms
Start by asking the user: What exactly is happening? When did it start? Were there any recent changes (software install, driver update, hardware change)? Look for error messages, BSOD stop codes, or unusual behavior. Use Event Viewer to check for critical errors around the time of the issue. For example, a BSOD with stop code 0x0000001A points to memory management. Note the exact wording of any error messages. This step sets the direction for all subsequent steps.
2. Establish a Theory of Probable Cause
Based on the symptoms, list possible causes in order of likelihood. For a BSOD after a driver update, the new driver is the top suspect. For a slow boot, too many startup programs or a failing hard drive are likely. Use the 'most recent change' heuristic. Consider hardware issues like overheating or failing RAM. Do not jump to conclusions; keep multiple theories open until tested.
3. Test the Theory with Built-in Tools
Use appropriate diagnostic tools. For driver issues, boot into Safe Mode to see if the problem disappears. For BSOD, analyze minidump files. For file corruption, run SFC and DISM. For memory issues, run Windows Memory Diagnostic. For disk issues, run chkdsk. Each tool gives specific output. For example, SFC will list corrupt files it could not repair, indicating deeper corruption. Document results.
4. Implement a Fix Based on Confirmed Cause
Once the cause is confirmed, apply the fix. For a corrupt driver, roll back or update the driver. For corrupt system files, use SFC and DISM. For boot issues, use bootrec or Startup Repair. For malware, run a full antivirus scan. Always create a system restore point before making significant changes. If the fix fails, try the next most likely cause.
5. Verify Full System Functionality
After applying the fix, reboot the system and test that the original symptom is resolved. Also verify that other functions still work (network, printing, etc.). For example, if you disabled a startup service, ensure that necessary services still start. Check Event Viewer for new errors. Run the application or process that previously failed. If the system is stable, the fix is successful.
6. Document the Entire Process
Record the problem description, symptoms, steps taken, and final resolution. Include error codes, commands used, and any configuration changes. This documentation helps in future troubleshooting and can be shared with team members. It also satisfies the CompTIA A+ requirement for documentation. Good documentation can prevent repeating the same troubleshooting steps.
In a corporate environment, Windows troubleshooting is a daily task. Consider a scenario where a user reports that their computer freezes randomly several times a day. The IT technician starts by checking Event Viewer and finds multiple Event ID 41 (Kernel-Power) errors, indicating unexpected shutdowns. The technician then runs Windows Memory Diagnostic, which reveals memory errors. The fix is to replace the faulty RAM stick. After replacement, the system runs stable. This scenario highlights the importance of using Event Viewer and memory diagnostics.
Another common scenario is a boot failure after a Windows Update. In an enterprise with hundreds of computers, a patch may cause a driver conflict. The technician boots into Safe Mode and rolls back the update using Control Panel > Programs > Installed Updates. If Safe Mode fails, they use WinRE to run System Restore to a point before the update. In a domain environment, they may also use Group Policy to block the problematic update from being installed again.
A third scenario is a slow-performing server running Windows Server. The technician uses Resource Monitor to find that a process called 'svchost.exe' is consuming high CPU. They identify the service group by running 'tasklist /svc' and find it's related to Windows Update. They stop the Windows Update service and set it to manual, then run 'wuauclt /detectnow' to force a check later. They also verify that the server has adequate RAM and that the disk is not fragmented. In production, these steps are done during maintenance windows to minimize impact.
Misconfigurations often cause issues: for example, a technician might disable a critical service in msconfig thinking it's unnecessary, causing the system to fail to boot. The fix is to boot into Safe Mode and re-enable the service. Another common mistake is running 'sfc /scannow' without running DISM first, which can lead to incomplete repairs. The correct order is to run DISM /RestoreHealth first, then SFC. These real-world lessons reinforce the need for methodical troubleshooting.
The 220-1102 exam tests Windows troubleshooting under Objective 3.1. You must know the six-step troubleshooting methodology and be able to apply it to specific scenarios. Common exam questions present a symptom and ask for the next step or the most likely cause.
Most Common Wrong Answers: - Choosing 'Reinstall Windows' immediately: This is a last resort. The exam expects you to try less drastic steps like System Restore or SFC first. - Selecting 'Run a full antivirus scan' for a boot failure: While malware can cause boot issues, the exam often tests specific boot tools like bootrec or Startup Repair. - Choosing 'Update driver' when the symptom is a blue screen after a driver update: The correct answer is 'Roll back driver' because the change caused the problem. - Picking 'Defragment the hard drive' for slow performance: For SSDs, defragmentation is unnecessary and can reduce lifespan. The exam tests knowledge of when to use defrag vs. other tools.
Specific Numbers and Values: - BSOD stop codes: 0x0000001A (MEMORY_MANAGEMENT), 0x0000007B (INACCESSIBLE_BOOT_DEVICE), 0x00000050 (PAGE_FAULT_IN_NONPAGED_AREA). - Event IDs: 41 (Kernel-Power), 1001 (Application error), 6008 (Unexpected shutdown). - Commands: sfc /scannow, DISM /Online /Cleanup-Image /RestoreHealth, bootrec /FixMbr, chkdsk /f /r. - Safe Mode access: F8 (legacy) or Shift + Restart.
Edge Cases: - A system with UEFI uses GPT disks; bootrec commands may not work; instead, use bcdedit. The exam may test the difference between MBR and GPT. - Windows 10/11 have 'Reset this PC' with options to keep files or remove everything. The exam may ask which option to use in a given scenario. - For a system that boots to a black screen after login, the issue might be a corrupted user profile. The fix is to create a new user profile.
How to Eliminate Wrong Answers: - Always consider the most recent change as the likely cause. - If the symptom is a specific error message, the answer is often the tool that directly addresses that error (e.g., 'Bootmgr is missing' -> bootrec /RebuildBcd). - Avoid answers that suggest reinstalling Windows unless all other options are exhausted. - For performance issues, check startup programs and resource usage before assuming hardware failure.
Always follow the six-step troubleshooting methodology: identify, theorize, test, plan, verify, document.
Use Event Viewer to find error codes and timestamps; Event ID 41 indicates unexpected shutdown.
For BSOD, note the stop code and use it to determine the cause (e.g., 0x0000001A for memory).
Safe Mode loads minimal drivers; if the problem disappears, the cause is likely a driver or service.
Run DISM /RestoreHealth before SFC to repair the Windows image.
Use bootrec /FixMbr, /FixBoot, /ScanOs, /RebuildBcd for boot issues on MBR systems.
For SSDs, do not defragment; instead, ensure TRIM is enabled (fsutil behavior query DisableDeleteNotify).
Create a system restore point before making major changes to allow rollback.
Document all steps and outcomes for future reference and exam requirements.
The exam expects you to choose the least destructive solution first (e.g., System Restore before Reset).
These come up on the exam all the time. Here's how to tell them apart.
System Restore
Reverts system files, registry, and installed programs to a previous state.
Does not affect personal files.
Requires a restore point created before the problem.
Can be undone if the restore causes issues.
Best for problems caused by recent changes like driver updates or software installs.
Reset this PC
Reinstalls Windows from a recovery image.
Option to keep personal files or remove everything.
Does not require a restore point.
Cannot be undone; all programs must be reinstalled.
Best for severe issues like system corruption or malware that cannot be removed.
Mistake
Running SFC /scannow always fixes all system file issues.
Correct
SFC only repairs files that have a valid cached copy in the WinSxS folder. If the corruption is in the cache itself, SFC may fail. You should run DISM /RestoreHealth first to repair the image, then run SFC.
Mistake
Defragmenting an SSD improves performance.
Correct
Defragmenting an SSD is unnecessary and can reduce its lifespan due to write wear. Windows automatically optimizes SSDs using TRIM. For HDDs, defragmentation is beneficial.
Mistake
A BSOD always indicates a hardware problem.
Correct
While hardware can cause BSODs, many BSODs are due to driver issues, corrupt system files, or software conflicts. Always check for recent changes before replacing hardware.
Mistake
If the system boots in Safe Mode, the problem is definitely a driver.
Correct
Safe Mode loads only essential drivers and services. The problem could also be a startup program, a non-essential service, or a configuration issue. Use msconfig to systematically disable items.
Mistake
Resetting Windows (Reset this PC) always fixes all problems.
Correct
Reset this PC reinstalls Windows but keeps personal files if you choose that option. However, it may not fix hardware issues, and you will need to reinstall applications. It is a step before a clean install.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The first step is to identify the problem by gathering information: what error message appears? When did it start? Were there recent changes? Boot from Windows installation media and access the Windows Recovery Environment (WinRE) to use tools like Startup Repair. Check if Safe Mode works (F8 or Shift+Restart). This initial assessment guides the next steps.
This error indicates the Boot Manager is missing or corrupt. Boot from Windows installation media, select 'Repair your computer' > Troubleshoot > Advanced Options > Command Prompt. Run bootrec /FixMbr, bootrec /FixBoot, and bootrec /RebuildBcd. If the system uses UEFI, use bcdedit instead. After these commands, restart and check if the error is resolved.
SFC (System File Checker) scans protected system files and replaces corrupted ones from cached copies in the WinSxS folder. DISM (Deployment Imaging Service and Management Tool) repairs the Windows system image itself, which SFC depends on. If SFC fails, run DISM /Online /Cleanup-Image /RestoreHealth first, then run SFC again.
The stop code (e.g., 0x0000001A) indicates the type of error. Look up the code online or in Microsoft documentation. For example, 0x0000001A is MEMORY_MANAGEMENT, often caused by faulty RAM. The parameters provide additional details. Use tools like BlueScreenView to analyze minidump files. Always note the driver mentioned in the error.
Use System Restore first if you have a restore point from before the problem started. It reverts system changes without affecting personal files. If System Restore is not available or fails, use Reset this PC. Choose 'Keep my files' to preserve personal data, or 'Remove everything' for a clean start. Reset is more drastic and requires reinstalling applications.
New software may add startup programs, background services, or consume resources. Check Task Manager > Startup to disable unnecessary startup items. Use Resource Monitor to see which process uses high CPU, memory, or disk. Consider uninstalling the software if it is not needed. Also check for malware that may have been bundled.
If a user profile is corrupted, you may see a temporary profile or fail to log in. First, back up data from the profile folder (C:\Users\[username]). Then, log in as an administrator, go to System Properties > Advanced > User Profiles > Settings, and delete the corrupted profile. The user will get a new profile on next login. Alternatively, rename the profile folder and let Windows create a new one.
You've just covered Troubleshoot: Windows Issues — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?