Windows 11

Researching and Troubleshooting Difficult Windows 11 Problems

Researching and Troubleshooting Difficult Problems

Sometimes, you hit a problem on a PC that you know fully well doesn’t require a reinstall or reimaging, but is so frustrating and knotty that it drives you nuts. This type of scenario can occur regularly, and you end up searching online trying to find the answer only to find either that there’s no answer, but that a ton of other people have experienced the same problem, or that there’s no mention of it at all, at least not that you can find.
So how do you go about researching these problems and finding solutions? So far in this book, we’ve dealt with and covered all the biggest problem areas including reliability and updating, user accounts and file access, apps and compatibility, processes and services, networking and Internet access, hardware and peripherals, security and encryption, malware and ransomware, the Windows Registry, and startup and repair. It seems appropriate then to bring this all together in a chapter that could very reasonably be called “AAARRGGH!”

Reading Windows Log and BSOD Files

how you can use the Event Viewer to get information on practically any event on the PC. Each of these produces a log or a dump file (depending on the type of event it is) that resides on the PC for up to 30 days, after which time it is deleted to free up space. But where do these logs reside, and how can you open and read them?

Log Text Files

The Windows\Debug log files contain audit (installation, deletion, update, etc.) operation details and app crash details in plain text file formats (see Figure 21-1). The files you will find in this folder will vary and are entirely dependent on what’s been happening on the specific machine. In Figure 21-1, we can see that there are logs for the wiatrace file.

Figure 21-1. Windows\Debug files are stored in plain text format

You will see that some log files contain links either to previous versions of the file still stored on the PC or to website links. You can copy and paste these into your PC to get more information where it’s made available to you.

Reading .xml and .etl Files

The Windows\Logs folder is where the main Windows logs are stored. They are separated into subfolders, most of which are sensibly named, such as RecoveryDrive and SystemRestore (see Figure 21-2). The log files are stored either as plain text (.txt) files, which can be opened in Notepad; as Extensible Markup Language (.xml) files, which can be opened and read in a web browser, such as Edge or Chrome; or as Event Trace Log (.etl) files.

Figure 21-2. The Windows\Logs folder contains the main Windows log files

Event Trace Log (.etl) files will also all be available to view in the Windows Event Viewer, as this is the file extension primarily associated with that utility. If you are opening .etl files from another PC however, they can be opened from the Event Viewer Action menu by selecting Open Saved Log. When open, the log files will appear in the left panel of Event Viewer in a Saved Logs section (see Figure 21-3).

Figure 21-3. You can open event logs from other PCs in Event Viewer

Reading .dmp Files

The Windows\MiniDump folder is where you will find critical error log files, such as those associated with a Blue Screen of Death (BSOD). These files are stored in a .dmp format and cannot be opened natively in Windows. There are several ways to open them, however. If you have access to Microsoft Visual Studio, you can download the Windows Driver Kit (WDK) or Windows Software Development Kit (SDK). Both of these will allow you to open, and read, the contents of the .dmp file.
Perhaps a preferable option for many people will be the third-party utility BlueScreenView. You can download this from, and it will automatically display the contents of all the .dmp files located in your Windows\MiniDump folder (see Figure 21-4).

Figure 21-4. BlueScreenView is a great utility for reading .dmp files

So what is it you’re looking for within a .dmp file that can tell you why a Blue Screen occurred? There are plenty of pieces of useful information to be contained in the log, including the verbose text of the Bug Check String and the Windows standard error code in Bug Check Code. These come in the format 0x000… and can be searched for online to discover the cause of the problem and hopefully a solution.
You can see in Figure 21-4 a critical error that occurred completely out of the blue on my own PC just the other day. The description is DRIVER_IRQL_NOT_LESS_OR_EQUAL and the Windows error code is 0x000000d1. A quick search online reveals useful information about this error, which dates back several versions of Windows. It could be caused by a variety of things including an incompatible or corrupt device driver or an Interrupt Request (IRQ) conflict. While the latter is extremely rare in Windows since the introduction of the Windows Side-by-Side (WinSxS) folder, it’s a legacy problem that can appear occasionally, and for many drivers, you can check in their Resources tab in the Properties inspector for the driver to see what IRQs they use and if any conflicts exist (see Figure 21-5).

Figure 21-5. You can check the properties of a driver to see if there are error and conflicts

Searching Online for Solutions

There are many resources you can use on the Internet to help you find solutions to problems. These range from a simple web search to specialist online resources. You want to be able to find the information you need quickly though, so where can you look and what are the best ways to find information quickly?

Search Engines

So you’re searching online for the solution to the problem you’re facing, and you’re hitting a wall. Is there a way you can better leverage the results you’re getting? All Internet search engines allow you to use what’s called “operators” to refine your searches and find specific information.

Note:Not all searches produce quality results. If you ask Amazon’s Alexa, “Who is Mike Halsey?”, it will tell you that I’ve written a few more books than I really have. This isn’t especially helpful, but it’s always good for a laugh at parties.

Google is probably going to be your first port of call, being by far the web’s biggest search engine, and, for as much as I personally can’t stand Google’s “we’ll harvest all your data and sell it to advertisers” approach, they do produce the best search results While it’s perhaps less useful for searching for answers to IT and technical queries, is a powerful search engine that produces high-quality results. Its operators are, as you might expect, more complex than those for Google and Microsoft.

Note:I want to slip in a note about the websites I am about to reference. The companies behind them do revamp and improve them from time to time, so it’s possible that not everything I describe will be exactly where I said it was when you come to look at the website yourself.

Microsoft Docs

Back in the day when I was writing troubleshooting books for earlier versions of Windows, the support and documentation websites provided by Microsoft were somewhat fragmented. We had Visual Studio websites, Microsoft’s MSDN (Microsoft Developer Network) and TechNet websites, Microsoft Support, and more. Now these documentation and support websites are well on their way to being improved and streamlined with most of the documents and technical information ending up at
This website is organized by the different products and the different product areas (cloud, client) that Microsoft covers (see Figure 21-6). One of the issues currently with Microsoft Docs is that search might be more powerful, something that I and other MVPs (Microsoft Most Valuable Professional awardees) have fed back to Microsoft, so hopefully it’ll be improved.

Figure 21-6. Microsoft Docs contains many thousands of documentation and support articles

The upshot of this is that sometimes you can find it easier to use Google or Bing to search for articles on Microsoft Docs, rather than by searching inside Microsoft Docs itself.

Microsoft Docs Code Samples

One of the best features of the Microsoft Docs website is its Code Samples section, accessible from the menu that runs across the top of the screen. This part of the website contains code you can download and run for every Microsoft product that includes scripting languages such as PowerShell (see Figure 21-7). There is code for everything from Windows itself to Microsoft 365, Azure, and even Minecraft.

Figure 21-7. Microsoft Docs contains a repository of downloadable code you can use

GitHub is a code sharing website and repository that became hugely popular after it launched in 2008, and even though it is primarily a resource for open source code, it remained hugely popular after Microsoft purchased it in 2018, largely because the company left it alone.
You can find code from just about every developer on the Planet at GitHub, including Microsoft that maintains repositories there including a large repository of PowerShell scripts (see Figure 21-8). If you are looking to get started with PowerShell, or looking for specific scripts to help you manage and troubleshoot Windows, this is a great place to start looking.

Figure 21-8. Microsoft maintains a PowerShell script repository on GitHub

Microsoft Support

The main Microsoft support website remains at and contains help and support articles for all of Microsoft’s products (see Figure 21-9). The articles published on the Microsoft Support website are all easy to read and well laid out. This makes them accessible to a wide range of people, as opposed to many third-party websites where sadly accessibility isn’t a consideration.

Figure 21-9. Microsoft maintains their own Support website

Microsoft Answers

This is sort of a subset of the Microsoft Support website, but is available on its own from This website is more interactive and is where Microsoft support agents, MVPs, and Microsoft partners can respond to and answer technical questions from the community of users of all Microsoft products (see Figure 21-10).

Figure 21-10. Microsoft Answers is where you can get interactive help from experts

People who reply and answer your questions will be clearly labelled as Microsoft Agent, MVP, or Independent Agent, among other titles. You can see this in Figure 21-11 when, while looking for a suitable answer I could take a screenshot of for this book, I saw a question I thought I might be able to help with.

Figure 21-11. Responders at Microsoft Answers are clearly labelled as to who they are

Other Microsoft and Third-Party Support Sites There are a great many excellent-quality support websites provided by third parties. The best of these are as follows:

  • –
  • –
  • How-To Geek –
  • Microsoft Download Center –
  • Tom’s Hardware –

Of course at this point, it would be completely remiss of me not to mention my own website which you can find at (see Figure 21-12). I have hundreds of help, how-to, and support articles there with a new article almost every single day. I focus on keeping articles short, just three paragraphs usually, as speaking strictly for myself, if somebody wants to write a help article that’s two thousand words long, I certainly don’t want to read it.

Figure 21-12. My own website contains hundreds of help, how-to, and support articles

Hardware Driver and Support Sites

I always recommend that you download hardware drivers directly from the manufacturer’s website. These websites will also have forums in which you can post questions and get answers directly from technical staff at the company:

  • Acer –
  • Asus –
  • AMD –
  • Dell –
  • HP –
  • Intel –
  • Lenovo –
  • Microsoft Surface Support –
  • Nvidia –
  • Samsung –

Third-Party Support Tools

Additionally, there are many excellent third-party help, information, and support tools that are favored by IT Pros; these are in addition to the Microsoft Sysinternals suite that I detailed in Chapter 22:

  • Aida64 –
  • CCleaner –
  • Disk Digger –
  • GRC –
  • Hiren’s Boot CD –
  • Sandra Utilities –
  • TeamViewer –
  • Ultimate Boot CD –
  • WhoCrashed –

Other Useful Microsoft Tools

Throughout this book, I have detailed all the tools and utilities in Windows 11 that can be used to help you diagnose and troubleshoot problems on a PC. This is all but four of them, and there are some tools that are very useful, but very specific for what they do and, as such, really didn’t fit neatly into any other chapter.


DXDiag can be found by a search in the Start Menu and not any other way, as it’s pretty well hidden. It’s been in Windows since Vista and is a diagnostics tool that tests the DirectX functionality of graphics, audio, and USB hardware on the PC. DirectX is an API (Application Programming Interface) framework for handling multimedia tasks.
When you run DXDiag, the utility will run its tests and then present the results as a series of tabs across its window (see Figure 21-13). If it finds any problems or errors, they will appear in the Notes section of the appropriate tab.

Figure 21-13. DXDiag runs diagnostics on multimedia hardware in Windows

Windows Memory Diagnostic

One utility you can find in Windows Tools is the Windows Memory Diagnostic (see Figure 21-14). This will prompt you to restart your PC where, from the Recovery Console, it will run a series of tests on the physical memory installed in the PC to see if it can determine if any errors exist. This can be useful if you are getting random application or other crashes, an unidentifiable Blue Screen of Death.

Figure 21-14. The Windows Memory Diagnostic runs tests on your PC’s physical memory

Note:Windows Memory Diagnostic used to be available in the Windows Recovery Environment, though it has been removed with Windows 11.
When the PC restarts, you will get a great blast from the past as an old-style DOS window will fill your screen running the memory diagnostic tool (see Figure 21-15). This has a progress bar and will restart the PC automatically when it is finished.

Figure 21-15. The Windows Memory Diagnostic is a proper old-style DOS tool

You can at any time press the F1 key on your keyboard (assuming your keyboard has one that is) and change the settings for the diagnostic, such as to tell it to run a more detailed and thorough test. When the Memory Diagnostic has run and the PC restarted, you can access the logs it created in Event Viewer.
You can find the test results under Windows Logs and then System. Click the Action menu and select Filter Current Log. In the dialog that appears, in the Event sources dropdown menu, select MemoryDiagnostics-Results and click OK. The results of the memory diagnostic will then become available to you (see Figure 21-16).

Figure 21-16. You can view the memory diagnostics logs in the Event Viewer

Windows Sandbox

If you are using the Pro or Enterprise version of Windows 11 and have virtualization support on your PC’s processor, you will have access to a feature called Windows Sandbox. This needs to be activated on most PCs, so in the Start Menu search for features and select Turn Windows features on or off from the search results. You will see Windows Sandbox at the bottom of the list in the dialog that appears (see Figure 21-17), though you will have to also activate some other virtualization features such as the Hyper-V Management Tools. After restarting the PC, Windows Sandbox will then appear as an app in the Start Menu.

Figure 21-17. You need to activate Windows Sandbox on many PCs

Where Windows Sandbox is most useful is for testing things that might cause a PC or an installation to become unstable, such as a new piece of software or a file that you suspect might have a malicious Visual Basic (VB) script contained within it that you need to remove.
Sandbox will appear full screen on your desktop though it can be resized into a window (see Figure 21-18). It is a fully containerized, isolated Windows 11 desktop. Each instance is created new when Sandbox is run and completely discarded when the instance is closed, making it highly secure for testing.

Figure 21-18. Windows Sandbox is excellent for testing things that might cause instabilities

Windows Subsystem for Linux

In Figure 21-17, you might have noticed a little optional feature called the Windows Subsystem for Linux. This allows a full Linux kernel to be run virtually within Windows 11.
If you activate this feature, you will then be able to install a wide variety of Linux distros from the Microsoft Store app (see Figure 21-19).

Figure 21-19. The Windows Subsystem for Linux lets you run Linux as part of your Windows 11 system

The biggest advantage here is that it gives you access to Linux scripting environments such as BASH (one of the very few “acronyms” in tech that doesn’t actually stand for anything at all). While BASH is primarily used in Windows for application development, there are some administrative tools you can use for Windows from within Linux itself, and with new tools being added periodically by third parties, you might find scripting tools here that are useful to you.


If you can’t get the solution to a problem from within the Windows 11 tools and utilities, there are always other places you can look for solutions and different ways in which you can use those tools to get the results you need to troubleshoot and repair problems.
Now we’ve dealt with the most advanced problems, it seems only right to take everything back to the beginning for the final chapter of this book, where we’ll look at installing and restoring Windows 11, including how you can reinstall it nondestructively, and configure a new installation before a user has even signed in for the first time.