Why did my systems reboot into the Recovery Environment and how do I prevent that from happening in the future?


Earlier this year, a customer reported that they had a cluster of systems running a mix of Windows Server 2003¹ and Windows Server 2008 R2 Service Pack 1. The cluster node crashed, causing the machines hosted on it to fail over to another node. On the new node, the Windows Server 2003 system showed an error and restarted, but the Windows Server 2008 R2 systems showed a system recovery dialog.

System Recovery Options
Choose a recovery tool

Startup Repair

Automatically fix problems that are preventing Windows from starting

System Restore

Restore Windows to an earlier point in time

System Image Recovery

Recover your computer using a system image you created earlier

Windows Memory Diagnostic

Check your computer for memory hardware errors

Command Prompt

Open a command prompt window

Shut Down Restart

The customer had to connect to each machine and click the "Restart" button in the recovery dialog. This was a tedious operation because they had so many systems.

The Recovery Environment team explained that the system should not have entered recovery after a single crash. It requires that the crash be followed by a failed boot as well. (You can read more about the conditions under which the Recovery Environment will start automatically.)

What probably happened is that the subsequent boot also failed, and that triggered the entry into the Recovery Environment. The customer was not sitting in front of the systems as they rebooted, so they didn't notice this second reboot.

If the customer wants to prevent the system from automatically entering the Recovery Environment, they can set the following entries in the BCD (Boot Configuration Data):

bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy IgnoreAllFailures

The recoveryenabled variable is set by default to true, and the bootstatuspolicy is not set by default. To return the system to its default configuration, use the commands

bcdedit /set {default} recoveryenabled Yes
bcdedit /deletevalue {default} bootstatuspolicy

¹ Yes, the customer is still using Windows Server 2003 two years after it exited support.

Comments (11)
  1. Joshua says:

    Use of Windows Server 2003 kind of made sense right up until you couldn’t get security patches anymore. In my experience it tended to work better. Also, 2008 R2 chewed through many times its published disk space usage.

    1. Antonio Rodríguez says:

      Raymond says they were using two years after it stopped receiving security updates. In a cluster that, presumably, is accessible from the Internet.

      It doesn’t matter wether it’s more efficient or not. It isn’t even a Russian roulette – at least on the roulette you know you can get away unharmed. It’s a disaster waiting to happen: the only question is when.

  2. We do this on corporate workstations now. If a workstation “fails” to boot (maybe the user held in the power button for too long), users are presented with a scary looking recovery screen, and if they click around in there, they can end up screwing up their computer. Easier to just disable it. If their computer is messed up enough to not boot they will call for help anyway.

    1. Users can’t screw around without supplying an administrative password to Windows RE.

      If they do have it, they are already on the other side of the airtight hatch.

  3. > “Yes, the customer is still using Windows Server 2003 two years after it exited support.”

    Ironically, Windows Server 2003 is the last version of Windows Server to have offline support documentations included with it. The next versions of Windows Server still have those “Show me how to do this” buttons (e.g. when installing R&RA service) but pressing them does nothing.

  4. Neil says:

    Windows Server 2008 R2 offered to System Restore? How do I turn that on?

    “Yes, the customer is still using Windows Server 2003 two years after it exited support.”

    This is the least surprising part of today’s post.

    1. Nobody said anything about System Restore. You misread.

      1. snarf says:

        Or he looked at the pseudo-screenshot that shows system restore as an option for windows server 2008

  5. Azarien says:

    Is there an option to prevent Windows from ever changing the “bootmenupolicy legacy” setting with every other update? Having to restore this value again and again is very annoying.

    1. Joshua says:

      How about a task that runs at startup that changes it back?

  6. Petteri Aimonen says:

    I sometimes see this with other programs that have rules like “if sessions ends three times in a crash, launch installation repair tool”.

    Too bad that in my workflow, I often end up leaving programs running for months, until something unexpected causes a forced reboot. So to the program, it appears that every time I use it, it ends up crashing!

Comments are closed.

Skip to main content