Today, I was trying to diagnose some performance problems on a virtual machine and one of the good diagnostic techniques is the boot that virtual machine up in safe mode this eliminates all the additional device drives are services that can cause an issue - then that is an indicator to where the issue could be.
Safe mode?
Safe mode has two options you have safe mode without networking and safe mode with networking, If you choose, the latter, the server will appear to be on the network, but won’t be booted normally so functionality is somewhat degraded.
The purpose of safe mode is to only load minimal drivers and Services, this does not fix anything, but it does prove if the issue is related to a driver or a service, remember, this is a troubleshooting technique.
Safe mode options
If you wish to enter this safe mode, then start a command prompt which needs to be elevated as an administrator and then run the required command:
Safe mode with networking
bcdedit /set {current} safeboot
Safe mode with networking
bcdedit /set {current} safeboot network
Once you issued the correct command, you can then run this to reboot the server immediately:
shutdown /r /t 0
This is a normal diagnostic technique I use all the time however, when I do this, I have access to the hypervisor, something in Azure, you do not have access to, which means while the server does boot and the network stack does come online it does not start the RDP remote desktop protocol, also, in safe mode with networking, you do not get any remote Powershell.
This means yes the server is online and yes, it is on the network, but the only port open is TCP:135 - Not very helpful to anyone so you essentially have a server you’re unable to manage and nothing much works on it, it feels like you’ve fallen down a rabbit hole and you’re wondering, how am I going to get out of this?
Excavate yourself out of the hole 🕳️
We now need to get ourselves out of the mess we’ve just caused, luckily, you get many options to recover from situation like this without using Bastion - I am not a fan of Bastion It has a very steep price that is charged whether you’re using it or not, while it is very handy, it is also rather expensive as many other cloud providers give you this ability for free.
Option 1: Run Command (not working when in Safe Mode)
This mean you need to navigate to your VM in Azure then choose the Operations then Run Command the use these commands:
bcdedit /deletevalue {current} safeboot
Restart-Computer
However when I run this command all I get is this, I am not sure Windows is liking the fact that the server is in safe mode as I am not sure it can run the script:
That will then in the window to the right will show you something like this after connecting to the console, however you are not in a position to enter commands yet:
First you need to type "cmd" into this box that will confirm that with:
ch -si 1
Next press Enter and when you enter this command you will be asked for your credentials which will need to be an administrative user:
You now need the commands :
cmd
Then give it another go, as you can see it took me 6 attempts to get all the fields correct and valid, it missed bits of my username and domain, but the password always worked for me.
Once you issue the shutdown command the server will reboot the server and on boot up the server will back in normal boot mode.