NewSID and Server 2008 R2 - fixing BSOD

We are a Managed I.T. Service provider within the Bell Canada family.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive recovery.

In my case, the system was a Virtual Machine.  That shouldn't matter except for having to use physical media or potentially just mounting an ISO through the hypervisor.

For example, in Hyper-V 2016, right clicking the VM (guest) and settings then locating your DVD drive on the left menu will display something like this:


Or ESXi 6.5:

XenServer 6.2:

The exact appearance will differ depending your your version of Hyper-V, VMWare, or XenServer, or whatever other Hypervisor you may be using.

In my case, I was using XenServer and booted the Server 2008 R2 installation disc using a mounted ISO.

Once you get the install screen, choose your language settings, then click Next.

Click the Repair your computer link at the bottom left side.

Now, pick "Use recovery tools..."

**Take note of the Location your OS is listed as.  You'll need this later.

Finally, select Command Prompt.

My OS volume got the letter D: (instead of C:).  Just pay attention to what letter you get and change accordingly.

Then I navigated to D:\Windows\System32\config\ using the change directory command:

First, change drive letter to the OS volume you noted in the "Use recovery tools" step above by just typing the drive letter and colon (:)


Then using the change directory command, navigate to the config folder:

cd D:\Windows\System32\config

You can list the contents by typing the list directory command: dir

From there I renamed these 5 files:

  • SAM

to *.old (where * is the original file name):

  • DEFAULT.old
  • SAM.old
  • SECURITY.old
  • SOFTWARE.old
  • SYSTEM.old

using the rename command:

example: ren DEFAULT DEFAULT.old

Check your work with another dir command.  I highlighted the 5 files that got renamed in the image below:

Finally, I copied the registry-hives from the D:\Windows\System32\config\RegBack\ folder to the D:\Windows\System32\config\ folder using the Copy command:

copy D:\Windows\System32\config\RegBack D:\Windows\System32\config

Once that was accomplished, rebooted the system (normally).  Eureka, no more BSOD.

To reboot, just exit the command prompt (type exit) and then click the reboot button at the System Recovery Options screen.

After logging into Windows, I got a message that the contents of the recycle bin were corrupt, but after clicking ok to empty it, all was good.

I did run into a few other things that stopped working, but was able to easily fix them (Tasks in task scheduler were corrupt - re-created them as well as a few applications (specific to this server) that were supposed to startup with the OS that weren't, such as Filezilla FTP server).  The specifics on what applications may need to be re-installed or fixed will depend your your particular environment.

Of course, the duplicate SID from the cloning was back, but using the proper tool "sysprep" fixed it, which is simply this:

Start>Run and type sysprep

This opens the location the application is stored in (C:\Windows\System32\sysprep)

Run the tool and set to the following:

Keep in mind that once complete, you'll need to re-activate windows.

We are a Managed I.T. Service provider within the Bell Canada family.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.