Solved

Server Login ok but No desktop, cnt alt del ok but no taskmanager

Posted on 2008-06-17
14
977 Views
Last Modified: 2013-11-05
A Strange one.
Windows 2003 Standard SP1.
Running as a simple share with terminal server. No Domains or AD just local users and groups.
The server rebooted due to a power outage.
Clean shutdown.
On reboot, system starts up ok One message a service failed to start. On cnt alt del, you can login but you do not get a desktop, just a mouse pointer. If you hit cnt alt del, you can shutdown, logoff etc but if you click on taksmanager nothing happens.
After much mucking about, we decided to image the drives and move to new hardware using aconis.
Once the image was completed, we started up windows and the logon worked and the system showed desktop. It then went on to install the various missing hardwared drivers and all appeared ok.
Then we rebooted and have the same issue.
Using barts boot cd, we accesed the dirves and scanned for virus - nothing.
Tried copying registry hives from repair to system32 config - same.
Safe mode reboots.
Directory Rstore mode - give us a safe windows layout but when you login, you get the same no desktop, cnt alt del behavior.

0
Comment
Question by:Zombite
14 Comments
 
LVL 7

Expert Comment

by:supports
Comment Utility
have u tried with another user loggin... and i am not sure if ur facing the issue in safe mode as well..ie. it reboots itself
0
 
LVL 3

Expert Comment

by:exhaust
Comment Utility
What if you tried another copy of C:\Windows\Explorer.exe from a working server?
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
Was able to grab the event log remotely.

[14508] Application Popup   Type:     INFORMATION
Computer: SERVER01   Time:     18/06/2008 2:09:22 PM   ID:       26
userinit.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application

Same error for taskmgr.

The server doesnt start in any mode. Safe mode reboots.

Have checked the file versions and sizes.
While in the "first time booted" running version, ran sp2 on the sever which replaces mode of these files. Same result when booted second time.

This is what gets me - the thing will boot first time after image via acronis - then second boot - dead.


0
 
LVL 6

Expert Comment

by:JapyDooge
Comment Utility
0
 
LVL 6

Expert Comment

by:JapyDooge
Comment Utility
Microsoft's workaround:

To work around this issue, delete the invalid registry value: 1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\IniFile Times  
3. Locate the invalid value (this is usually a value with no name).
4. Click the invalid value.
5. On the Edit menu, click Delete, and then click Yes.
6. Quit Registry Editor.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Author Comment

by:Zombite
Comment Utility
Seemed like a good bet but no go.
Checked the entries - all ok
Deleted all the shadow registy inf times - no effect.
Still get the same error or lack of response
0
 
LVL 6

Expert Comment

by:JapyDooge
Comment Utility
Hmm, running "sfc / scannow" would maybe work but you don't have that access to the system except...

You can edit the registery, so you can add "sfc /scannow" to the Run or RunOnce keys in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
or
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (runonce will be even better)

There create a new key of the type String named 'Run' or something like that and give it the following value:
C:\\Windows\\System32\\sfc.exe /scannow

At boot the computer will run sfc /scannow to check all windows system files and restore damaged ones. (I hope the reg keys are loaded, maybe they load after userinit...)

Good luck again
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
Got it up and booted with the "first time run after imaging"
sfc - no results - same on reboot.
sp1 and sp2 - same
As terminal services doesnt run on first boot, I am investigating regisry and profile.
There is much about inituser.exe and time stamps in shadow registry for termial server.
I notice that the usercmd doesnt run wither.
Will report back findings - thanks for suggestions.
0
 
LVL 4

Accepted Solution

by:
Zombite earned 0 total points
Comment Utility
JapyDooge: Can you enter this as a solution

This is a nasty virus via a js script on a web page.

http://www.threatexpert.com/report.aspx?uid=82cc0907-16ed-4868-88a9-cebdbdc8cff4

Drops some beasts into winlogon notify

QUOTE: Speaking of Malware, the Drive-By's are getting worse. First Whitepages and other websites were hacking us and now the UNICEF website got hacked. This getting ridiculous. There is one particular that I am seeing more and more.
The symptoms (At least on a domain) are excruciatingly long log offs, dodgy internet and even as the administrator, you can't RWW to the machine or RDP to it internally. If you go to the file system through the network (Connect to \\workstation\c$) you can see some hidden files in C:\Windows\System32. They are rotr.sys or rotw.sys. If the user logs off, you can delete these files remotely or do it in safe mode. As the files are a part of a rootkit, you can't actually see them as the user. Once deleted and the system is rebooted, everything is back to normal.


0
 
LVL 6

Expert Comment

by:JapyDooge
Comment Utility
That's not nice. Ah well you can click the 'Accept as a solution' button on the bottom of your own post to close the question becouse you fixed it yourself.

Good luck man.
0
 
LVL 4

Author Comment

by:Zombite
Comment Utility
Thanks -
By using barts boot disk and getting rid of the registry entries, and the files in system32 the server now lives.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now