Solved

Server Login ok but No desktop, cnt alt del ok but no taskmanager

Posted on 2008-06-17
14
981 Views
Last Modified: 2013-11-05
A Strange one.
Windows 2003 Standard SP1.
Running as a simple share with terminal server. No Domains or AD just local users and groups.
The server rebooted due to a power outage.
Clean shutdown.
On reboot, system starts up ok One message a service failed to start. On cnt alt del, you can login but you do not get a desktop, just a mouse pointer. If you hit cnt alt del, you can shutdown, logoff etc but if you click on taksmanager nothing happens.
After much mucking about, we decided to image the drives and move to new hardware using aconis.
Once the image was completed, we started up windows and the logon worked and the system showed desktop. It then went on to install the various missing hardwared drivers and all appeared ok.
Then we rebooted and have the same issue.
Using barts boot cd, we accesed the dirves and scanned for virus - nothing.
Tried copying registry hives from repair to system32 config - same.
Safe mode reboots.
Directory Rstore mode - give us a safe windows layout but when you login, you get the same no desktop, cnt alt del behavior.

0
Comment
Question by:Zombite
14 Comments
 
LVL 7

Expert Comment

by:supports
ID: 21809892
have u tried with another user loggin... and i am not sure if ur facing the issue in safe mode as well..ie. it reboots itself
0
 
LVL 3

Expert Comment

by:exhaust
ID: 21810270
What if you tried another copy of C:\Windows\Explorer.exe from a working server?
0
 
LVL 4

Author Comment

by:Zombite
ID: 21810627
Was able to grab the event log remotely.

[14508] Application Popup   Type:     INFORMATION
Computer: SERVER01   Time:     18/06/2008 2:09:22 PM   ID:       26
userinit.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application

Same error for taskmgr.

The server doesnt start in any mode. Safe mode reboots.

Have checked the file versions and sizes.
While in the "first time booted" running version, ran sp2 on the sever which replaces mode of these files. Same result when booted second time.

This is what gets me - the thing will boot first time after image via acronis - then second boot - dead.


0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 6

Expert Comment

by:JapyDooge
ID: 21810824
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21810827
Microsoft's workaround:

To work around this issue, delete the invalid registry value: 1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\IniFile Times  
3. Locate the invalid value (this is usually a value with no name).
4. Click the invalid value.
5. On the Edit menu, click Delete, and then click Yes.
6. Quit Registry Editor.
0
 
LVL 4

Author Comment

by:Zombite
ID: 21811441
Seemed like a good bet but no go.
Checked the entries - all ok
Deleted all the shadow registy inf times - no effect.
Still get the same error or lack of response
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21811824
Hmm, running "sfc / scannow" would maybe work but you don't have that access to the system except...

You can edit the registery, so you can add "sfc /scannow" to the Run or RunOnce keys in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
or
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (runonce will be even better)

There create a new key of the type String named 'Run' or something like that and give it the following value:
C:\\Windows\\System32\\sfc.exe /scannow

At boot the computer will run sfc /scannow to check all windows system files and restore damaged ones. (I hope the reg keys are loaded, maybe they load after userinit...)

Good luck again
0
 
LVL 4

Author Comment

by:Zombite
ID: 21820827
Got it up and booted with the "first time run after imaging"
sfc - no results - same on reboot.
sp1 and sp2 - same
As terminal services doesnt run on first boot, I am investigating regisry and profile.
There is much about inituser.exe and time stamps in shadow registry for termial server.
I notice that the usercmd doesnt run wither.
Will report back findings - thanks for suggestions.
0
 
LVL 4

Accepted Solution

by:
Zombite earned 0 total points
ID: 21828995
JapyDooge: Can you enter this as a solution

This is a nasty virus via a js script on a web page.

http://www.threatexpert.com/report.aspx?uid=82cc0907-16ed-4868-88a9-cebdbdc8cff4

Drops some beasts into winlogon notify

QUOTE: Speaking of Malware, the Drive-By's are getting worse. First Whitepages and other websites were hacking us and now the UNICEF website got hacked. This getting ridiculous. There is one particular that I am seeing more and more.
The symptoms (At least on a domain) are excruciatingly long log offs, dodgy internet and even as the administrator, you can't RWW to the machine or RDP to it internally. If you go to the file system through the network (Connect to \\workstation\c$) you can see some hidden files in C:\Windows\System32. They are rotr.sys or rotw.sys. If the user logs off, you can delete these files remotely or do it in safe mode. As the files are a part of a rootkit, you can't actually see them as the user. Once deleted and the system is rebooted, everything is back to normal.


0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21829843
That's not nice. Ah well you can click the 'Accept as a solution' button on the bottom of your own post to close the question becouse you fixed it yourself.

Good luck man.
0
 
LVL 4

Author Comment

by:Zombite
ID: 21839161
Thanks -
By using barts boot disk and getting rid of the registry entries, and the files in system32 the server now lives.

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO Access denied in AD 12 50
Ms Filer Server Migration toolkit issues 2 68
Best practices power settings GPO Win 10 4 95
AD Replications issues 12 105
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question