Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Server Login ok but No desktop, cnt alt del ok but no taskmanager

Posted on 2008-06-17
14
Medium Priority
?
986 Views
Last Modified: 2013-11-05
A Strange one.
Windows 2003 Standard SP1.
Running as a simple share with terminal server. No Domains or AD just local users and groups.
The server rebooted due to a power outage.
Clean shutdown.
On reboot, system starts up ok One message a service failed to start. On cnt alt del, you can login but you do not get a desktop, just a mouse pointer. If you hit cnt alt del, you can shutdown, logoff etc but if you click on taksmanager nothing happens.
After much mucking about, we decided to image the drives and move to new hardware using aconis.
Once the image was completed, we started up windows and the logon worked and the system showed desktop. It then went on to install the various missing hardwared drivers and all appeared ok.
Then we rebooted and have the same issue.
Using barts boot cd, we accesed the dirves and scanned for virus - nothing.
Tried copying registry hives from repair to system32 config - same.
Safe mode reboots.
Directory Rstore mode - give us a safe windows layout but when you login, you get the same no desktop, cnt alt del behavior.

0
Comment
Question by:Zombite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 7

Expert Comment

by:supports
ID: 21809892
have u tried with another user loggin... and i am not sure if ur facing the issue in safe mode as well..ie. it reboots itself
0
 
LVL 3

Expert Comment

by:exhaust
ID: 21810270
What if you tried another copy of C:\Windows\Explorer.exe from a working server?
0
 
LVL 4

Author Comment

by:Zombite
ID: 21810627
Was able to grab the event log remotely.

[14508] Application Popup   Type:     INFORMATION
Computer: SERVER01   Time:     18/06/2008 2:09:22 PM   ID:       26
userinit.exe - Application Error The application failed to initialize properly (0xc0000005). Click on OK to terminate the application

Same error for taskmgr.

The server doesnt start in any mode. Safe mode reboots.

Have checked the file versions and sizes.
While in the "first time booted" running version, ran sp2 on the sever which replaces mode of these files. Same result when booted second time.

This is what gets me - the thing will boot first time after image via acronis - then second boot - dead.


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:JapyDooge
ID: 21810824
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21810827
Microsoft's workaround:

To work around this issue, delete the invalid registry value: 1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\IniFile Times  
3. Locate the invalid value (this is usually a value with no name).
4. Click the invalid value.
5. On the Edit menu, click Delete, and then click Yes.
6. Quit Registry Editor.
0
 
LVL 4

Author Comment

by:Zombite
ID: 21811441
Seemed like a good bet but no go.
Checked the entries - all ok
Deleted all the shadow registy inf times - no effect.
Still get the same error or lack of response
0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21811824
Hmm, running "sfc / scannow" would maybe work but you don't have that access to the system except...

You can edit the registery, so you can add "sfc /scannow" to the Run or RunOnce keys in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
or
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce (runonce will be even better)

There create a new key of the type String named 'Run' or something like that and give it the following value:
C:\\Windows\\System32\\sfc.exe /scannow

At boot the computer will run sfc /scannow to check all windows system files and restore damaged ones. (I hope the reg keys are loaded, maybe they load after userinit...)

Good luck again
0
 
LVL 4

Author Comment

by:Zombite
ID: 21820827
Got it up and booted with the "first time run after imaging"
sfc - no results - same on reboot.
sp1 and sp2 - same
As terminal services doesnt run on first boot, I am investigating regisry and profile.
There is much about inituser.exe and time stamps in shadow registry for termial server.
I notice that the usercmd doesnt run wither.
Will report back findings - thanks for suggestions.
0
 
LVL 4

Accepted Solution

by:
Zombite earned 0 total points
ID: 21828995
JapyDooge: Can you enter this as a solution

This is a nasty virus via a js script on a web page.

http://www.threatexpert.com/report.aspx?uid=82cc0907-16ed-4868-88a9-cebdbdc8cff4

Drops some beasts into winlogon notify

QUOTE: Speaking of Malware, the Drive-By's are getting worse. First Whitepages and other websites were hacking us and now the UNICEF website got hacked. This getting ridiculous. There is one particular that I am seeing more and more.
The symptoms (At least on a domain) are excruciatingly long log offs, dodgy internet and even as the administrator, you can't RWW to the machine or RDP to it internally. If you go to the file system through the network (Connect to \\workstation\c$) you can see some hidden files in C:\Windows\System32. They are rotr.sys or rotw.sys. If the user logs off, you can delete these files remotely or do it in safe mode. As the files are a part of a rootkit, you can't actually see them as the user. Once deleted and the system is rebooted, everything is back to normal.


0
 
LVL 6

Expert Comment

by:JapyDooge
ID: 21829843
That's not nice. Ah well you can click the 'Accept as a solution' button on the bottom of your own post to close the question becouse you fixed it yourself.

Good luck man.
0
 
LVL 4

Author Comment

by:Zombite
ID: 21839161
Thanks -
By using barts boot disk and getting rid of the registry entries, and the files in system32 the server now lives.

0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question