Solved

Domain authentication loads to a blank desktop can open task manager but desktop never loads affecting users on two separate domains

Posted on 2010-09-21
9
254 Views
Last Modified: 2012-05-10
When several users on different domains attempt to login the authentication loads to a blank desktop.  Ctrl alt dlt opens task manager, however starting a new process of explorer.exe cannot be found.  Also having the same issue on the backup domain controller at one of the sites.  On one of the xp machines I cannot even log in with the local admin account with out going thru safe mode.  Have run virus scans and shows nothing.  Ideas??
0
Comment
Question by:EricBradac
  • 5
  • 3
9 Comments
 
LVL 7

Expert Comment

by:supports
ID: 33730711
hmm ..... how about in safe mode..... if you can see the desktop login as administrato
go to the c:\documents and settings folder and rename the user folder to something else and then restart and try loggin again

A spyware could be a possibility

you can try disabiling all third party applications and services before restarting
Click start, run
Type msconfig
Go to services tab, check the hide all microsoft services and click disable all
Then go to start up tab, click disable all
and restart

if everything comes up ok
enable the services and programs one by one to make sure that, everything is working
0
 

Author Comment

by:EricBradac
ID: 33730723
Thanks, I will give that a try on the user's workstation in the morning. still have to figure out how to get into the server which i can acess files on just not login to it via the counsle or rdp.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33731284
Good advice above, might be something crashing it on startup.....

" however starting a new process of explorer.exe cannot be found"

That bothers me...

Start>run>cmd

paste the following three lines.....

Paste the output please.....

Basically if it cant find explorer.exe from a run dialog, it seems the systenm PATH is hosed..... Or, something might be jacking with the shell (explorer.exe) via an Image Hijack etc....
set>c:\stuff.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>>C:\stuff.txt

notepad stuff.txt

Open in new window

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33734884
Oh, "Start>run>cmd" kinda hard to do with no Start Button..... Run cmd.exe from the Task Manager.....
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:EricBradac
ID: 33736282
I ran the above prompts and this is what i receive the first is when i had a blank screen as the domain admin the second is as local admin
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=xxxxx
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\xxxxxx
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDNSDOMAIN=xxxxx
USERDOMAIN=xxxxx
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


Local admin:
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.KIRKS\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KIRKS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.KIRKS
LOGONSERVER=\\KIRKS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.KIR\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.KIR\LOCALS~1\Temp
USERDOMAIN=KIRKS
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.KIRKS
windir=C:\WINDOWS

Open in new window

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33739813
Didnt get the last part.... Paths look fine though......

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>C:\stuff2.txt
notepad stuff2.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s>C:\stuff2.txt

notepad stuff2.txt

Open in new window

0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33739815
One other thing..,....

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

Is there a subkey called explorer.exe? If so, please post the contents.....
0
 

Accepted Solution

by:
EricBradac earned 0 total points
ID: 33745900
We had the problem replicate on several more machines and called microsoft as it started to effect too many users.  The solution was to start and stop the File Replication Service.

Thanks, johnb6767 for your help.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 33747413
Good job!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now