Solved

Windows XP Recovery Console & Registry Repair

Posted on 2011-02-18
6
936 Views
Last Modified: 2012-05-11
Hi there.
I have a Windows XP machine that booted up to a STOP error:

STOP: c0000218 {Registry File Failure}
the registry cannot load th ehive (file):
\SystemRoot\System32\Config\SOFTWARE

I followed the instructions in this Microsoft KB article (http://support.microsoft.com/kb/307545) that provides instructions on how to recover from a corrupted registry. After completing these instructions, the system boots back up and throws this error:

lsass.exe - System Error
"When trying to update a password,
this return status indicates that the value provided as the current password
is not correct"

I've tried booting back into the Recovery Console to recopy some registry files, but now the system doesn't recognize the Administrator password. I've read some articles about how OEM computers that have been imaged using sysprep.exe often have this type of corruption because sysprep.exe changes the security keys so the Admin password is not recognized, even though it is typed in directly.

http://support.microsoft.com/kb/308402

So, now I'm not sure how to proceed. How can I get back into the Recovery Console to recover the registry files?

Thanks,
J
0
Comment
Question by:brownmetals
6 Comments
 
LVL 3

Assisted Solution

by:residents
residents earned 200 total points
ID: 34929451
Have you tried doing a repair installation of XP? At this point it may be a good idea, when you first load up with the CD don't press R but press enter to "install Windows" and then you can press R to scan for and repair installations of windows. This will not destroy your files and the only thing you'll want to do if this fixes it is to run windows update after you're done.
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 100 total points
ID: 34929486
There is a really clear warning on http://support.microsoft.com/kb/307545 not to use this fix on OEM systems.  You've replaced your security settings with the manufacturer's dummy files which appear to have password protected accounts but actually don't.  There is no simple fix for this.

Which OEM is this, which model of PC and what do you have in the way of bootable media for XP?
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
ID: 34929713
Go download a copy of Ultimate Boot CD:

http://www.ultimatebootcd.com/

Burn it onto a CD and boot to it.  YOu want to go into the Offline NT Password & Registry Recovery tool.

It will boot to a command prompt and ask you to answer a few questions like which partition your OS is on, where the SAM file is stored, etc...for the most part on a standard windows install the defaults are all correct.

Tell it you want to reset the Administrator account to a blank password.  I've never had ANY luck getting this application to do anything but blank out a password...but it claims to be able to set it to any value you want.  Just make the password blank and then change it through windows if it gets you back in.

Mkae sure you commit the changes and save before you reboot, otherwise it doesn't write the file back to your hard drive and you have to start over again.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 4

Accepted Solution

by:
brownmetals earned 0 total points
ID: 34929832
Thanks for all the suggestions. This is actually a virtual machine and I completely forgot that I took a snapshot of the VM last week. I was able to recover the XP machine by using the VM tools thus restoring the XP machine to working order. My backup of the VM was 1 week old, so I lost a few minor settings (shortcuts, printer preferences, etc), but nothing that can't be restored easily.

I was trying to avoid a Repair of the OS just out of concern that it would cause more harm than good.

After rereading that KB on recovering the registry, I now see the warning about OEM installs. I did not see that prior or I certainly would have gone a different route.

This is a Dell Optiplex GX620.

The UltimateBoot program sounds like a great utility. I had tried Ophcrack Password Recovery Tool to see if that would work, but it would not recover the OEM corrupted password. If you're able to use UltimateBoot and make that password blank, that sounds like a great way to get past the problem I was previously having.

One of the other things I did right away after restoring the VM was make the registry key change found here:
http://www.theeldergeek.com/recovery_console.htm

Start | Run | Regedit
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
Set the DWORD SecurityLevel value to 1
Exit Registry and Reboot

This prevents Recovery Console from asking for an Admin password which seems would take the OEM considerations out of the equation.

Anyway, I was able to recover my XP machine. Thanks for everyone's input. I certainly appreciate it.

J
0
 
LVL 4

Author Comment

by:brownmetals
ID: 34930020
Thank you.
0
 
LVL 4

Author Closing Comment

by:brownmetals
ID: 34959251
I was able to find an acceptable solution on my own, but the comments provided here are certainly all worthy of some points as they would have provided assistance had I pursued the original recovery attempt.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Backing up data is essential for any office small or large. Most think that a simple USB drive will suffice. Even the USB drives themselves display words like backup.   Most novices will ask themselves the question “Will this work for my business…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question