Solved

Windows XP Recovery Console & Registry Repair

Posted on 2011-02-18
6
931 Views
Last Modified: 2012-05-11
Hi there.
I have a Windows XP machine that booted up to a STOP error:

STOP: c0000218 {Registry File Failure}
the registry cannot load th ehive (file):
\SystemRoot\System32\Config\SOFTWARE

I followed the instructions in this Microsoft KB article (http://support.microsoft.com/kb/307545) that provides instructions on how to recover from a corrupted registry. After completing these instructions, the system boots back up and throws this error:

lsass.exe - System Error
"When trying to update a password,
this return status indicates that the value provided as the current password
is not correct"

I've tried booting back into the Recovery Console to recopy some registry files, but now the system doesn't recognize the Administrator password. I've read some articles about how OEM computers that have been imaged using sysprep.exe often have this type of corruption because sysprep.exe changes the security keys so the Admin password is not recognized, even though it is typed in directly.

http://support.microsoft.com/kb/308402

So, now I'm not sure how to proceed. How can I get back into the Recovery Console to recover the registry files?

Thanks,
J
0
Comment
Question by:brownmetals
6 Comments
 
LVL 3

Assisted Solution

by:residents
residents earned 200 total points
ID: 34929451
Have you tried doing a repair installation of XP? At this point it may be a good idea, when you first load up with the CD don't press R but press enter to "install Windows" and then you can press R to scan for and repair installations of windows. This will not destroy your files and the only thing you'll want to do if this fixes it is to run windows update after you're done.
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 100 total points
ID: 34929486
There is a really clear warning on http://support.microsoft.com/kb/307545 not to use this fix on OEM systems.  You've replaced your security settings with the manufacturer's dummy files which appear to have password protected accounts but actually don't.  There is no simple fix for this.

Which OEM is this, which model of PC and what do you have in the way of bootable media for XP?
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
ID: 34929713
Go download a copy of Ultimate Boot CD:

http://www.ultimatebootcd.com/

Burn it onto a CD and boot to it.  YOu want to go into the Offline NT Password & Registry Recovery tool.

It will boot to a command prompt and ask you to answer a few questions like which partition your OS is on, where the SAM file is stored, etc...for the most part on a standard windows install the defaults are all correct.

Tell it you want to reset the Administrator account to a blank password.  I've never had ANY luck getting this application to do anything but blank out a password...but it claims to be able to set it to any value you want.  Just make the password blank and then change it through windows if it gets you back in.

Mkae sure you commit the changes and save before you reboot, otherwise it doesn't write the file back to your hard drive and you have to start over again.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 4

Accepted Solution

by:
brownmetals earned 0 total points
ID: 34929832
Thanks for all the suggestions. This is actually a virtual machine and I completely forgot that I took a snapshot of the VM last week. I was able to recover the XP machine by using the VM tools thus restoring the XP machine to working order. My backup of the VM was 1 week old, so I lost a few minor settings (shortcuts, printer preferences, etc), but nothing that can't be restored easily.

I was trying to avoid a Repair of the OS just out of concern that it would cause more harm than good.

After rereading that KB on recovering the registry, I now see the warning about OEM installs. I did not see that prior or I certainly would have gone a different route.

This is a Dell Optiplex GX620.

The UltimateBoot program sounds like a great utility. I had tried Ophcrack Password Recovery Tool to see if that would work, but it would not recover the OEM corrupted password. If you're able to use UltimateBoot and make that password blank, that sounds like a great way to get past the problem I was previously having.

One of the other things I did right away after restoring the VM was make the registry key change found here:
http://www.theeldergeek.com/recovery_console.htm

Start | Run | Regedit
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
Set the DWORD SecurityLevel value to 1
Exit Registry and Reboot

This prevents Recovery Console from asking for an Admin password which seems would take the OEM considerations out of the equation.

Anyway, I was able to recover my XP machine. Thanks for everyone's input. I certainly appreciate it.

J
0
 
LVL 4

Author Comment

by:brownmetals
ID: 34930020
Thank you.
0
 
LVL 4

Author Closing Comment

by:brownmetals
ID: 34959251
I was able to find an acceptable solution on my own, but the comments provided here are certainly all worthy of some points as they would have provided assistance had I pursued the original recovery attempt.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Backup Windows XP system 9 121
Why run Active Fulls in Backups 19 109
Possible ways to recover from drive crash 29 76
How Do I Set Up XP Mode in Windows 7? 8 73
Backing up data is essential for any office small or large. Most think that a simple USB drive will suffice. Even the USB drives themselves display words like backup.   Most novices will ask themselves the question “Will this work for my business…
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now