• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 962
  • Last Modified:

Windows XP Recovery Console & Registry Repair

Hi there.
I have a Windows XP machine that booted up to a STOP error:

STOP: c0000218 {Registry File Failure}
the registry cannot load th ehive (file):
\SystemRoot\System32\Config\SOFTWARE

I followed the instructions in this Microsoft KB article (http://support.microsoft.com/kb/307545) that provides instructions on how to recover from a corrupted registry. After completing these instructions, the system boots back up and throws this error:

lsass.exe - System Error
"When trying to update a password,
this return status indicates that the value provided as the current password
is not correct"

I've tried booting back into the Recovery Console to recopy some registry files, but now the system doesn't recognize the Administrator password. I've read some articles about how OEM computers that have been imaged using sysprep.exe often have this type of corruption because sysprep.exe changes the security keys so the Admin password is not recognized, even though it is typed in directly.

http://support.microsoft.com/kb/308402

So, now I'm not sure how to proceed. How can I get back into the Recovery Console to recover the registry files?

Thanks,
J
0
brownmetals
Asked:
brownmetals
4 Solutions
 
residentsCommented:
Have you tried doing a repair installation of XP? At this point it may be a good idea, when you first load up with the CD don't press R but press enter to "install Windows" and then you can press R to scan for and repair installations of windows. This will not destroy your files and the only thing you'll want to do if this fixes it is to run windows update after you're done.
0
 
☠ MASQ ☠Commented:
There is a really clear warning on http://support.microsoft.com/kb/307545 not to use this fix on OEM systems.  You've replaced your security settings with the manufacturer's dummy files which appear to have password protected accounts but actually don't.  There is no simple fix for this.

Which OEM is this, which model of PC and what do you have in the way of bootable media for XP?
0
 
msluneckaCommented:
Go download a copy of Ultimate Boot CD:

http://www.ultimatebootcd.com/

Burn it onto a CD and boot to it.  YOu want to go into the Offline NT Password & Registry Recovery tool.

It will boot to a command prompt and ask you to answer a few questions like which partition your OS is on, where the SAM file is stored, etc...for the most part on a standard windows install the defaults are all correct.

Tell it you want to reset the Administrator account to a blank password.  I've never had ANY luck getting this application to do anything but blank out a password...but it claims to be able to set it to any value you want.  Just make the password blank and then change it through windows if it gets you back in.

Mkae sure you commit the changes and save before you reboot, otherwise it doesn't write the file back to your hard drive and you have to start over again.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
brownmetalsAuthor Commented:
Thanks for all the suggestions. This is actually a virtual machine and I completely forgot that I took a snapshot of the VM last week. I was able to recover the XP machine by using the VM tools thus restoring the XP machine to working order. My backup of the VM was 1 week old, so I lost a few minor settings (shortcuts, printer preferences, etc), but nothing that can't be restored easily.

I was trying to avoid a Repair of the OS just out of concern that it would cause more harm than good.

After rereading that KB on recovering the registry, I now see the warning about OEM installs. I did not see that prior or I certainly would have gone a different route.

This is a Dell Optiplex GX620.

The UltimateBoot program sounds like a great utility. I had tried Ophcrack Password Recovery Tool to see if that would work, but it would not recover the OEM corrupted password. If you're able to use UltimateBoot and make that password blank, that sounds like a great way to get past the problem I was previously having.

One of the other things I did right away after restoring the VM was make the registry key change found here:
http://www.theeldergeek.com/recovery_console.htm

Start | Run | Regedit
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
Set the DWORD SecurityLevel value to 1
Exit Registry and Reboot

This prevents Recovery Console from asking for an Admin password which seems would take the OEM considerations out of the equation.

Anyway, I was able to recover my XP machine. Thanks for everyone's input. I certainly appreciate it.

J
0
 
brownmetalsAuthor Commented:
Thank you.
0
 
brownmetalsAuthor Commented:
I was able to find an acceptable solution on my own, but the comments provided here are certainly all worthy of some points as they would have provided assistance had I pursued the original recovery attempt.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Tackle projects and never again get stuck behind a technical roadblock.
Join Now