Solved

Windows XP Recovery Console & Registry Repair

Posted on 2011-02-18
6
929 Views
Last Modified: 2012-05-11
Hi there.
I have a Windows XP machine that booted up to a STOP error:

STOP: c0000218 {Registry File Failure}
the registry cannot load th ehive (file):
\SystemRoot\System32\Config\SOFTWARE

I followed the instructions in this Microsoft KB article (http://support.microsoft.com/kb/307545) that provides instructions on how to recover from a corrupted registry. After completing these instructions, the system boots back up and throws this error:

lsass.exe - System Error
"When trying to update a password,
this return status indicates that the value provided as the current password
is not correct"

I've tried booting back into the Recovery Console to recopy some registry files, but now the system doesn't recognize the Administrator password. I've read some articles about how OEM computers that have been imaged using sysprep.exe often have this type of corruption because sysprep.exe changes the security keys so the Admin password is not recognized, even though it is typed in directly.

http://support.microsoft.com/kb/308402

So, now I'm not sure how to proceed. How can I get back into the Recovery Console to recover the registry files?

Thanks,
J
0
Comment
Question by:brownmetals
6 Comments
 
LVL 3

Assisted Solution

by:residents
residents earned 200 total points
Comment Utility
Have you tried doing a repair installation of XP? At this point it may be a good idea, when you first load up with the CD don't press R but press enter to "install Windows" and then you can press R to scan for and repair installations of windows. This will not destroy your files and the only thing you'll want to do if this fixes it is to run windows update after you're done.
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 100 total points
Comment Utility
There is a really clear warning on http://support.microsoft.com/kb/307545 not to use this fix on OEM systems.  You've replaced your security settings with the manufacturer's dummy files which appear to have password protected accounts but actually don't.  There is no simple fix for this.

Which OEM is this, which model of PC and what do you have in the way of bootable media for XP?
0
 
LVL 6

Assisted Solution

by:mslunecka
mslunecka earned 200 total points
Comment Utility
Go download a copy of Ultimate Boot CD:

http://www.ultimatebootcd.com/

Burn it onto a CD and boot to it.  YOu want to go into the Offline NT Password & Registry Recovery tool.

It will boot to a command prompt and ask you to answer a few questions like which partition your OS is on, where the SAM file is stored, etc...for the most part on a standard windows install the defaults are all correct.

Tell it you want to reset the Administrator account to a blank password.  I've never had ANY luck getting this application to do anything but blank out a password...but it claims to be able to set it to any value you want.  Just make the password blank and then change it through windows if it gets you back in.

Mkae sure you commit the changes and save before you reboot, otherwise it doesn't write the file back to your hard drive and you have to start over again.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 4

Accepted Solution

by:
brownmetals earned 0 total points
Comment Utility
Thanks for all the suggestions. This is actually a virtual machine and I completely forgot that I took a snapshot of the VM last week. I was able to recover the XP machine by using the VM tools thus restoring the XP machine to working order. My backup of the VM was 1 week old, so I lost a few minor settings (shortcuts, printer preferences, etc), but nothing that can't be restored easily.

I was trying to avoid a Repair of the OS just out of concern that it would cause more harm than good.

After rereading that KB on recovering the registry, I now see the warning about OEM installs. I did not see that prior or I certainly would have gone a different route.

This is a Dell Optiplex GX620.

The UltimateBoot program sounds like a great utility. I had tried Ophcrack Password Recovery Tool to see if that would work, but it would not recover the OEM corrupted password. If you're able to use UltimateBoot and make that password blank, that sounds like a great way to get past the problem I was previously having.

One of the other things I did right away after restoring the VM was make the registry key change found here:
http://www.theeldergeek.com/recovery_console.htm

Start | Run | Regedit
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
Set the DWORD SecurityLevel value to 1
Exit Registry and Reboot

This prevents Recovery Console from asking for an Admin password which seems would take the OEM considerations out of the equation.

Anyway, I was able to recover my XP machine. Thanks for everyone's input. I certainly appreciate it.

J
0
 
LVL 4

Author Comment

by:brownmetals
Comment Utility
Thank you.
0
 
LVL 4

Author Closing Comment

by:brownmetals
Comment Utility
I was able to find an acceptable solution on my own, but the comments provided here are certainly all worthy of some points as they would have provided assistance had I pursued the original recovery attempt.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Backing up data is essential for any office small or large. Most think that a simple USB drive will suffice. Even the USB drives themselves display words like backup.   Most novices will ask themselves the question “Will this work for my business…
Throughout my career I’ve read many articles and performed due diligence on recovering VM’s that broke on the XenServer platform. From my experience and perspective it seems to be an ample amount of confusion as to a good base method to start with. …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now