I have a few windows 7 machines that recently started booting to only a black screen with cursor.
It looks like explorer.exe is not loading if the machine is connected to the network during startup, offline the machine boots fine. I’ve observed the following in event viewer:
Event ID 14 “Name resolution for domain.com timed out after none of the configured DNS servers responded.”
Event ID 27 “Intel(R) 82579LM Gigabit Network Connection Network link disconnected”
Event ID 1129 “The processing of Group Policy failed because of lack of network connectivity to a domain controller.”
Event ID 129 “NtpClient was unable to set a domain peer to use as a time source because of discovery error.”
I noticed on a few machines while docked wireless and wired connections were both active, so I set the wireless connection to manually connect. I also flushed the DNS resolver cache and reset the winsock catalog. Client’s machine still did not load explorer.exe
I checked registry settings under “HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” for any fallacious entries or signs of corruption; everything looked satisfactory. I also checked wininit.exe for any signs of corruption, also not the problem.
I added the following to the registry but it is only producing blank log files. The verbose status didn't tell me anything either.
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon]
The problem also occurs in safemode, however it is a profile specific problem. On one machine when I logged in as another user, afterwards the clients profile began to load but using a temp profile. I doubled checked “HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList” and her “ProfileImagePath” value was correctly set. I did however notice that the last modified date on her profile directory was 4 days prior. I deleted the clients profile from HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList, and then renamed her profile directory to user.old, even after renaming the directory its last modified date remained unchanged.
After checking other clients machines I noticed similar inconsistencies, every machine has incorrect last modified dates. I haven't ever seen this on a NTFS file system.
I've ruled out RpcSs as the culprit: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs is starting under NT AUTHORITY\NetworkService not LocalSystem
Any other ideas would be greatly appreciated.