Solved

Emergency: Windows Server 2003 logon then logoff how do I access the server

Posted on 2012-12-20
37
1,365 Views
Last Modified: 2012-12-21
I'm having the same problem described here:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24681933.html

I have a windows server 2003 machine where when I logon it immediately logs me off.  

The answer is to log into the server and use the remote registry to clear out a certain registry entry.

As I write this  I'm at a clients office and have run into this.  How do I log onto the server from one of the networked computers, since it logs me off as administrator immediately after I log in.  The office opens in less than an hour.  Safe mode and last known good gets the same result.
0
Comment
Question by:alanlsilverman
  • 17
  • 9
  • 5
  • +2
37 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38710760
You try RDP?
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38710766
I suspect its a virus I have seen some really nasty virus' that reside in protected system files and as a result a windows av suite cannot even find them let alone fix/remove them the only way is to use a linux av boot cd they are not quick mind you


see
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38710775
Or do you have another account to login with locally or remotely?
0
 

Author Comment

by:alanlsilverman
ID: 38710789
Not a virus.  I was trying to add a backup drive and I'm pretty sure the drive letters got screwed up in the registry.  I put all the drives back where they were, removing the backup drive but still have the problem.  That experts problem describes my problem to a tee.  How do I get into the server registry?  Is there anything I can do if I boot into the recovery console?
0
 

Author Comment

by:alanlsilverman
ID: 38710800
How do I get into RDP?  I'm on another computer now, but it's trying to access the server's C drive and it keeps on coming up that the network place doesn't exist.
0
 

Author Comment

by:alanlsilverman
ID: 38710807
Is there any chance I could call someone to discuss this?  Windows Server is not my baliwick and this is really an emergency.
0
 
LVL 14

Assisted Solution

by:Ben Hart
Ben Hart earned 150 total points
ID: 38710815
Remote Desktop Connection.. specify the hostname of the machine and credentials with appropriate permissions.. like the local admin or domain admin.  Or even a lesser account.

If the drive letters were messed up bad enough Windows wouldn't be able to load properly.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38710854
RDP can be found in Start/All Programs/Accessories.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38710886
run mstsc
0
 

Author Comment

by:alanlsilverman
ID: 38710891
Tried it.  First time it looked like I got in then knocked me out.
0
 

Author Comment

by:alanlsilverman
ID: 38710900
I'm trying to login using the same user, the adminstrator, that gets knocked out whenever I log in on the server console itself.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38710902
hmm not a virus hmm
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38710908
So are there no other user accounts to try on this box?
0
 

Author Comment

by:alanlsilverman
ID: 38710913
Not that I know of.  I was just brought into this.  
And anyway, wouldn't it logoff those users too.
Is there any way to remove the password?
I know under XP and Vista there are programs that can wipe the password.
Is there any way to do with Windows Server 2003
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 125 total points
ID: 38710927
It doesn't sound like the password is the issue since it logs you on.

Have you tried using computer management from a different computer?

Start/Run/compmgmt.msc

Action/Connect to Another Computer

type in the IP address or host name of the server
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38710939
If the remote Registry service is running you could maybe accomplish it that way too.  If your the one who has to connect to resolve an issue what does logging on any locally logged on users have to do with it?  Unless I'm mistaken this is a server right?
0
 

Author Comment

by:alanlsilverman
ID: 38710973
This describes the problem:
http://support.microsoft.com/kb/249321
And this is part of the solution:
http://support.microsoft.com/kb/814590

I just have to figure out how to do it on this system.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38710984
surely safe mode would work though
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 14

Expert Comment

by:Ben Hart
ID: 38710994
remote Desktop admin mode should be enabled by default.. it allows up to two simultaneous connections.  Do you have physical access to the box?
0
 

Author Comment

by:alanlsilverman
ID: 38711017
Yes.  I just did this:
net use \\remote_machine_name\IPC$ /user:administrator *
But got this message:
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed
0
 

Author Comment

by:alanlsilverman
ID: 38711057
Just read here:
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/f95e5f0b-9805-4583-a648-92c44b85c827

It discusses assigning drive letters using diskpart.  I don't have a windows server 2003 disk.  I do have XP Pro.  I'm wondering if there's any way I can get into the recovery console using that and somehow assign C to the boot drive
0
 
LVL 2

Accepted Solution

by:
rmail earned 150 total points
ID: 38711065
Why not use regedit.exe on an another computer and use the file->connect network registry ? Then, point it at the server that isn't keeping your session logged on and edit the registry remotely.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38711089
ubadmin's post 38710939 seems to agree with the resolution in your first link.  

The only reason to perform the net use command is if the server is not in a domain.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38711110
Win2k3 doesn't have diskpart does it?  I've never ran it unless thru a Win2k8/7 boot disk.
0
 

Author Comment

by:alanlsilverman
ID: 38711116
rmail, can you give me specific commands that will allow me to use remote registery on the computer I am on right now?
Do I do it from a command prompt?
How do I do "file->connect network registry ? "
Thanks,
Al
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 125 total points
ID: 38711137
XP instructions:

1. Click Start
2. Click Run
3. Type "regedit" (without the quotes) and press enter
4. Click on File
5. Click on Connect Network Registry
6. Type in the name of the server and press enter
***  Next step very important to preven making changes to the local registry ***
7. Scroll down to the registry for the server and find the keys you need to alter
8. Make the alterations.
9. Close Regedit
0
 
LVL 30

Assisted Solution

by:IanTh
IanTh earned 75 total points
ID: 38711148
dont need xp setup use gparted

http://gparted.sourceforge.net/livecd.php
0
 

Author Comment

by:alanlsilverman
ID: 38711153
found out how to do it.  command prompt: regedit.  Then I went to file under regedit and clicked on "connect network registry".  
But then when I try to login as administrator, I get a message: "The object with the following name cannot be found"
Wait, I think I'm in.  Not sure yet.
0
 

Author Comment

by:alanlsilverman
ID: 38711160
Yep.  I'm in.  Now I just have to find the right keys.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38711161
What about prepending the hostname with the domain?  i.e. domain\hostname or even try the IP.
0
 
LVL 14

Expert Comment

by:Ben Hart
ID: 38711169
Good deal.
0
 

Author Comment

by:alanlsilverman
ID: 38711326
OK, so I changed the drive letter and now I can access that C drive through the network.  But I still can't logon.  I changed the
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon?\usinit
Settings.  But I don't think I got it right.
I just used this:
Userinit = x:\windows\system32\userinit.exe
Same result.  Couldn't login.  Any ideas?
0
 

Author Comment

by:alanlsilverman
ID: 38711360
I'm wondering if it should be x:\winnit\system32 instead of x:\windows
0
 

Author Comment

by:alanlsilverman
ID: 38711372
wrong drive.  it thought the c: drive was the CD drive. Not sure which is the real c drive.
0
 

Author Comment

by:alanlsilverman
ID: 38711696
Finally got it.
I had tried to make C: the boot device per http://support.microsoft.com/kb/223188
But that was insane.  Finally I found a forum where someone said to just delete all the \DosDevices\ in the registry and let windows reassign them.  That did it.  The boot drive was finally C: again. But then I ran back into the userinit problem in the registry.
My registry entry looked like this:  Userinit = x:\windows\system32\userinit.exe
I just changed it to Userinit = C:\windows\system32\userinit.exe  and I was able to logon.

I just tried to set up a backup drive in an old server (that I hadn't set up in the first place) and suddenly I was in for six hours of fun. If anyone knows how to swear off trying to fix ancient systems please let me know. There must be a support group for that.  

Thanks to all.
Al
0
 

Author Closing Comment

by:alanlsilverman
ID: 38711710
Thanks again.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 38713325
" If anyone knows how to swear off trying to fix ancient systems please let me know. There must be a support group for that."  

 ROFL

If you find one please let the rest of us know.  

Glad you got it working.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now