Link to home
Start Free TrialLog in
Avatar of mkavinsky

asked on

fixing ntoskrnl.exe on Windows server 2012 r2


have a W2012 r2 physical server that is not booting and has the kernel error: oxc0000185

so I went through the steps to replace the kernel with an ISO of W2012 r2 on a usb drive.

located an ntoskrnl (but no file path listed) because I was going to use a previous version of it.  

so I still did a rename of it to ntoskrnl *.org

but now I cant replace it with a previous one because I saw no windows\winsxs\...path

May be silly but can I just copy a ntoskrnl.exe file from another server? or from the W2012 ISO disk?  or willl that not work

and if not, what are my options to get his server back up and running in production?
thank you

Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Adding to David's suggestion, check the health of the drives, much depends on the configuration.

Possibly an update did not go well.
Avatar of mkavinsky


Thank you for your suggestions.   I did rename the ntoskrnl.exe back successfully rebooted and no nice

I then did the 3 steps you mentioned and rebuild the bcd and rebooted.....

not working again.

now the screen is: \windows\system32\config\system
Status: 0xc0000185

Operating system couldnt be loaded because the system registry file is missing or contains...

so im going to check to see what options I have here.  If you have more ideas please let me know

thank you kindly
it is still startup bcd corruption.
boot from recovery media. try the fix startup
ok, currently running a chkdsk c: /r to fix any corruptions

Was thinking if I should do a registry restore?  

copy c:\windows\system32\config\system c:\windows\tmp\system.bak 
copy c:\windows\system32\config\software c:\windows\tmp\software.bak 
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak 
copy c:\windows\system32\config\security c:\windows\tmp\security.bak 
copy c:\windows\system32\config\default c:\windows\tmp\default.bak

Open in new window

or just try to rebuild the bcd again?

unless you meant something else by "fix startup"?

thank you
I tried to rebuild the BCD again and upon reboot it almost worked..... but then went back to the same error.  So attempting the restore registry (back up the sam, security, system, default and software entries in c;\windows\system32\) and then deleted them

I am now trying to run the command:   copy c:\windows\repair\system c:\windows\system32\system
and it says cannot find the path specified

I do not have a C:\windows\repair directory?  unless its asking for the boot media directory on X:?

Or do I need to restore these files from the .bak extension? and how do I do that?

I really need to get this production server up and running so if you can assist I would be extremely grateful

thank you 
The error you last posted, system, points to a possible registry corruption.

space, could an update to the system interruption caused the issue?

What does the system do, backups? Have been previously test restore?


If registry, commonly you would copy registry system from the OS install media
no, what I am saying is i copied the system file into a tmp directory, i followed the instructions to copy from c:\Windows\repair but I have no \repair folder?

not sure what to do now?
I moved all the 5 files (sam, security, system, softwware, database) in that temp folder and they are now called sam.bak, system.bak,etc...

how can I just put those back and rename?

The system in there CRM financial system.

What do you mean copy the registry system from the OS media?  Im sorry, ive been at this for hours and am no further

thank you, I do appreciate your time here
You copied, it is hard to know where they are,
Based on your own comment, you comment was referencing where the files were

Using any system designated locations temporary is never advisable since the possibility exists that temp space could be cleared by system.

Do you have a backup of the system from which you can restore these files?
At this stage copying from the boot media the basic registry, you should not be messing with the Sam account info.

The system is domain joined?
I was only following an article here if it helps what I have done

yes, system is domain joined.

I was just following the steps on this article (seen the same in others that had success)

I have a backup (about 3 weeks old - Windows Full backup) but if I restore it then their data goes back to 3 weeks.  I dont think I can select to just restore the OS or C: partition?
You can restore the individual system registry file to another location and copy it across.

Much depends on your backup setup.
A full backup every month, and then differential or incremental on a schedule?

Current issue is the registry, within the past three weeks it is unlikely you made significant changes on the registry items.
You may want to restore the files from c:\windows\system32\config\ of the backup to another location that you can then copy and bring across.
Possibly an update root cert update, or another could have been interrupted leading the corruption of the registry, on reboot the update rollback could have corrupted the boot which you might have resolved with David's Suggestions.
thank you.  I was just performing a daily full (bare metal backup) to an external hard drive using the windows backup.

so then restore the C:\windows\system32\config to another location and copy back to the original?  and not restore right to it directly?

there have really been no changes to the server in the last 3 weeks (except data)
Yes, restoring these files to another location should be an available option.

you can while in recovery, copy the current data off just in case. Though it depends what that data consists off.
i.e. an SQL setup, you likely have daily SQL backups of the DB, pulling those off might be wise.

Do you have a virtual Environment in addition to the physical server, mix/hybrid?

Though the three week gap , could run into the trust if the SAM is not available. you may run into some difficulty.
deals with the common forgot/lost administrator password and ease of access tools.

but at this stage, deal with getting the system booted from its own HDD.
I got it solved.  It ended up copying the Sam, Security, Default, System files from the Regbackup folder in the system32\config folder.  That helped get the server up then found the root problem was an update from MS that corrupted and caused the issues.  Was able to roll back and the server is running for now (fingers crossed).

thank you again for your help.  you led me in the right direction!