Cannot Log On after a Hive Corruption

  • Thread starter Thread starter Barry
  • Start date Start date
B

Barry

The story so far...

1. Had W2K SP4 installed and Ghosted a drive using Norton Ghost.
2. Experienced 2 working disks with W2K on - could boot into either OK; NEW
or OLD.
3. Had a Hive Corruption occur on the NEW disk - "Error Message: Windows
Could Not Start Because the Following File is Missing or Corrupt"
\Winnt\System32\Config\Systemced - As in
http://support.microsoft.com/kb/269075
4. Followed the fix procedure, except copied the \system32\config\system
from the OLD disk. - Both disks were configured as "C:" when operating
separately.
5. Rebooted on NEW disk - All OK once.
6. Subsequent reboots, now attempt to Login as Adminstrator get: "Your
system has no paging file, or the paging file is too small."
7. When any user logs in there is a black screen, delay and then the user
logs out again back to the welcome screen - ie. I cannot get in as any user.
8. On Recovery Console can log in as Administrator but there is no
PAGEFILE.SYS present.

Theories:
a. Cannot see any way to create a valid PAGEFILE.SYS. On rebooting off the
OLD drive, the PAGFILE.SYS disappeared there too with exactly the same
problem. Coincidence?
b. As Administrator in Recovery Console can create a PAGEFILE.SYS from copy
of BOOT.INI as in http://support.microsoft.com/kb/255205
c. Drive letters could be involved - D: NEW, C: OLD?
d. If there is no PAGEFILE.SYS present, surely the system has enough
information to create one, so has the Administrator lost rights to create
one?
e. Cannot run any utilities to see what the registry says about pagefile
size.

Any help here appreciated.
Barry.
 
The story so far...

1. Had W2K SP4 installed and Ghosted a drive using Norton Ghost.
2. Experienced 2 working disks with W2K on - could boot into either OK; NEW
or OLD.
Click to expand...

Independently, with the other disk drive disconnected, or with both
drives connected?
3. Had a Hive Corruption occur on the NEW disk - "Error Message: Windows
Could Not Start Because the Following File is Missing or Corrupt"
\Winnt\System32\Config\Systemced - As in
http://support.microsoft.com/kb/269075
4. Followed the fix procedure, except copied the \system32\config\system
from the OLD disk. - Both disks were configured as "C:" when operating
separately.
5. Rebooted on NEW disk - All OK once.
6. Subsequent reboots, now attempt to Login as Adminstrator get: "Your
system has no paging file, or the paging file is too small."
7. When any user logs in there is a black screen, delay and then the user
logs out again back to the welcome screen - ie. I cannot get in as any user.
Click to expand...

Fundamental principles regarding disk drives and Windows:

1. Each disk must have a unique disk signature in its MBR.
a. If two disk drives have identical disk signatures, which can
happen with cloning, Windows will change one of the disk signatures
when it boot up.

2. Windows identifies disk partitions using the entries in its
registry under HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices.
a. Each disk partition entry in MountedDevices includes a disk
signature.

3. Zeroing the disk signature in the MBR will cause Windows to create
a new disk signature in the MBR, and also fix the partition entries in
MountedDevices to match the new disk signature. One way to zero the
disk signature is to use the DOS command fdisk /mbr.


To properly clone disks, you have to ensure that the disk signature in
the MBR matches the copy(ies) of the disk signature in the registry
under HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices for the partition(s) on
the disk. Otherwise, Windows will reference a disk partition that is
on a disk that may no longer connected or that is on a different
physical disk.
8. On Recovery Console can log in as Administrator but there is no
PAGEFILE.SYS present.

Theories:
a. Cannot see any way to create a valid PAGEFILE.SYS. On rebooting off the
OLD drive, the PAGFILE.SYS disappeared there too with exactly the same
problem. Coincidence?
Click to expand...
b. As Administrator in Recovery Console can create a PAGEFILE.SYS from copy
of BOOT.INI as in http://support.microsoft.com/kb/255205
Click to expand...
This procedure just allows deleting pagefile.sys.
c. Drive letters could be involved - D: NEW, C: OLD?
Click to expand...
Symptom, not cause.
d. If there is no PAGEFILE.SYS present, surely the system has enough
information to create one, so has the Administrator lost rights to create
one?
Click to expand...
No. Windows is trying to create pagefile.sys on a partition that, as
far as it knows, does not exist.
 
Hi,

Thanks for response.

Swapping drive letter didn't work. However, could get on over network to
change it remotely.

Barry.

Dave Patrick said:
This article should sort it.

http://support.microsoft.com/kb/249321



--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

Barry said:
The story so far...

1. Had W2K SP4 installed and Ghosted a drive using Norton Ghost.
2. Experienced 2 working disks with W2K on - could boot into either OK;
NEW or OLD.
3. Had a Hive Corruption occur on the NEW disk - "Error Message: Windows
Could Not Start Because the Following File is Missing or Corrupt"
\Winnt\System32\Config\Systemced - As in
http://support.microsoft.com/kb/269075
4. Followed the fix procedure, except copied the \system32\config\system
from the OLD disk. - Both disks were configured as "C:" when operating
separately.
5. Rebooted on NEW disk - All OK once.
6. Subsequent reboots, now attempt to Login as Adminstrator get: "Your
system has no paging file, or the paging file is too small."
7. When any user logs in there is a black screen, delay and then the user
logs out again back to the welcome screen - ie. I cannot get in as any
user.
8. On Recovery Console can log in as Administrator but there is no
PAGEFILE.SYS present.

Theories:
a. Cannot see any way to create a valid PAGEFILE.SYS. On rebooting off
the OLD drive, the PAGFILE.SYS disappeared there too with exactly the
same problem. Coincidence?
b. As Administrator in Recovery Console can create a PAGEFILE.SYS from
copy of BOOT.INI as in http://support.microsoft.com/kb/255205
c. Drive letters could be involved - D: NEW, C: OLD?
d. If there is no PAGEFILE.SYS present, surely the system has enough
information to create one, so has the Administrator lost rights to create
one?
e. Cannot run any utilities to see what the registry says about pagefile
size.

Any help here appreciated.
Barry.
Click to expand...
Click to expand...
 
Thanks for response.

Replies in line...


----- Original Message -----
From: "Andy" <[email protected]>
Newsgroups: microsoft.public.win2000.setup
Sent: Saturday, March 29, 2008 10:41 AM
Subject: Re: Cannot Log On after a Hive Corruption

Independently, with the other disk drive disconnected, or with both
drives connected?
Click to expand...

With both drives connected, but selecting one only at a time using BIOS.
Fundamental principles regarding disk drives and Windows:

1. Each disk must have a unique disk signature in its MBR.
a. If two disk drives have identical disk signatures, which can
happen with cloning, Windows will change one of the disk signatures
when it boot up.

2. Windows identifies disk partitions using the entries in its
registry under HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices.
a. Each disk partition entry in MountedDevices includes a disk
signature.

3. Zeroing the disk signature in the MBR will cause Windows to create
a new disk signature in the MBR, and also fix the partition entries in
MountedDevices to match the new disk signature. One way to zero the
disk signature is to use the DOS command fdisk /mbr.


To properly clone disks, you have to ensure that the disk signature in
the MBR matches the copy(ies) of the disk signature in the registry
under HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices for the partition(s) on
the disk. Otherwise, Windows will reference a disk partition that is
on a disk that may no longer connected or that is on a different
physical disk.
Click to expand...

OK. But as per suggestion from Dave Patrick in this thread, have gone in
remotely and swapped D: and C: signatures which didn't fix it.
I guess the obvious question is, how do I ensure the registry correctly
points to the drive I want?

Will FDISK /MBR do this?
 
Thanks for response.

Replies in line...


----- Original Message -----
From: "Andy" <[email protected]>
Newsgroups: microsoft.public.win2000.setup
Sent: Saturday, March 29, 2008 10:41 AM
Subject: Re: Cannot Log On after a Hive Corruption



With both drives connected, but selecting one only at a time using BIOS.
Click to expand...

This can give you a false sense of security. If you do this you should
run Disk Management and check the status (system, boot, and page file)
of the partitions to see if the cloned Windows is using only the
partitions on the clone disk.
OK. But as per suggestion from Dave Patrick in this thread, have gone in
remotely and swapped D: and C: signatures which didn't fix it.
I guess the obvious question is, how do I ensure the registry correctly
points to the drive I want?

Will FDISK /MBR do this?
Click to expand...

Yes, this is the quick fix.
 
Thanks again for your response.

Have moved forward a little. Replies inline...

Andy said:
This can give you a false sense of security. If you do this you should
run Disk Management and check the status (system, boot, and page file)
of the partitions to see if the cloned Windows is using only the
partitions on the clone disk.
Click to expand...

Can Windows see a disk when it is not selected in the BIOS?
What is "Disk Management" and where do I find it?
Yes, this is the quick fix.
Click to expand...

On W2K this seems to be FIXMBR. Sadly, this made no difference.

Since then I have restored a recent SYSTEM file from backup and can at least
get on now as Administrator but things are not well.

The main obvious problem is there appears to be no DNS lookup available; I
can ping Google OK by its IP address but not get there by name.
Anything in the HOSTS file that is out on the internet also pings OK.
NSLOOKUP gives ***Default servers are not available.
Currenty operating on DHCP but have tried specifying fixed IP with DNS
Servers; this gives the same answer.

Tried NETDIAG and this yields...

Adapter : LAN1
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : charlie
IP Address . . . . . . . . : 192.168.0.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.1
IpConfig results . . . . . : Failed
Pinging DHCP server - not reachable
WARNING: DHCP server may be down.
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Now here is the challenge...

1. I can ping the gateway on 192.168.0.1 and it is there as other PCs can
see it and are working through it.
2. With the offending PC set to DHCP, my router will provice a Static DHCP
address (ie. based on the MAC address) of 192.168.0.2
 
Thanks again for your response.

Have moved forward a little. Replies inline...



Can Windows see a disk when it is not selected in the BIOS?
What is "Disk Management" and where do I find it?
Click to expand...

Right click on My Computer and select Manage.
On W2K this seems to be FIXMBR. Sadly, this made no difference.
Click to expand...

The fdisk /mbr command works only with the DOS (Windows 98 or older)
command. There are Windows tools that have the ability to modify the
disk signature, such as MBRtool 2.3
<http://www.diydatarecovery.nl/mbrtool.htm> or MBRFix
Since then I have restored a recent SYSTEM file from backup and can at least
get on now as Administrator but things are not well.

The main obvious problem is there appears to be no DNS lookup available; I
can ping Google OK by its IP address but not get there by name.
Anything in the HOSTS file that is out on the internet also pings OK.
NSLOOKUP gives ***Default servers are not available.
Currenty operating on DHCP but have tried specifying fixed IP with DNS
Servers; this gives the same answer.

Tried NETDIAG and this yields...

Adapter : LAN1
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : charlie
IP Address . . . . . . . . : 192.168.0.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.1
IpConfig results . . . . . : Failed
Pinging DHCP server - not reachable
WARNING: DHCP server may be down.
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Now here is the challenge...

1. I can ping the gateway on 192.168.0.1 and it is there as other PCs can
see it and are working through it.
2. With the offending PC set to DHCP, my router will provice a Static DHCP
address (ie. based on the MAC address) of 192.168.0.2
Click to expand...
 
Back
Top