Corrupted NTuser.dat hive

[Guest]

Currently I can't get into my Windows 2003 server at all.
When I boot it up, I get the message: C:\Documents and
Settings\Administrator\NTuser.dat is corrupted.

And it kept stuck at the "Applying Settings" screen.

Please let me know steps-by-steps how to fix this problem.

I cant find the Windows2003 Registry discussion group so Windows 2000
Registry group is the closest group that I am asking for help here. Thanks.

Thanks so much in advance,
Kinsley
Email: (e-mail address removed)

 

[Mark V]

In microsoft.public.win2000.registry =?Utf-8?B?S2luc2xleQ==?=
wrote:

Currently I can't get into my Windows 2003 server at all.
When I boot it up, I get the message: C:\Documents and
Settings\Administrator\NTuser.dat is corrupted.

And it kept stuck at the "Applying Settings" screen.

Please let me know steps-by-steps how to fix this problem.

I cant find the Windows2003 Registry discussion group so Windows
2000 Registry group is the closest group that I am asking for
help here. Thanks.

This group generally covers NT 5.x OSs.

And if you log in with an alternate Administrator's group account?
Restore the "Administrator" profile from backup (include ACLs) using
an alternate admin. account.

 

[Dave Patrick]

As Mark suggests logon with your alternate account and follow these
instructions to replace the damaged profile.

User Profile May Become Corrupted After You Perform a Clean Windows 2000
Installation
http://support.microsoft.com/?id=296834


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Currently I can't get into my Windows 2003 server at all.
| When I boot it up, I get the message: C:\Documents and
| Settings\Administrator\NTuser.dat is corrupted.
|
| And it kept stuck at the "Applying Settings" screen.
|
| Please let me know steps-by-steps how to fix this problem.
|
| I cant find the Windows2003 Registry discussion group so Windows 2000
| Registry group is the closest group that I am asking for help here.
Thanks.
|
| Thanks so much in advance,
| Kinsley
| Email: (e-mail address removed)

 

[Guest]

Hi Dave and Mark:
Thank You so much for your suggestion.
I tried to log on with another username that has admin level and it still
has the same "Apply Settings" screen and the computer just hang at that
screen forever.

What else should I try?
Kinsley.

 

[Dave Patrick]

Can you terminal service in or remote management? Something else must have
changed or happened. Check Event Viewer for errors.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave and Mark:
| Thank You so much for your suggestion.
| I tried to log on with another username that has admin level and it still
| has the same "Apply Settings" screen and the computer just hang at that
| screen forever.
|
| What else should I try?
| Kinsley.

 

[Guest]

Hi Dave,
I can remote management in but again it got the same error: I logged in
through remote desktop and it would open to the next screen "Apply Settings"
and it would just sit there.

After a long long time: like 2 hours then I maybe able to get in but can't
do anything.
I tried to run cmd and install the User Profile Hive Clean up but it would
not run.

Please help to send me more instructions.

Last night I tried to reboot with a windows2003 cd and got into repair but
can't do anything because it only let me work within c:\. I can't have any
access to c:\program files, etc. because after logged in the repair mode.

 

[Dave Patrick]

If you can connect remotely then try deleting the corrupt profile and then
logon.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| I can remote management in but again it got the same error: I logged in
| through remote desktop and it would open to the next screen "Apply
Settings"
| and it would just sit there.
|
| After a long long time: like 2 hours then I maybe able to get in but can't
| do anything.
| I tried to run cmd and install the User Profile Hive Clean up but it would
| not run.
|
| Please help to send me more instructions.
|
| Last night I tried to reboot with a windows2003 cd and got into repair but
| can't do anything because it only let me work within c:\. I can't have
any
| access to c:\program files, etc. because after logged in the repair mode.

 

[Guest]

Hi Dave,
I logged in my personal account which is also has Administrative rights. I
make sure in Task Manager that Administrator account is disconnected and
logoff.
I try to dele "C:\Documents and Settings\Administrator\Ntuser.dat"
It gave "Can Not delet NTUser: It is being used by another person..."

I noticed that everytime I cold reboot the server, it also give me the
warning" AW_host.sys has been disabled" . I also saw this in the event
viewer ID 119.

thanks so much Dave,
Kinsley.

 

[Dave Patrick]

I think AW_host sounds like pcanywhere.

We need to see the complete event viewer message in order to help with that.
When you view the logged events in Event Viewer (double-click them in the
right-hand pane) in the upper right corner, third button down is a copy to
clipboard, then you can paste in the body of a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.

Also check Device Manager for error codes and or non-starting devices.

You can use this tool to see what process holds the lock.

http://www.sysinternals.com/Utilities/Handle.html

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| I logged in my personal account which is also has Administrative rights.
I
| make sure in Task Manager that Administrator account is disconnected and
| logoff.
| I try to dele "C:\Documents and Settings\Administrator\Ntuser.dat"
| It gave "Can Not delet NTUser: It is being used by another person..."
|
| I noticed that everytime I cold reboot the server, it also give me the
| warning" AW_host.sys has been disabled" . I also saw this in the event
| viewer ID 119.
|
| thanks so much Dave,
| Kinsley.

 

[Guest]

Hi Dave,
Yes AW_host belongs to PCAnywhere.
Here is the logged event:
8/25/2005 12:12:23 PM Application
Hang Error (101) 1002 N/A HSERVER5 Hanging application rundll32.exe,
version 5.2.3790.0, hang module hungapp, version 0.0.0.0, hang address
0x00000000.
8/24/2005 10:07:26 PM pcAnywhere Error Host
Session 119 N/A HSERVER5 AWHOST.SYS has been disabled.
8/24/2005 10:07:22 PM ESENT Information Logging/Recovery
302 N/A HSERVER5 ntfrs (1384) The database engine has successfully
completed recovery steps.
8/24/2005 10:07:21 PM ESENT Information Logging/Recovery
301 N/A HSERVER5 ntfrs (1384) The database engine has begun replaying
logfile c:\winnt\ntfrs\jet\log\edb.log.
8/24/2005 10:07:20 PM ESENT Information Logging/Recovery
300 N/A HSERVER5 ntfrs (1384) The database engine is initiating
recovery steps.
8/24/2005 10:07:19 PM ESENT Information General
100 N/A HSERVER5 ntfrs (1384) The database engine 5.02.3790.0000
started.
8/24/2005 10:07:19
PM MvWebServer Information None 9 N/A HSERVER5 MvWebServer Service
started.
8/24/2005 10:07:17 PM ESENT Information Logging/Recovery
302 N/A HSERVER5 wins (2168) The database engine has successfully
completed recovery steps.
8/24/2005 10:07:14 PM ESENT Information Logging/Recovery
301 N/A HSERVER5 wins (2168) The database engine has begun replaying
logfile C:\WINNT\system32\wins\j50.log.
8/24/2005 10:07:12 PM ESENT Information Logging/Recovery
300 N/A HSERVER5 wins (2168) The database engine is initiating
recovery steps.
8/24/2005 10:07:12 PM ESENT Information General 100 N/A HSERVER5 wins
(2168) The database engine 5.02.3790.0000 started.
8/24/2005 10:07:06
PM MvServer Information None 9 N/A HSERVER5 MvServer Service started.
8/24/2005 10:07:01 PM Diskeeper Information None 2 N/A HSERVER5 The
Diskeeper Control Center has been started. Diskeeper service started
8/24/2005 10:05:50 PM ccEvtMgr Information None 1 NT
AUTHORITY\SYSTEM HSERVER5 Application started
8/24/2005 10:05:50 PM ccEvtMgr Information None 26 NT
AUTHORITY\SYSTEM HSERVER5 Application starting
8/24/2005 10:05:50 PM ccSetMgr Information None 1 NT
AUTHORITY\SYSTEM HSERVER5 Application started
8/24/2005 10:05:50 PM ccSetMgr Information None 26 NT
AUTHORITY\SYSTEM HSERVER5 Application starting
8/24/2005 10:05:43 PM ESENT Information General 100 N/A HSERVER5
==============

I think AW_host sounds like pcanywhere.

We need to see the complete event viewer message in order to help with that.
When you view the logged events in Event Viewer (double-click them in the
right-hand pane) in the upper right corner, third button down is a copy to
clipboard, then you can paste in the body of a reply message.

Please do so for each of the different System Log events (that are a Type:
'Error' or 'Warning') since last boot so we can see all of the event detail.

Also check Device Manager for error codes and or non-starting devices.

You can use this tool to see what process holds the lock.

http://www.sysinternals.com/Utilities/Handle.html

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| I logged in my personal account which is also has Administrative rights.
I
| make sure in Task Manager that Administrator account is disconnected and
| logoff.
| I try to dele "C:\Documents and Settings\Administrator\Ntuser.dat"
| It gave "Can Not delet NTUser: It is being used by another person..."
|
| I noticed that everytime I cold reboot the server, it also give me the
| warning" AW_host.sys has been disabled" . I also saw this in the event
| viewer ID 119.
|
| thanks so much Dave,
| Kinsley.

 

[Dave Patrick]

Looks like your WINS database is probably corrupt. Nothing else of much
importance.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| Yes AW_host belongs to PCAnywhere.
| Here is the logged event:
| 8/25/2005 12:12:23 PM Application
| Hang Error (101) 1002 N/A HSERVER5 Hanging application rundll32.exe,
| version 5.2.3790.0, hang module hungapp, version 0.0.0.0, hang address
| 0x00000000.
| 8/24/2005 10:07:26 PM pcAnywhere Error Host
| Session 119 N/A HSERVER5 AWHOST.SYS has been disabled.
| 8/24/2005 10:07:22 PM ESENT Information Logging/Recovery
| 302 N/A HSERVER5 ntfrs (1384) The database engine has successfully
| completed recovery steps.
| 8/24/2005 10:07:21 PM ESENT Information Logging/Recovery
| 301 N/A HSERVER5 ntfrs (1384) The database engine has begun replaying
| logfile c:\winnt\ntfrs\jet\log\edb.log.
| 8/24/2005 10:07:20 PM ESENT Information Logging/Recovery
| 300 N/A HSERVER5 ntfrs (1384) The database engine is initiating
| recovery steps.
| 8/24/2005 10:07:19 PM ESENT Information General
| 100 N/A HSERVER5 ntfrs (1384) The database engine 5.02.3790.0000
| started.
| 8/24/2005 10:07:19
| PM MvWebServer Information None 9 N/A HSERVER5 MvWebServer Service
| started.
| 8/24/2005 10:07:17 PM ESENT Information Logging/Recovery
| 302 N/A HSERVER5 wins (2168) The database engine has successfully
| completed recovery steps.
| 8/24/2005 10:07:14 PM ESENT Information Logging/Recovery
| 301 N/A HSERVER5 wins (2168) The database engine has begun replaying
| logfile C:\WINNT\system32\wins\j50.log.
| 8/24/2005 10:07:12 PM ESENT Information Logging/Recovery
| 300 N/A HSERVER5 wins (2168) The database engine is initiating
| recovery steps.
| 8/24/2005 10:07:12 PM ESENT Information General 100 N/A HSERVER5 wins
| (2168) The database engine 5.02.3790.0000 started.
| 8/24/2005 10:07:06
| PM MvServer Information None 9 N/A HSERVER5 MvServer Service started.
| 8/24/2005 10:07:01 PM Diskeeper Information None 2 N/A HSERVER5 The
| Diskeeper Control Center has been started. Diskeeper service started
| 8/24/2005 10:05:50 PM ccEvtMgr Information None 1 NT
| AUTHORITY\SYSTEM HSERVER5 Application started
| 8/24/2005 10:05:50 PM ccEvtMgr Information None 26 NT
| AUTHORITY\SYSTEM HSERVER5 Application starting
| 8/24/2005 10:05:50 PM ccSetMgr Information None 1 NT
| AUTHORITY\SYSTEM HSERVER5 Application started
| 8/24/2005 10:05:50 PM ccSetMgr Information None 26 NT
| AUTHORITY\SYSTEM HSERVER5 Application starting
| 8/24/2005 10:05:43 PM ESENT Information General 100 N/A HSERVER5
| ==============

 

[Guest]

Hi Dave,
how do I fix my WINS database? Thanks Dave,
Kinsley.

Looks like your WINS database is probably corrupt. Nothing else of much
importance.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| Yes AW_host belongs to PCAnywhere.
| Here is the logged event:
| 8/25/2005 12:12:23 PM Application
| Hang Error (101) 1002 N/A HSERVER5 Hanging application rundll32.exe,
| version 5.2.3790.0, hang module hungapp, version 0.0.0.0, hang address
| 0x00000000.
| 8/24/2005 10:07:26 PM pcAnywhere Error Host
| Session 119 N/A HSERVER5 AWHOST.SYS has been disabled.
| 8/24/2005 10:07:22 PM ESENT Information Logging/Recovery
| 302 N/A HSERVER5 ntfrs (1384) The database engine has successfully
| completed recovery steps.
| 8/24/2005 10:07:21 PM ESENT Information Logging/Recovery
| 301 N/A HSERVER5 ntfrs (1384) The database engine has begun replaying
| logfile c:\winnt\ntfrs\jet\log\edb.log.
| 8/24/2005 10:07:20 PM ESENT Information Logging/Recovery
| 300 N/A HSERVER5 ntfrs (1384) The database engine is initiating
| recovery steps.
| 8/24/2005 10:07:19 PM ESENT Information General
| 100 N/A HSERVER5 ntfrs (1384) The database engine 5.02.3790.0000
| started.
| 8/24/2005 10:07:19
| PM MvWebServer Information None 9 N/A HSERVER5 MvWebServer Service
| started.
| 8/24/2005 10:07:17 PM ESENT Information Logging/Recovery
| 302 N/A HSERVER5 wins (2168) The database engine has successfully
| completed recovery steps.
| 8/24/2005 10:07:14 PM ESENT Information Logging/Recovery
| 301 N/A HSERVER5 wins (2168) The database engine has begun replaying
| logfile C:\WINNT\system32\wins\j50.log.
| 8/24/2005 10:07:12 PM ESENT Information Logging/Recovery
| 300 N/A HSERVER5 wins (2168) The database engine is initiating
| recovery steps.
| 8/24/2005 10:07:12 PM ESENT Information General 100 N/A HSERVER5 wins
| (2168) The database engine 5.02.3790.0000 started.
| 8/24/2005 10:07:06
| PM MvServer Information None 9 N/A HSERVER5 MvServer Service started.
| 8/24/2005 10:07:01 PM Diskeeper Information None 2 N/A HSERVER5 The
| Diskeeper Control Center has been started. Diskeeper service started
| 8/24/2005 10:05:50 PM ccEvtMgr Information None 1 NT
| AUTHORITY\SYSTEM HSERVER5 Application started
| 8/24/2005 10:05:50 PM ccEvtMgr Information None 26 NT
| AUTHORITY\SYSTEM HSERVER5 Application starting
| 8/24/2005 10:05:50 PM ccSetMgr Information None 1 NT
| AUTHORITY\SYSTEM HSERVER5 Application started
| 8/24/2005 10:05:50 PM ccSetMgr Information None 26 NT
| AUTHORITY\SYSTEM HSERVER5 Application starting
| 8/24/2005 10:05:43 PM ESENT Information General 100 N/A HSERVER5
| ==============

 

[Dave Patrick]

See if this helps you.

http://www.jrksoftware.com/articles/70-216/steps-to-take-to-recover-a-crashed-wins-server.html

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
| how do I fix my WINS database? Thanks Dave,
| Kinsley.

 

[Mark V]

In microsoft.public.win2000.registry =?Utf-8?B?S2luc2xleQ==?=
wrote:

Hi Dave and Mark:
Thank You so much for your suggestion.

[ ]

Sorry. No electricity here since last Thursday. And little free
time now. Dave is helping and I'll drop in to this thread when I am
able to again.