W2K continually reboots (Just before log in) After updates?
Wideawake
recent windows updates.
These machines reboot just prior to windows log in.
They cycle endlessly - rebooting.
I think their "system failures" settings are set to reboot on system crash -
so I am not sure if a BSOD is displayed or not. That may give me a clue to
reason for crash.
My first step was to try to amend the "system failure" settings - but as
mentioned I can not boot into safe mode to amend , is there a way to amend
the system failure settings via recovery console?
Or does anyone have any other solutions?
My next step - would be to remove any recently applied updates, again via
recovery console? Is this possible? And would the updates be easily
identified? (As I do not have a list of all updates that were automatically
applied prior to the problem)
Thanks - sorry for multiple questions in one post!! (This is my first post)
John John
auto reboot behaviour.
To uninstall hotfixes from the Recovery Console navigate to the hotfix's
spuninst directory and use the BATCH command to process the uninstall
routine. Example:
cd %systemroot%\$NtUninstallKBnnnnnn$\spuninst
(or simply: cd $NtUninstallKBnnnnnn$\spuninst )
then issue:
batch spuninst.txt
If the batch command fails try:
batch spuninst.bat
John
Wideawake
the batch fine.
However does not solve the problem - machine still reboots continually
(incidently the update was KB931768)
Could residual information be retained in registry from this update? causing
the problem?
I followed your suggestion for Barts PE (after locating the registry editor
plugin) - interesting tool, however, I think I have a problem with this as
well!! I believe you can only build from a copy of XP :-
"Why can't Windows 2000/NT4 be used to build BartPE? Is there a reason for
this?
Yes, that kernel does not support the "/minint" switch and therefore cannot
boot from read only media... Also the layout.inf does not contain required
information"
I do have a versions of XP - but they are all Dell OEM (Pre-installed),
after the Barts PE disk is created, (which appears to be succesfull), if I
use on the W2k machine (Non Dell) I get an error relating to IASTOR.sys which
appears to be a dell driver.
Any other way of using a registry editor from recover console or DOS?
Thanks
John John
SATA driver). You can't do registry work from the Recovery Console or
from DOS. You could do it by connecting to the machine over the network
or by mounting the disk in another Windows 2000/XP machine and using the
registry editor's "Load Hive" feature to load the System Hive of the
broken installation. If you do it with a Windows 2000 machine you have
to use Regedt32 to do it.
John
Wideawake
OEM (I had forgotten about an old IBM laptop) for the Bart PE Build.
When I try to enter the registry editor I get the following error:-
The remote user profile located c:\documents and
settings\administrator.pc46\ntuser.dat could not be loaded
Does this imply this is corrupt?
I now intend to follow your suggestion of mounting on another PC and load
the system hive - but feel I may encounter a similar problem?
fr...@dragoinvestments.com
desktops are wXP but we still have some 15 to 20 machines running on
w2k. We have a policy to automatically install the latest updates as
they became available from Microsoft's website. I am pointing at
yesterday's (may 9 2007) updates as the source of our (now 8 machines)
w2k computers rebooting right before getting to the login screen. Any
variant of safe mode does the same... the machine reboots and reboots
and reboots.
My question is... is it just our computers or are there thousands of
w2k machines out there having the same problem? If the second is true.
IS Microsoft going to do something about this fiasco. In my opinion
the damage caused by the update is comparable to the damage made by a
worm. Anyone has found another solution that doesn't require reinstall
the OS, or buy a new computer (which may be cheaper than fixing all
the machines one by one!!)
Thanks for reading
Dredwolf
and it started after the updates.
John John
should load the System Hive and change the Auto Reboot behaviour and see
if you can get an actual bugcheck error message/code to work with. The
hive will be in the %systemroot%\system32\config folder. The hive you
want to load is the SYSTEM hive (without an extension).
Change the value data in the AutoReboot value to 0 (zero), instead of
1, in the following key:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl
This disables the Automatically Reboot option. After you follow these
steps, you may be able to gather information from the STOP error message
and resolve the problem that prevents the computer from starting.
*ControlSetNNN note*
You will notice that on a dormant NT system the registry has no
CurrentControlSet key, it only has ControlSetnnn keys (ControlSet001,
ControlSet002...) The CurrentControlSet key is created from one of the
numbered keys when the computer reboots. To determine which Control Set
will load when computer boots look at the
HKEY_LOCAL_MACHINE\SYSTEM\Select key. The numbers there indicate which
Control Set will be loaded depending on which boot option is chosen.
Edit the AutoReboot value in the appropriate Control Set.
John
John John
There are reports of the update causing problems (on Windows 2000) all
over the place, you aren't the only one affected by this. Some users
are asking about it on the XP newsgroups. Users on other groups have
sucessfully uninstalled the patch from the Recovery Console and
recovered from the error caused by the patch. I haven't yet seen the
actual buccheck error message so I don't know why or what exactly causes
the computer to go into a continuous reboot loop.
John
Dredwolf
found.
John John
John
dave
have done so far.
-Repair using 2k CD
-after reparir if now desktop shows do ctl-alt-del, task manager, run new
task "explorer.exe.
-turn off win update and run manually do not indatll kb931765 kb819699 or
other updates with 0 kb size.
-after updates desktop should load. Worked on 2 I've done so far. MS still
working on fix.
*Note* if you are going the uninstall route
if you are trying to do an spunint from recovery console you must rename the
spuninst.txt to spuninst.bat and run it by typint "batch spuninstal.bat" at
the prompt.
SPUNINST.exe will only work if windows is loaded. EXE won't work in rec
console MS tell me.
Dredwolf
Wideawake
The system repair appears to be successful - but as soon as windows starts
to load I get the same symptoms.
Just before log in - system reboots.
Just a note - not sure if anyone else is experiencing, the monitor appears
to refresh several times (on/off) just before system re-boots. Not sure if
this is related... Never noticed it before (But I do not use w2k machines.)
It's as if a hardware problem..... but three seperate machines
simultaneous?? and just after the updates. Very strange. More than
coincidence?
Dredwolf
KB931768 to completely uninstall...we have not tried a repair, or parallel
install yet.
jared.s...@gmail.com
wrote:
>
> - Show quoted text -
We're an educational institution with several dozen Windows 2000
machines on campus. We have been battling this since Wednesday
morning. I have tried uninstalling practically every update without
success. I have tried running "batch spuninst.txt" and "batch
spuninst.bat" (after renaming the file from .txt to .bat) but with no
success. It seems to run the process, but the computer still reboots
just before login.
We have resorted to taking a ghost image of the win2k machine,
reloading Windows XP (which may mean more RAM, or, in the worst cases,
a newer computer) and extracting the data off the win2k image. We can
do this process in about 2 hours. Lots of hands on work, but until we
see some sort of fix from MS, we need these systems to be up and
running.
Dredwolf
Wish us luck, otherwise, its time to get out the image disks.
dave
I had to run the repair more than once on a few of my machines before it
would boot fully. I even had to run it 3 times on one. I spent close to 4
hours on the phone with tech support. After I ran a repair the rep had me
install all the critical updates accept the 3 that had 0kb file size. Very
strange, durring a few of the many, many reboots while installing update
after update the 0kb size updates where removed and did not show in the list
when I ran update. Then they popped back up later along with another 0kb
update. Rep advised me to NOT install those as they may be bad. After I run
repair and turn off automatic updates I just leave it off for now. I'll wait
'till the fix it before I crash 50 pc again. Then I'll test it on 1 or 2 just
to be sure.
Dredwolf
to work, and restore the PC's to a usable state, BUT, the users can't use
Outlook to connect to our Exchange servers, as if the connector is broken.
Dredwolf
back.
jgra...@gmail.com
> You can use a Bart's PE disk with a registry editor plugin to change the
> autorebootbehaviour.
>
> To uninstall hotfixes from the Recovery Console navigate to the hotfix's
> spuninst directory and use the BATCH command to process the uninstall
> routine. Example:
>
> cd %systemroot%\$NtUninstallKBnnnnnn$\spuninst
>
> (or simply: cd $NtUninstallKBnnnnnn$\spuninst )
>
> then issue:
>
> batch spuninst.txt
>
> If the batch command fails try:
>
> batch spuninst.bat
>
> John
>
>
>
> Wideawake wrote:
> > I have three machines experiencing the same problem - not sure if related to
> > recent windows updates.
>
> > They cycle endlessly - rebooting.
>
> > so I am not sure if a BSOD is displayed or not. That may give me a clue to
> > reason for crash.
>
> > My first step was to try to amend the "system failure" settings - but as
> > mentioned I can not boot into safe mode to amend , is there a way to amend
> > the system failure settings via recovery console?
>
> > Or does anyone have any other solutions?
>
> > My next step - would be to remove any recently applied updates, again via
> > recovery console? Is this possible? And would the updates be easily
> > identified? (As I do not have a list of all updates that were automatically
> > applied prior to the problem)
>
>
> - Show quoted text -
Hello all,
Just wanted to share my experience with this update that came out on
the 8th of this month that affects the Windows 2000 professional
computers rebooting just before login. After speaking with Microsoft,
it is actually the combination of the kb931768 update, along with a
malicious software removal update for May that came out at the same
time.
If you can boot into the recovery console and do the steps above as
noted by John John to uninstall the 931768 update (mine was named
$ntuninstallkb931768-IE6SP1-2007... (I forgot the rest of the path)),
and reboot after the uninstall, it would still reboot the machine just
before login screen appeared.
However, if you go into recovery console and go to c:\winnt\debug and
look at the log files there, you will see that the malicious software
removal tool actually tagged c:\winnt\system32\sfc.dll as a virus and
deleted the file at the next restart.
To fix this issue, uninstall the update 931768, then type the
following at the recovery console:
expand d:\i386\sfc.dl_ c:\winnt\system32\
After the sfc.dll file is restored, reboot the machine and everything
should come up just fine.
We have 50+ computers that all had automatic updates turned on, so
after we got them back up and running, needless to say we disabled
automatic updates until Microsoft has released a patch to fix this
issue.
I hope this information helps anyone else--it sure would have saved us
numerous hours!
Thanks!
jgrant07
Wideawake
blank) on two or my three machines.
The followed "Dave" instructions (ctrl-alt-del) run explorer.exe, turn off
updates, run manual updates, avoid 0kb updates.
Thanks everyone for help.
Now - I would like to know the true cause of this - was it KB931768?
Have MS acknowledged there is a problem - or are we just drawing conclusions
that problems occured after update?
I am concerned as I have another 10 w2k machines on my network. Why were
these not effected? (The are set to automatically update)
I am concerned they may exhibit symptoms at a later date.
Thanks
Dredwolf
data, logs and DMP files from my affected systems.
S.@discussions.microsoft.com Sonny S.
and the jgrant07's for reinstalling the sfc.dll file and it worked perfectly.
We had spent two days researching this issue and our only fix so far was a OS
Reinstall/repair. We only have about 250 Win2k machines left in our
environment and already 15 of them were affected. This will save us a ton of
time. Thank you both.
Microsoft really failed us on this one.
John John
in mind that they can save the necessary commands as .txt files on a
floppy diskette and that they can then use the BATCH command in the
recovery console to process the .txt files on the floppy. It will save
lots of keystrokes and repetitive work! Example:
Save as undokb.txt
==============================================
cd %systemroot%\$NtUninstallkb931768-IE6SP1-2007... \spuninst
=================================================
At the Recovery console you can then issue:
batch a:\undokb.txt
and it will process the command and go to the directory, and save some
keystrokes. In the Recovery Console I don't think that you can run a
batch command inside another batch command so once at the directory you
can issue the uninstall batch command:
batch spuninst.txt
On the floppy you can save another text file:
Save as fixsfc.txt
======================================================
expand d:\i386\sfc.dl_ c:\winnt\system32\
=======================================================
You could then issue:
batch a:\fixsfc.txt
and the command to replace the sfc.dll will be processed.
Users should verify that the proper paths are entered in the commands,
the path in the first example is not complete.
John
jgrant07
>
> - Show quoted text -
Hey guys,
Here is the email that Microsoft sent me today regarding the problem:
Hi Jared,
I got an update from the security team and I'm forwarding that along
to you.
Problem:
--------------
May 2007 Security Updates are installed and we are in a reboot loop
with the following bugcheck:
STOP: 0xc000021a (Fatal System Error)
The Windows Logon Process System process terminated unexpectedly
with a status of 0xC0000080 (0x0000000 0x00000000).
This only applies to Windows 2000.
Cause:
-----------
Contrary to what I said on Friday, the Malicious Software Removal Tool
(MSRT) actually finds (and not mistakenly thinks) that SFC.dll is
infected but MSRT instead of repairing the SFC.dll file, deletes it.
Resolution:
=================
1. Boot to Recovery Console using a Windows 2000 CD.
229716 Description of the Windows 2000 Recovery Console
http://support.microsoft.com/default.aspx?scid=kb;EN-US;229716
3. Copy the file SFC.DLL from the Windows 2000 CDROM or another
computer running Windows 2000 to %systemroot%\SYSTEM32. Here is an
example of copying the file from a Windows 2000 CD in recovery
console:
COPY d:\i386\sfc.dl_ c:\winnt\system32\sfc.dll
However since we copied the sfc.dll from the CD, we probably have an
older version so I'm sending you hot fix 836726 which you will need to
install to update the version currently installed.
According to the security team, not everyone that deployed this patch
MS07-27 ran into this issue with sfc.dll being deleted. If you ran
into this issue, it means that there is most likely a virus on your
system and they recommend that you run an AV scan before re-installing
the hotfix.
The hotfix has since been modified to repair the sfc.dll file if it
find corruption there rather than delete it.
3. Once you've completed the above steps you can reinstall MS07-027
and it should install successfully with no problems.
I'll send you the hotfix in a different email. Let me know if you have
any other questions.
836726 Windows component files are not removed in Microsoft
Windows 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;EN-US;836726
Regards,
Funmi.
They also sent me another email with a link to the hotfix, although
apparantly they are monitoring the downloads because it is password
protected and will expire after 7 days. Microsoft said this is because
"WARNING: This fix is not publicly available through the Microsoft
website as it has not gone through full Microsoft regression testing",
otherwise I would post it here. However, the update is numbered
178695.
Of course, my question is if you can install the update if your
machine has already been affected?
We just restored the sfc file and disabled automatic updates for the
time being.
Good luck to all...
Jared
paw71
in order to follow you fix. it is so rarely to get working recovery
console that i do not even know how it is looks like.
you need to use BartPE cd and just put sfc.dll file back to the
windows system32 folder. it can be any sfc file from working computer.
after all computer works fine and removing kb931768 is not necessary.
so far our computers working with this update. maybe after couple
restarts they stop.
you can also use windows98 startup disc and replace sfc.dlll file. of
course, your system file must be fat32 in order to load win98 disc. i
was successful to do it in one of my older computers with fat32 file
system. it is working fine .
PAw
John John
> I think John is missing one point: you need to get to recovery console
> in order to follow you fix.
??? The complete thread and all the posts from start to end revolve
around doing the work in the Recovery Console. Where did you get the
idea that any suggestions did not entail using the RC?
John