This topic is locked
This is what happened:
My system crashed, got blue screen error <windowsroot>\system32\hal.dll
I followed the MS instructions.... which created the new problem "lsass.exe, password not valid, reboot). I am running XP PRO, because of this error I can't boot up windows & I can't get into recovery console, don't have administrators password. I this researched this site and found a possible solution:
QUOTE (subtle @ Nov 16 2006, 08:40 AM)
Working Solution! - Without swapping HDD, re-installing windows or losing data.
Hi folks, I recently had trouble with the registry in Win MCE. - Missing '....config\system' on start-up.
I couldn't use the recovery console as Windows was not detecting my RAID NTFS HDD.
I followed the MS instructions.... which created the new problem "lsass.exe, password not valid, reboot).
This is what worked for me.
Requirements:
1) System Restore enabled in windows.
2) NTFS Dos Pro and a Boot CD/Disk - Preferabbly Hiren's Boot C (which is loaded with all the apps you need). Hiren's Boot CD (http://thanki.tk or torrentspy.com)
3) Don't use the system.bak file located in windows\repair.
4) Don't assume that either of the _regis~1, ~2, ~3 or ~4 files in a RP\Snapshot folder are the registry files you need - they are not.
Steps.
1) In your BIOS, set 1st boot device to CD.
2) Reboot with Hiren's Boot CD (or similar).
3) Load NTFS DOS Pro. (in the NTFS Ext2Fs Tools menu on the Hiren CD). You can skip Checkdisk
(use pro instead of regular NTFS as it lists long file name details)
4) Once loaded, the 2nd last line of text indicates the new temporary drive letter of your HDD, in my case D:
5) switch to D:
6)i) You will probably have short file and folder names displayed instead of long when you 'dir', however the full name appears once you are in the directory.
6ii) type (without quotes ' cd system~1\_restor~1\rp95\snapshot '
(RP = restore point, the higher the number the more recent the rp. if this doesn't work for you, try a lower/older number).
7)type ' dir/p ' to list the files in the directory. (use /p, not /w for this)
8) Look through the text (file details) on the right to find ' _REGISTRY_MACHINE_SYSTEM '. Look across to the left, this is the file size (which should be fairly large, eg 5,365,760 in my case). To the left again is the actual file name, in my case ' _r62e7~1 '.
9) You may need to tap the space bar again to finish listing all the files.
10) Once at the command prompt, type ' copy _r62e7~1 d:\windows\system32\config\system '
11) Overwrite = Y
12) Reboot (CTR+ALT+DEL)
13) Load windows.... sucessfully hopefully.
If this doesn't work for you, try;
A) Reload NTFS PRO, go back to the same RP\snapshot directory and copy the following files (copy the actual file name, not the details text).
_REGISTRY_MACHINE_SOFTWARE
_REGISTRY_MACHINE_SAM
_REGISTRY_MACHINE_SECURITY
_REGISTRY_MACHINE_DEFAULT
copy (overwrite) the above files to their corresponding file in the config directory (step 10). eg _REGISTRY_MACHINE_SOFTARE copy over ' software '
Above are all the files that Microsoft recommends you overwrite..... however MS caused my lsass loop in the first place!
B) Try copying the _REGISTRY_MACHINE_SYSTEM from another restore point directory.
Thank you to ealier contributor's in this thread who pointed me to the restore point directory, I would still be stuck if not for your posts. Previous methods in this thread may work for other people, just not me with my setup.
I solved my lsass issue last night, after stressing out for a day. So I thought I'd join this forum just to ad the process that worked for me. If the above steps help even 1 person then I'm happy.
- Good Luck.
____________________________________________________________________________________________________
_________
This works for me also.
Altho part 1 failed for me, part 2 A worked well but the instructions were tricky...
My computer wouldn't use the directory you gave so I had to use each of them by part.
Also, you misspelled one of the directory... -> cd system~1\_restor~1\rp95\snapshot -> It's cd system~1\_resto~1\rpx\snapshot
First of all, if that directory didn't work, do each word by piece.
Example, my drive was E so I switch it by typing E: then I did E:\>cd system~1, after E:\system something\cd resto~1 and I stop there.
I type dir to see my rp numbers (Each RP number has a date, pick the one you think it's good, my RP number was 1114, so rp1114).
I type cd rp1114, then I type cd snapshot (for some reason, it didn't work when I type cd rp1114\snapshot)...
Then I follow the rest of part 1 without problem.
This is what I did in my case if you are having trouble understanding like I did.
Part 2 A was the one that saved me but it would be better if you did part 1 too.
A good example of what you should type after reputing the directory back to snapshot is to type copy _REGISTRY_MACHINE_SOFTWARE e:\windows\system32\config\software. He meant that you should replace the last directory by the last name of the file you copied.
Like these are the commands you should have typed...
copy _REGISTRY_MACHINE_SOFTWARE e:\windows\system32\config\software
copy _REGISTRY_MACHINE_SAM e:\windows\system32\config\sam
copy _REGISTRY_MACHINE_SECURITY e:\windows\system32\config\security
copy _REGISTRY_USER_.DEFAULT e:\windows\system32\config\default (It wasn't _REGISTRY_MACHINE_DEFAULT)
I hope I explained my point of view clearly enough.
Thanks again for this great solution, you saved me.
This method saved me from buying an external hardrive.
This post has been edited by Muu: Oct 23 2008, 08:39 AM
I have downloaded the Hiren's CD, I have followed the first three steps mentioned in the first solution above. I have booted my system with Hiren's CD, Loaded NTFS DOS Pro. (in the NTFS Ext2Fs Tools menu on the Hiren CD). skipped Checkdisk,
I get lost at step 4. My system gave me these options: R: RAM DRIVE C: CDROM DRIVE B: FLOPPY
Not what is listed in the above instructions, I'm unclear as to what to do next. If anyone knows how to use the Hiren's CD to fix my problem PLEASE HELP
Thanks in advance Jazzi
Edited by JAZZI, 08 July 2009 - 01:26 AM.
Sign In
Create Account
