A day in the life of Bluerinse

Discussion in 'Software' started by Bluerinse, Jan 27, 2006.

  1. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    I thought it would be interesting to share this experience with you lot.

    I woke up yesterday feeling a bit groggy as usual, I am definitely not a morning person. I put the kettle on and clicked the on button on my laptop, so that I could see what's hot on CertForums today and check my emails. Unfortunately things were not going to go as planned, that was obvious by the message on my lappy screen which said...

    Windows could not start because the following file is missing or corrupt.
    <windows root>\system32\ntoskrnl.exe
    Please reinstall a copy of the file.

    Hmmm, well the first thing that went through my head was yikes, it's been a while since I backed stuff up on this thing and it is our (my wife and I) main workstation. All my business accounting, tax, personal stuff, security certificates, pics etc are stored on it. So I knew I had to sort it and quickly or I would be in big trouble with the misses - Our Outlook contacts and email etc were safe, they are stored on our exchange server.

    Anyway, I have seen these messages before and they can be a real pain in the butt to resolve. This was to be no exception to that rule. In fact if it weren't for the fact that all of our beloved data was on that drive, it would have been easier to FDISK and re-install. However, that was not an option.

    The message refers to NTOSKRNL.exe however according to Microsoft article 124550, it has nothing to do with that file :blink hence reinstalling it would be a waste of time. The actual culprit could be a number of things. The boot.ini for example may have invalid information or be missing. Or on Windows 2000 (the OS in question) it could be a corrupt hal.dll.

    NTFS is good except when things go pear shaped. The problem with NTFS is that you can't easily access the partition using a standard DOS type boot up disk as they can't read or write to NTFS.

    So, how can I easily check out my boot.ini, open it and have a gander inside? Well it isn't that easy unless you are a Linux fan. Here is where Knoppix comes to the rescue. I boot up from my Knoppix CD, watch all the pretty colours as it boots perfectly. Click on hda2 and I am in :biggrin Guess what, no boot.ini to be seen anywhere. Now we all know the boot.ini is a necessary file, it basically points to where the system files are using arc path convention. No boot.ini means no boot.

    I pondered for a while what might have happened to my boot.ini, after all it's only a text file, all my other text files were still there and thankfully so were all my other files. Knoppix was showing me them even though they are on an NTFS partition. I remain confused as to why, out of all the files on my laptop that I couldn't really care less whether they were there or not, old letters, old forms, log files, songs, etc. But my boot.ini is important to me and yet it has vanished, what a bummer.

    It's not the end of the world then, all I have to do is copy a boot.ini back to my laptop C drive. Here's how that idea panned out. I go to my XP workstation and click windows explorer, set it so that it shows hidden and system files and switch off that really annoying setting which hides extensions for known file types. Go to the root of C: and open the boot.ini in Notepad. Now I am thinking about those dreaded arc path conventions :rolleyes: I know the system folder on my laptop is WINNT on this XP box it is WINDOWS, so I need to edit the path to reflect the correct info. My laptop only has one drive and I only have one partition (same as this box) so the rest of the entries should be okay or so I thought.

    This is where floppy disks can be useful but for some reason with XP I find floppies to be erratic. Is it just me? Eventually manage to find a floppy that XP could read and copied my modified boot.ini to it.

    bunged the floppy into the lappy and clicked the icon in Knoppix and there it was. I tried to copy it to Hda2 (my C drive) but that was a no no. I don't think you can write to an NTFS partition in Linux or if you can, well I don't know how :rolleyes: So Knoppix had done it's work for me and it was now time to boot into the recovery console. For those that are still reading this blog and don't know what the recovery console does, I will give a brief explanation.

    The recovery console gives you a very limited command line experience, it's a bit like using DOS but with less commands. You can disable things and copy to an NTFS volume, which is what I wanted to do.

    Now I start getting annoyed because the default directory is the system directory that you have to log on to. In my case C:\WINNT So, I try CD\ (command not recognised) CD.. (command not recognised. After much dabbling including looking in the not very helpful help information, I succeed. You have to type CD c:\ Oh well I am there, do a DIR and check again, Knoppix was correct, there is no boot.ini for sure! Next step, copy the file to the C: root. All done, exit and re-boot with fingers crossed.

    Oh drat...

    Windows could not start because the following file is missing or corrupt.
    <windows root>\system32\ntoskrnl.exe
    Please reinstall a copy of the file.

    Okay, now I am thinking maybe the hall.dll is corrupt. I haven't got a backup of the hall.dll *SYSTEM STATE BACKUPS ARE IMPORTANT AT TIMES LIKE THESE - SO ARE ERDs

    Hall.dll is a file which you cannot copy off another computer hal (hardware abstraction layer) is created and based upon the exact hardware that the OS is installed on. Hmmm what to do?

    I could re-install the OS over the top of itself and that might fix things but it mst likely will break other things too. It occurred to me that I could generate another hal.dll that would be a good one if I do a parallel install of Windows 2000. The lappy has a 20Gb HDD which is full to the brim. only about 600Mb left, just enough I thought, so lets try that. I also knew that the new install would generate a new boot.ini, so I could check the arc path for the original installation.

    So I go for that, install Windows 2000 to a different folder on the same HDD, name it something different like WINTEST. I can safely delete this install later to free up the space again.

    Next I log in and have a click around, check out my boot.ini which has been changed for the duel boot configuration. I notice immediately that although both installs are on the same partition the new working one is showing in the arc path as 2 not 1. Partition 2, ah yes. I forgot that this laptop is an HP and they steal about 8Mb of the HDD for their recovery purposes, it is formatted with an unknown filesystem and is small, yet big enough to call itself a partition. So my boot.ini should have read bla bla bla partition (2)\WINNT

    I edit he duel boot arc path so they are both correct, save and re-boot and chose my old installation from the bootloader screen.

    Yes, windows is loading, things are looking good, fingers crossed then BLUE SCREEN OF DEATH :eek:

    *The registry cannot load the hive file or it's key or alternate. It is corrupt, absent or not writable

    \systemroot\system32\config\security
    - Oh bugger

    I must admit that I was starting to get worried now!

    What to do? I am an MCSE, I can fix it, fear is not your friend.

    Well there is not much I can do staring at a BSOD, so I re-boot into my newly installed W2K OS.

    I though I would have a look at the config folder in my old installation and check out the file to see whether it is there. It was indeed there. Now this is a registry hive and so it will contain security settings and it cannot be replaced with a new one. Fortunately I have a repair folder in my old WINNT directory which contains a backup of the SECURITY hive. The backup was a few months old but I was stuck for choice. I Copy the file and firstly try to re-name the errant SECURITY file to something else. No go, this file is corrupt message and it returns to the original name, can't paste, can't rename. Don't you just love computers :biggrin

    Time to do a CHKDSK /R let this program do it's thang, it finds lost files and clusters and stuff and can fix errors on the HDD. I had already run the version in the recovery console but what the heck, lets go for it again, nothing to lose.

    After the drive has been checked I try the copy and paste again, too my suprise it worked. I now have a non corrupt SECURITY hive in my old OS registry, so lets re-boot and see what the next obstacle is going to be.

    I chose the old install from the boot loader screen and sit back with my fingers crossed. Lo and behold I am faced with a domain login screen 8) Yes I thought, try my usual login credentials and no joy. Ah well, lets try login in locally. Success, I am in!!!!

    Okay, I re-joined the lappy to the domain using my administrator credentials. Re-boot, and logged into the domain with my user account. I AM IN :biggrin

    I have been using and testing things out and all seems hunky dory now. I believe the corruption of the boot.ini and the registry was due to a power surge, we get a lot of those here.

    The moral of the story is always backup your data. Recovery of NT based systems is not always easy.

    Sorry this post is so long.

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  2. _omni_

    _omni_ Megabyte Poster

    647
    10
    62
    what about system restore, shouldn't it make a backup every 24 hours?
     
    Certifications: MCSE 2003, MCSA:M
  3. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Yes, if it's switched on and *if* you are using XP (W2K doesn't have such a thing) and *if* you can log into the OS. You cannot run system restore on a non bootable XP machine.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  4. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Well done recovering your laptop. I think tech's must be the worst people for backing up their own systems. I know I have been stung by not doing that before now. :)
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  5. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    Two things learnt here - regular backups and use a surge protector! I lost a hard drive once down to what I believe was a power surge, now I have one on all my power strips and on the phone line as well.

    Glad you got it sorted Bluerinse. Were you late for work :twisted: ?
     
    Certifications: A+, Network+
    WIP: 70-270
  6. _omni_

    _omni_ Megabyte Poster

    647
    10
    62
    i never back up my computers...i figure i'll learn from my own bad experiences. :rolleyes:
    though i do have a surge protector...
     
    Certifications: MCSE 2003, MCSA:M
  7. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    In best Yoda voice - Young you are, but you will learn hmm?
     
    Certifications: A+, Network+
    WIP: 70-270
  8. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    I have two UPS's to protect my lab network. I sized them large enough to be able to run my entire network off them. They give me both power conditioning and battery backup. It really is the way to go.

    You wouldn't believe how much more stable computers are when they are given filtered power rather than getting all the interference that is normally found in power lines. The computers also last quite a bit longer. I have yet to have to replace a power supply on any of my computers and they are all at least 3 years old. One is 6 years old and it's still running the original power supply.

    In 6 1/2 years I've only had two hardware failures, and both came before I started filtering the power fed to the computers. Knock on wood.... One was a hard drive, the other a cpu failure.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  9. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    lol no, I work for myself and fixing computers is my job function, hence this was work, albeit not profitable.

    I do run my SBS box off a UPS but this is a laptop. I really need a new battery but they are expensive and the thing is on it's last legs anyway.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  10. Baba O'Riley

    Baba O'Riley Gigabyte Poster

    1,760
    23
    99
    I used to backup to DVD. I tried to do it once a fortnight but always put it off. To do the first full backup I basically slept at my computer and every time the PC asked for a new disc it beeped and woke me up.

    Now I've built my network, I backup PC A to PC B, PC B to PC C and PC C to PC A. I have it set up to basically do a full backup or an incremental at the push of a button and leave it running overnight. Luckily, it's not too inefficient on disc space as one of the PCs is a file server which gets a full backup and the other two, I just backup the system state and the Docs and Settings folder. Now there's no effort or thought involved, I backup regular as clockwork :D !
     
    Certifications: A+, Network+
    WIP: 70-270
  11. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,721
    549
    364
    Great fix that one, always a nightmare when your laptop decides not to play ball!

    I’m backing up mine just now, first time in about 6 months! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  12. law123

    law123 Byte Poster

    189
    0
    33
    That is why I love Norton Ghost :)

    Anyway glad to read all was well in the end.
     
    Certifications: None
    WIP: A+
  13. Tyler D

    Tyler D Gigabyte Poster

    1,224
    8
    85
    As soon as i read this post,the first thing i did was a full system back-up :biggrin

    Thanks for sharing with us Bluerinse :thumbleft
     
    Certifications: A+,70-270
    WIP: 70-290

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.