Microsoft Knowledge Base 307545
This article describes
how to recover a Windows XP system that does not start because of corruption in
the registry. This procedure does not guarantee full recovery of the system to
a previous state; however, you should be able to recover data when you use this
procedure.
Warning Do not use the procedure that is described in this article if
your computer has an OEM-installed operating system. The system hive on OEM
installations creates passwords and user accounts that did not exist
previously. If you use the procedure that is described in this article, you may
not be able to log back into the recovery console to restore the original
registry hives.
You can repair a corrupted registry in Windows XP. Corrupted registry files can
cause a variety of different error messages. See the Microsoft Knowledge Base
for articles about error messages that are related to registry issues.
This article assumes that typical recovery methods have failed and access to
the system is not available except by using Recovery Console. If an Automatic
System Recovery (ASR) backup exists, it is the preferred method for recovery.
Microsoft recommends that you use the ASR backup before you try the procedure
described in this article.
Note Make sure to replace all five of the registry hives. If you only
replace a single hive or two, this can cause potential issues because software
and hardware may have settings in multiple locations in the registry.
When you try to start
or restart your Windows XP-based computer, you may receive one of the following
error messages:
Windows XP could not start because the following file is missing
or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
Windows XP could not start because the following file is missing
or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE
Stop: c0000218 {Registry File Failure} The registry cannot load
the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate
System error: Lsass.exe
When trying to update a password the return status indicates that the value
provided as the current password is not correct.
Recover a corrupted registry that prevents Windows XP from
starting
The procedure that
this article describes uses Recovery Console and System Restore. This article
also lists all the required steps in specific order to make sure that the
process is fully completed. When you finish this procedure, the system returns
to a state very close to the state before the problem occurred. If you have
ever run NTBackup and completed a system state
backup, you do not have to follow the procedures in parts two and three. You
can go to part four.
Part one
In part one, you start
the Recovery Console, create a temporary folder, back up the existing registry
files to a new location, delete the registry files at their existing location,
and then copy the registry files from the repair folder to the System32\Config folder. When you have finished this procedure, a
registry is created that you can use to start Windows XP. This registry was
created and saved during the initial setup of Windows XP. Therefore any changes
and settings that occurred after the Setup program was finished are lost.
To complete part one, follow these steps:
1.
Insert the Windows XP
startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into
the CD-ROM drive, and then restart the computer.
Click to select any options that are required to start the computer from the
CD-ROM drive if you are prompted to do so.
2.
When the "Welcome
to Setup" screen appears, press R to start the Recovery Console.
3.
If you have a
dual-boot or multiple-boot computer, select the installation that you want to
access from the Recovery Console.
4.
When you are prompted
to do so, type the Administrator password. If the administrator password is
blank, just press ENTER.
5.
At the Recovery
Console command prompt, type the following lines, pressing ENTER after you type
each line:
md tmp
copy c:\windows\system32\config\system c:\windows\tmp\system.bak
copy c:\windows\system32\config\software c:\windows\tmp\software.bak
copy c:\windows\system32\config\sam c:\windows\tmp\sam.bak
copy c:\windows\system32\config\security c:\windows\tmp\security.bak
copy c:\windows\system32\config\default c:\windows\tmp\default.bak
delete c:\windows\system32\config\system
delete c:\windows\system32\config\software
delete c:\windows\system32\config\sam
delete c:\windows\system32\config\security
delete c:\windows\system32\config\default
copy c:\windows\repair\system c:\windows\system32\config\system
copy c:\windows\repair\software c:\windows\system32\config\software
copy c:\windows\repair\sam c:\windows\system32\config\sam
copy c:\windows\repair\security c:\windows\system32\config\security
copy c:\windows\repair\default c:\windows\system32\config\default
6.
Type exit to
quit Recovery Console. Your computer will restart.
Note This procedure assumes that Windows XP is
installed to the C:\Windows folder. Make sure to change C:\Windows to the
appropriate windows_folder if it is a
different location.
If you have access to another computer, to save time, you can copy the text in
step five, and then create a text file called "Regcopy1.txt" (for
example). To use this file, run the following command when you start in
Recovery Console:
batch regcopy1.txt
With the batch
command in Recovery Console, you can process all the commands in a text file
sequentially. When you use the batch command, you do not have to
manually type as many commands.
Part two
To complete the
procedure described in this section, you must be logged on as an administrator,
or an administrative user (a user who has an account in the Administrators
group). If you are using Windows XP Home Edition, you can log on as an
administrative user. If you log on as an administrator, you must first start
Windows XP Home Edition in Safe mode. To start the Windows XP Home Edition
computer in Safe mode, follow these steps.
Note Print these instructions before you continue. You cannot view these
instructions after you restart the computer in Safe Mode. If you use the NTFS
file system, also print the instructions from Knowledge Base article KB309531.
Step 7 contains a reference to the article.
1.
Click Start,
click Shut Down (or click Turn Off Computer),
click Restart, and then click OK (or click Restart).
2.
Press the F8 key.
On a computer that is configured to start to multiple operating systems, you
can press F8 when you see the Startup menu.
3.
Use the arrow keys to
select the appropriate Safe mode option, and then press ENTER.
4.
If you have a
dual-boot or multiple-boot system, use the arrow keys to select the
installation that you want to access, and then press ENTER.
In part two, you copy
the registry files from their backed up location by using System Restore. This
folder is not available in Recovery Console and is generally not visible during
typical usage. Before you start this procedure, you must change several
settings to make the folder visible:
1.
Start Windows
Explorer.
2.
On the Tools
menu, click Folder options.
3.
Click the View
tab.
4.
Under Hidden files
and folders, click to select Show hidden files and folders, and then
click to clear the Hide protected operating system files (Recommended)
check box.
5.
Click Yes when the dialog box that confirms that you want
to display these files appears.
6.
Double-click the drive
where you installed Windows XP to display a list of the folders. If is
important to click the correct drive.
7.
Open the System Volume
Information folder. This folder is unavailable and appears dimmed because it is
set as a super-hidden folder.
Note This folder contains one or more _restore {GUID} folders such as
"_restore{87BD3667-3246-476B-923F-F86E30B3E7F8}".
Note You may receive the following error message:
C:\System Volume Information is not
accessible. Access is denied.
If you receive this message, see the following Microsoft
Knowledge Base article to gain access to this folder and continue with the
procedure:
How to gain access to the System Volume Information folder
8.
Open a folder that was
not created at the current time. You may have to click Details on the View
menu to see when these folders were created. There may be one or more folders
starting with "RPx under this folder.
These are restore points.
9.
Open one of these
folders to locate a Snapshot subfolder. The following path is an example of a
folder path to the Snapshot folder:
C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot
10.
From the Snapshot
folder, copy the following files to the C:\Windows\Tmp folder:
o
_REGISTRY_USER_.DEFAULT
o
_REGISTRY_MACHINE_SECURITY
o
_REGISTRY_MACHINE_SOFTWARE
o
_REGISTRY_MACHINE_SYSTEM
o
_REGISTRY_MACHINE_SAM
11.
Rename the files in
the C:\Windows\Tmp folder as follows:
o
Rename
_REGISTRY_USER_.DEFAULT to DEFAULT
o
Rename
_REGISTRY_MACHINE_SECURITY to SECURITY
o
Rename
_REGISTRY_MACHINE_SOFTWARE to SOFTWARE
o
Rename
_REGISTRY_MACHINE_SYSTEM to SYSTEM
o
Rename
_REGISTRY_MACHINE_SAM to SAM
These files are the
backed up registry files from System Restore. Because you used the registry
file that the Setup program created, this registry does not know that these
restore points exist and are available. A new folder is created with a new GUID
under System Volume Information and a restore point is created that includes a
copy of the registry files that were copied during part one. Therefore, it is
important not to use the most current folder, especially if the time stamp on
the folder is the same as the current time.
The current system configuration is not aware of the previous restore points.
You must have a previous copy of the registry from a previous restore point to
make the previous restore points available again.
The registry files that were copied to the Tmp folder
in the C:\Windows folder are moved to make sure that the files are available
under Recovery Console. You must use these files to replace the registry files
currently in the C:\Windows\System32\Config folder. By default, Recovery
Console has limited folder access and cannot copy files from the System Volume
folder.
Note The procedure described in this section assumes that you are
running your computer with the FAT32 file system. For more information about
how to access the System Volume Information Folder with the NTFS file system,
click the following article number to view the article in the Microsoft
Knowledge Base:
How to gain access to
the System Volume Information folder
Part Three
In part three, you
delete the existing registry files, and then copy the System Restore Registry
files to the C:\Windows\System32\Config folder:
1.
Start Recovery
Console.
2.
At the command prompt,
type the following lines, pressing ENTER after you type each line:
del c:\windows\system32\config\sam
del c:\windows\system32\config\security
del c:\windows\system32\config\software
del c:\windows\system32\config\default
del c:\windows\system32\config\system
copy c:\windows\tmp\software c:\windows\system32\config\software
copy c:\windows\tmp\system c:\windows\system32\config\system
copy c:\windows\tmp\sam c:\windows\system32\config\sam
copy c:\windows\tmp\security c:\windows\system32\config\security
copy c:\windows\tmp\default c:\windows\system32\config\default
Note Some of these command
lines may be wrapped for readability.
3.
Type exit to
quit Recovery Console. Your computer restarts.
Note This procedure assumes that Windows XP is
installed to the C:\Windows folder. Make sure to change C:\Windows to the
appropriate windows_folder if it is a
different location.
If you have access to another computer, to save time, you can copy the text in
step two, and then create a text file called "Regcopy2.txt" (for
example). To use this file, run the following command when you start in
Recovery Console:
batch regcopy2.txt
Part Four
1.
Click Start,
and then click All Programs.
2.
Click Accessories,
and then click System Tools.
3.
Click System
Restore, and then click Restore to a previous RestorePoint.