Scenario:
After major hardware / driver issues, Windows XP will not boot, or behaves erratically. In my situation, all networking was gone — new devices could not be added, existing NICs could not be removed, and did not properly redetect. All bindings (even those that are normally hidden) appeared under network devices in Device Manager as malfunctioning devices.
Things I tried that DID NOT work:
– Repair the NIC (Could delete the NIC, but HW redetect failed)
– Update driver
– Use Safe Mode and RegEdit to remove extraneous bindings. Device manager in safe mode claimed that certain bogus bindings were critical, and refused to remove them (even though the card did not exist). Manually removing the bindings using RegEdit (HKLM\SYSTEM\CurrentControlSet\Control\Network) did not work — this is a technique I’ve used in the past with a great deal of success.
– Removed / stopped the services / drivers associated with the hardware / software NICs
– Windows “in-place” upgrade using XP w/SP2 CD. Setup completed, but the network stack was still non-functional.
Additional complexities:
– Two VPN clients
– MS Virtual PC 2007
– WinPCap
Cause:
Various.
Resolution:
Utilities Required:
– BartPE or some other WinPE or Linux environment (must have RW access to the System volume — this article assumes BartPE)
– XP Image configured for or running on similar hardware.
– Windows XP w/SP2 CD or i386 folder (may be required during hardware detection and / or driver installation)
– An external memory device, such as a USB memory stick is helpful for storing and transporting various files between systems
The process involves “borrowing” the registry from another working XP system, and then overlaying the HKLM\Software registry key to preserve installed applications.
This solution has the advantage of restoring hardware functionality while preserving *most* installed software.
MAKE SURE TO BACK UP ENCRYPTION KEYS BEFORE PROCEEDING. During my testing, encryption keys were preserved, but MAKE A SEPARATE BACKUP just in case.
Part I: Extract a known-good registry
(Note: Make sure to pull the registry from a very clean system with very little hardware or software installed, so that you are not copying problems from some other system over to your damaged system. Additionally, the “source” machine should be as similar in terms of hardware to the damaged system as possible in order to minimize hardware issues and driver correction)
Option 1: Image file
If you have an image of a working XP system (e.g. Norton Ghost) use the image explorer utility (e.g. Norton Ghost Explorer) to extract the files in the following folder from the image:
C:\WINDOWS\SYSTEM32\CONFIG
Option 2: Working System
If you have access to a working system, shut it down, then boot to BartPE. Copy the registry files from the following folder:
C:\WINDOWS\SYSTEM32\CONFIG
Option 3: Parallel Install
If you do not have a working XP system or static workstation image (e.g. Norton Ghost image) of a working system with similar hardware, do a parallel install (Install XP to a new folder on the same drive – in this example, C:\WINDOWS.CLN).
Extract the registry from the following folder:
C:\WINDOWS.CLN\SYSTEM32\CONFIG
(Note: Make sure NOT to grab the original registry files from C:\WINDOWS — these are the same damaged files from which you are trying to recover)
Part II: Back up the damaged registry
Boot the non-working system to BartPE, and make a backup copy of the registry files:
C:\WINDOWS\SYSTEM32\CONFIG
Part III: Swap out the registry
(Note: This step is potentially destructive, so MAKE SURE you have a backup of the original registry of the damaged system)
Still in BartPE, copy the “clean” registry files on top of the existing files. DO NOT delete the old files.
Reboot the damaged machine, and see if it boots. If it fails to boot, boot to BartPE and remove the *.LOG files from the registry folder, and try again.
If the damaged machine STILL does not boot, verify that the source machine and the damaged machine have similar hardware (especially if the Blue Screen message is “Inaccessible Boot Device” or “Inaccessible Boot Volume”).
Once you get the machine booted, proceed to Part IV.
Be sure to disconnect the machine from the network — it now has the same name as the “source” machine
Part IV: Restore the “Software” registry hive.
During the initial boot, you may get error messages and prompts to re-register your software (ignore everything — the registration for most software will be addressed by this process)
Note: You will have to log in as an administrative account that is on the image or running system. Since the registry was copied from another system, you need to know the administrative account from the “source” machine.
1. Allow hardware detection to proceed. Once complete, reboot once to verify (you may get more prompts to register your software — continue to ignore this) that the hardware works. Make note of any non-working devices in Device Manager.
2. Shut down and boot to Safe Mode (hit F8 immediately following the BIOS screen, then select “Safe Mode” from the boot menu). This step is important: There should be as little running as possible.
3. Open RegEdit, and load the damaged registry hive.
– Click to highlight “HKEY_LOCAL_MACHINE” folder in the left pane
– On the menu, select “File…Load Hive…”. Navigate to the location of the damaged registry backup file, and select the file called “SOFTWARE”.
(e.g. if the backup of the damaged reg is located in C:\OLDREG, select the file called C:\OLDREG\SOFTWARE )
– For “Key Name”, enter “SOFT2”
4. Export the damaged registry branch:
– On the menu, select “File…Export…”
– At the bottom, for “Export Range” select “Selected Branch”
– For “Selected Branch”, enter: HKEY_LOCAL_MACHINE\SOFT2
– Enter a file name for “File name”, and click “Save”. This will be referred to as the Reg File.
5. Correct the registry path in the saved reg file:
– Open the reg file in Notepad (or Wordpad if it is too large), and do a search and replace:
Replace: [HKEY_LOCAL_MACHINE\SOFT2\
With: [HKEY_LOCAL_MACHINE\SOFTWARE\
– Save the file and exit Notepad / Wordpad
6. Import the reg file
– In the Explorer window, double-click the reg file.
– When prompted, click “Yes” (to import the reg file)
Note: There will be a long delay and high CPU utilization during the import.
– A message should appear stating that the registry import was successful, or that not all registry keys could be imported (OK either way)
Reboot and start Windows normally
Part V: Recreate User Account and Restore Profile
Note: This procedure will assume that there is one primary user, but this part can be repeated as many times as required for each user of the system.
1. Create a new account for the user (this example assumes “user1” is the user ID). Remember to restore privileges and groups, such as adding the user to the “Administrators” group.
2. Rename the user profile. The user’s profile is located in C:\DOCUMENTS AND SETTINGS and is named the same as the user ID. So for User1, rename the following folder:
Rename: C:\DOCUMENTS AND SETTINGS\USER1
To: C:\DOCUMENTS AND SETTINGS\USER1.OLD
3. Log out.
4. Log in as the user User1. (Note: A new profile will be created)
5. Reboot
6. Log in as some other administrator (Do not log in as user1 or the user’s registry will be locked open by XP) — use the same account used previously before user1 was created.
7. Swap the user’s profile:
– Go to C:\DOCUMENTS AND SETTINGS\USER1 (new profile) and delete all the files and folders (but DO NOT delete the parent folder, “USER1”)
– Move all files from C:\DOCUMENTS AND SETTINGS\USER1.OLD to the USER1 profile folder (C:\DOCUMENTS AND SETTINGS\USER1)
8. Log out and log back in as USER1 to verify that everything works.
Part VI: Restore emulated hardware devices and repair minor problems
Make sure to rename the machine and dis-join from the domain (join a workgroup) before connecting to the network. The repaired system has the same name as the source machine.
Any software that emulates hardware will need to be removed and re-installed. Here is a partial list:
– VPN clients
– Some antivirus products
– Virtualization platforms (Virtual PC / VMWare)
– CDR tools and CD burning software (may or may not need to be reinstalled)
– CD Emulation software (Daemon tools, XP Virtual CD powertoy)
– Network capture software (WinPCap driver / Netmon driver)
Most licensed software should run “as-is”. A few applications may think this is the first launch, but should function appropriately.
A few applications may have stored license information in areas of the registry that they should not be accessing — if this happens, the application will need to be re-registered.
Rename the machine, and join it to the domain (if appropriate)
Summary
This process took a long time to figure out and execute, but saved me at least a week’s worth of work (setting up and configuring a new system)
If you read this and it helps you, please let me know. If you have thoughts regarding improving or streamlining this process, please let me know that as well.
Pingback: Google
Really nice post. I just became aware of ones blog page as well as planned to declare that I have really adored browsing the weblog content. Whatever the case I am signing up for your supply i we imagine you generate again in the near future!
nice website.
whoah this blog is fantastic i like studying your articles.
Keep up the good work! You know, many people are hunting round for this information,
you could aid them greatly.
Update
Had to boot to safe mode and remove my ACPI drivers (Device Manager\System). Once these redetected, everything works great.
I am reinstalling VPN software and MS Virtual PC.