Bench Notes                        Bench Notes End

Forum Correspondence Forum Correspondence End

WindowsBBS WindowsBBS end

 

 

 


Possible search terms

vista reboots at logon screen
vista restarts at logon screen
vista reboots at login screen
vista restarts at login screen

 

Forum Correspondence

Started ouot asking two questions:

Event Viewer and Performance monitor in Windows RE

How do you run things like scf, perfmon, eventvwr from Windows RE booted from the vista DVD?

And

Vista can't get to desktop or safemode

I need help describing my problem. What is the name of the screen that you see with the various users listed as Vista Boots?

I need to know that because whatever the name of that screen is, it is the last screen I see, for about 5 or 10 seconds, before the computer I am working on shuts down and restarts.

I cannot get to the desktop (it reboots as soon as I try to click on a user and the word "Welcome" appears), I cannot start it safe mode (it reboots before it gets there), I cannot start it with automatic restart on system failure disabled- it just restarts so I do not see any bsods and error numbers . I cannot believe that Microsoft designed this OS so that it cannot be overlaid, (reinstalled over itself) without destroying users accounts and programs the way that XP could

I have cleaned a number of virus from the system and check the drives physical integrity by scanning it with another computer. I have also found (and removed) one stick of bad memory. I have tried working with the Windows RE (Windows Recovery Environment) from the installation DVD. It runs through its startup recovery, it reports that Startup Repair could not detect any problems, yet when I the machine and then it reboots when it gets to whatever that screen is called.

I can get to the Windows RE command prompt (not safe mode command prompt) if I boot from the install DVD. I have tried to run SFC, eventmon, and eventvwr from there but they don't seem to work.

Can anyone help me?

 

Going to post these two questions:

www.techguy.org

http://forums.techguy.org/windows-vista/738749-eventvwr-windows-re.html

http://forums.techguy.org/windows-vista/738747-vista-can-t-get-desktop.html

No replys as of 8//13/08

 

Microsoft Community Forum

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?query=amgeek&dg=microsoft.public.windows.vista.performance_maintenance&cat=en_US_9CA88DDB-D18D-FA0E-A366-6E527B0FBA67&lang=en&cr=US&pt=&catlist=&dglist=&ptlist=&exp=&sloc=en-us
(may not have signed up for e-mail notification for second question.


Did get a few responses


Event Viewer and Performance monitor in Windows RE

How do you run things like scf, perfmon, eventvwr from Windows RE booted from the vista DVD?

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.vista.performance_maintenance&tid=bc3580a0-2694-4bed-9bbf-51eb28f35e78&cat=en_US_9CA88DDB-D18D-FA0E-A366-6E527B0FBA67&lang=en&cr=US&sloc=en-us&m=1&p=1


Hi,
There is the System recovery options menu. Booting off the DVD, after
windows has finished loading files and after you have selected a language,
click the "Repair" link in lower-left corner of the "Install now" screen.
You will get a menu with all the recovery options - start-up repair, system
restore, complete pc restore, mem diagnostics and command prompt (the old
recovery console)

Victor Constantinescu

Thanks Victor. I have found that, now how do I, (or can I) run the commands: perfmon, eventvwr and the like. It keeps telling me they are not recognized.

'perfmon' (or 'perfmon.exe') is not recognized as an internal or external command, operable program or batchfile.

 

 

 

 

 

http://www.daniweb.com/category1.html

 


http://www.howtogeek.com/tag/windows-vista/


www.windowsbbs.com


http://www.windowsbbs.com/windows-vista/75868-vista-cant-get-desktop-safemode.html

 

 

************

windowsbbs. Is the first to respond.


Hi and welcome to the BBS,

Look through the motherboard manual for the computer. If you have removed one RAM module, you may need to put the remaining module into a different slot for it to work on it's own. Some manufacturer's information is not clear whether a "matched pair" of RAM modules is necessary for the system to run correctly. If you replaced both modules, they may not be compatible with the motherboard.

Viruses are usually intended to cause damage to the system. Depending on their nature, they may be able to be removed without damage to the system, but their intention I expect, is the opposite. In the situation you describe, I might expect that the registry was damaged. I might try some of the repairs you describe, but not waste too much time before backing up the data and reformatting. Even if the system got going again, I would always be wondering if it was working correctly. I would not hesitate to reformat, rather than patch back together an "iffy" system.

Matt

 

 


Mattman, thanks for responding to my question.

As to checking if the motherboard needs both sticks of ram, I should have mentioned that I did do a test fresh install, on a separate drive, to see if there might be some physical cause for the rebooting. It seems to work ok.

I am, however, a little shocked by your suggestion that since the machine was infected it is probably best to wipe the drive and start again. I understand your reasoning and the concept is supported by other mega-geeks (Leo La Port for one I think) but this is a family's machine - six users as I recall, replete with all of the memories and data that entails. I have been able to salve the drive but it will be a nightmare to restore. And if that is all they wanted they could have taken it to the Geek Dogs or some "$99.00 fixes all" shop.

Besides, if I do that, I won't learn how to fix Vista ;)

 

***********************

I certainly wouldn't discourage you from learning about Windows

If it is not possible to boot into Safe Mode though, that's when most of us start looking at reinstalling Windows. Vista has a different system which you are trying now, but as I was saying, if the registry is corrupt I doubt you might ever get it working 100% again.

I don't go looking for fast processors or large amounts of RAM, great graphics, etc, but I do want the operating system working correctly.

If they were actually viruses, their aim is to damage the system. Removing them doesn't mean the damage has been reversed.
________________________________________________________________
I am like you, I like to find out why the system is not working. I have found though, that getting an "adaptable" system is more important. What will the family members do if it cannot be fixed? What would they do if the HDD failed? Is the system backed-up? I think all the experienced people here will tell you to always expect the worst outcome. Getting the system back to where it was previously is the aim. Ask anyone that looks after business data.
Quote:
six users as I recall, replete with all of the memories and data that entails
Getting them back to a working system in the event of a catastrophe would be something I would be concentrating on. OEM manufacturer's technicians working on the machine under warranty would have advised reformatting as soon as they heard the word "virus".

Finding out how to avoid getting viruses and other malware is what I try to advise my family members on.

Learn, learn, learn, yes. Don't forget about avoiding problems from where they stem or having an "emergency backup plan" either.

Matt
__________________
Matt MCP MCDST
Everest Sandra Memory diagnostics


Arie doesn't think they will work that way posted a site I had been too.


Those don't seem to be supported commands. For a listing see: Command-line reference for IT Pros


I replied

Thanks Arie, I must say that I am impressed with the group. I have posted this questions to several of the "Leading" communities and this is the only one I have any response from so far.

Thanks for the link. I had come across that and did not see the answer I was looking for. I had assumed I was just too dumb to see it.

Perhaps I am asking the question the wrong way. Let me try another approach. Given that I have the hard drive from the machine in question and several other XP/Vista machines at my disposal, Is there any way to view the event view, performance monitor or anything else that might help me identify the problem?

 

Arie

Hi, I love it when MS documentation is incomplete

Use this command wevtutil. To learn more about the
wevtutil.exec command-line tool, type wevtutil /? at a command prompt.

I've just checked that it exists, and notice that you can at least export log files, so you should then be able to copy them to another drive & view them on a working machine.

Sorry, I'm a bit busy, so hope you can use this info as-is

Post back if you need more help.

 


Possible links for info on wevutil

http://msmvps.com/blogs/nickwienholt/archive/2006/11/21/wevtutil-queries.aspx

 

 

 


This is one of the reasons I love this job so much. With the best of intentions, briliant people, who probably know the answer you are looking for, offer obtuse instructions that, weather the mean to or not, leave most folks totally baffeled and bemused. The result, intended or not, is that most folks give up and go away quite impressed with the depth of knowledge whoever answered their question must possess.

Not I, I really want to know the answer to my question more than ever and now I also want to know if the other person is intentionally trying to technobull me or if I really am too stupid to understand what they said?

Unfortunately It looks like I will probably have to give in, reformat and reinstall on this machine and send it home. I will, however, try to keep enough of it to experiment with to see if I can extract the right logs and files to see what the hell might have been crashing it. I may have already gained some insight from a chance find at MajorGeeks concerning the reading of dump files!


OH, wait a minute..... I think I have found (great geek forgive me) a simpler way. Allow me to explain. I did pursue the information about wevtutil a bit. I found that it does not exist in Windows XP (totally irrelevant information to this discussion but it does sound good). And tried a few of its commands (I'll post my notes elsewhere). While doing so, in the process so to speak, I found out where the log files actually live, C:\windows\system32\winevt\logs. Armed with that knowledge I found that I could attach the hard drive from the crashed machine to a working Vista (did not try attaching to an XP - but that might work as well) machine and opened them directly from there.

End result is - correct me if I am wrong- that the command prompt option of Windows RE, like its predecessor the Windows Recovery Consol, is for the most part, an interesting curiosity, since most if not all of its functions can be performed quicker and slicker by slaving the hard drive in question to a functioning machine.

Now that I can read the logs the question arises ... What the hell am I looking for? Which if any of them is the "Performance Monitor"? Most importantly, where would I find clues as to what is causing the system to reboot after reaching the login screen?

 

Arie Asks
You are looking for errors that seem related to the login process. I don't know why you would want to look at the performance monitor.

For a couple of reasons. First of all, it is a new tool and I think the more I use it the quicker I will learn about it. Also, I think I have seen that it can list historical incidents where the machine may have had trouble, any of which could be a clue to what is causing the problem.

Where do you think I should be looking?

 


Arie's reply
I don't know, never used the tool myself

 


It is one thing when I don't know what I am talking about, it quite another when you don't know what I am talking about.

It could mean that I am more lost than I know.

So, where do we go from here?

 

 


End

Modified question 2

August 11, 2008

Vista can't get to desktop or safemode

I need help describing my problem. What is the name of the screen that you see with the various users listed as Vista Boots?

I need to know that because whatever the name of that screen is, it is the last screen I see, for about 5 or 10 seconds, before the computer I am working on shuts down and restarts.

I cannot get to the desktop (it reboots as soon as I try to click on a user and the word "Welcome" appears), I cannot start it safe mode (it reboots before it gets there), I cannot start it with automatic restart on system failure disabled- it just restarts so I do not see any bsods and error numbers . I cannot believe that Microsoft designed this OS so that it cannot be overlaid, (reinstalled over itself) without destroying users accounts and programs the way that XP could

I have cleaned a number of virus from the system and check the drives physical interity by scanning it with another computer. I have also found (and removed) one stick of bad memory. I have tried working with the Windows RE (Windows Recovery Environment) from the installation DVD. It runs through its startup recovery, it reports that Startup Repair could not detect any problems, yet when I the machine and then it reboots when it gets to whatever that screen is called.

I have done a clean install on an alternate drive and the machine seem run OK.

Can anyone help me?

 


http://www.vistax64.com/

 

dfg
dsfg
dfg
dfg
dfg
dfg


http://www.5starsupport.com/
(server down on first attempt

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Here is an iteresting post and possible lead from Major Geeks

http://forums.whirlpool.net.au/forum-replies-archive.cfm/929775.html


Got any files in C:\windows\minidump ? Cause if you do, try forum-replies.cfm?t=919982#r9

Well, as a matter of fact there are minidump files!


Download "Debugging Tools For Windows"

Pick the appropriate version:

www.microsoft.com/whdc/d.../installx86.mspx

www.microsoft.com/whdc/d...nstall64bit.mspx

\

bad links could this be it
http://www.microsoft.com/whdc/devtools/debugging/default.mspx

http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx#a

 

 

Don't download "Itanium" versions if you have a 64bit processor. You'll need the "x64" version down a bit further. (Edit: Clarification, if you run 32bit Windows on a 64bit CPU, you download the 32bit version).

Click on the Start menu and right-click (My) Computer.. for vista you'll need to click "Advanced System Tools" on the left too. Click on "Advanced" then on "Environment Variables".

Under "User Variables" add _NT_SYMBOL_PATH as a variable with the following value:

SRV*c:\websymbols*http://msdl.micr­ osoft.com/download/symbols

^^ (Whirlpool may add spaces in the above, there are NONE).

Click on Start, then on All Programs, under Windows Debugging you can open a command prompt directly into the required folder, make sure it's ran as an Administrator, so right-click and run as Administrator if you're in Vista.

Type in windbg.exe

Go to "Open Crash Dump" and choose the latest minidump .dmp file in c:\windows\minidump\

It will download some symbols from the web, and within a minute it will tell you what file caused the crash.

However, it's best to check more than 1 minidump file, if the results keep changing, then it's likely a hardware problem with cpu, memory etc..

 

 


End
Bench notes

Tried with alternate sticks of memory. No difference. Changed memory size and was offered the option to run startup repair again., so I did.

Startup Repair cannot repair this computer automatically.

Sending more information can help Microsoft create solutions.

Problem Signature
Problem Event Name: StartupRepairV2
Problem Signature 01: AutoFailover
Problem Signature 02: 6.0.6000.16386.6.0.6001.18000
Problem Signature 03: 2
Problem Signature 04: 65537
Problem Signature 05: unknown
Problem Signature 06: NoRootCause
Problem Signature 07: 0
Problem Signature 08: 2
Problem Signature 09: WrpRepair
Problem Signature 010: 2
OS Version 6.0.6000.2.0.0.256.1
Local ID 1033


View diagnostic and repair details
All tests seem to report error code 0x0 except

Root cause found:
Unspecified changes to system configuration may have caused this problem.

Repeir action: System files integrity check and repair
Result: failed. Error code = 0x2
Time taken = 480763 ms

 

**************

Try booting to repair and access command promt.

X:\windows\system32>sfc /scannow

Attempt to run SFC, can't still says:

"there is a system repeir pending whick requires a reboot to complete. Restar windows and run sfc again.

 

 

**********
8/16/08

Inspecting the eventlogs. , code integrity, see a lot of problems with\Device\HarddiskVolume3\Windows\System32\drivers\veteboot.sys is loaded into the system. Check with the publisher to see if a signed version of the kernel module is available.

Don't see that file in the fresh install or on my system. Internet search indicates it is part of CA antivirus. Could be the issue, would expect AV to kick in right about the login screen. For an experiment am going to replace the diver and the driver cache folders on problem drive with the ones from the clean installation.

Besides, if it is a driver issue, what is the worst that can happen, we can always get the drivers IF we can get it to boot.

WAS ONLY ABLE TO RENAME AND COPY THE DRIVERS FOLDER.

More questions raised, how do we delete those files and folders? Will programs like the un-locker work with vista?


Well, at least the machine realizes it has been having trouble starting. It is automatically going into self -repair mode. Now, we will just have to wait and see what happens.

 

Last entry from memory dump

PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffdf00c). Type ".hh dbgerr001" for details
Probably caused by : ntkrpamp.exe ( nt!ExfReleasePushLockShared+aa4 )

 


From Minidumps

nvlddmkm.sys 8/6
Ntfs.sys 8/3
ntkrnlpa.exe 7/26

adwarealert.sys 7/21 - 1

 

 

 

 

 


**********

OK, I give up, I am not going to "Save" this one. So, how do I rebuild it? I have check the list of program folders listed in "c:\program files" and there don't seem to be too many. I do have their Microsoft Office installation disk. So, I guess the biggest challenge will be to salvage the user (all 6 of them) accounts, at least their data. The big question is how.

If I am really lucky (and you know what the chances of that are) I will be able to use Vista's build in whatever its called transfer facility. But, it seems to me I looked at that a while ago and it was willing to work between networked computers but would not go to a slaved drive (even on the networked computer).

I could try to copy them but a test run took all night and I don't think I got them all. I tried again using "Superflexible File Synchronizer" but that did not do as well as a straight copy. It did not copy the contents of some users folders at all, claiming it was unable to access them, I assume due to password issues. So, now it is on to trying an Acronis True Image restore from the image.


Explain This To Me

Method Size Files Folders

Original 16.6 GB 28,076 2,042
SuperFlex copy 17 GB 29,962 2,399
Drag and Drop 18.6 48,456 5,529
Copy
True Image Restore 16.6 28,085 2,042


(A though occurred to me later that most if not all of the above could be different
if I ran them "As Administrator".)
Looks like none of them are perfect but True Image wins. There is, however, one problem. The original archive is infected and I don't want to copy that into a clean fresh install, so, I am going to disinfect the recently restored folders and then re-archive them in preparation for the actual transfer.

 

**********************

Reinstalled Vista from the Dell CD. It says that it moved the old installation files to c:\old.windows, so I am assuming the user files will still be there.

 

************************

I was right, the "Windows Easy Transfer" is set up to transfer between working computers, networked or at least capable of writing to CDs.

Search terms

Salvage vista user accounts

No exact matches, too many without quotes

Transfer vista user accounts -control

This one comes close but I think misses the point when the account you are trying to transfer is not active/alive.
http://forums.techarena.in/vista-help/803147.htm

 

This one might come closer
http://www.vistax64.com/vista-account-administration/102365-corrupt-user-account.html

This one looks heavy, uses Windows Easy Transfer under a number of scenarios.1
http://technet.microsoft.com/en-us/library/cc748927.aspx

Maximum PC's guide using Windows Easy Transfer via CDs
http://www.maximumpcguides.com/transfer-your-files-and-settings- from-xp-to-vista-by-burning-them-to-cd-or-dvd-using-windows-easy- transfer/

http://vistasquad.co.uk/files/folders/310/download.aspx

http://whitepapers.techrepublic.com.com/abstract.aspx?docid=269902


http://windowsvistablog.com/blogs/windowsvista/archive/2007/02/15/using-windows-easy-transfer.aspx

 


Merge user accounts in vista


http://forums.techguy.org/windows-vista/671332-how-merge-user-accounts.html

http://www.eggheadcafe.com/software/aspnet/31964500/how-can-i-merge-two-vista.aspx

 

 

merging user accounts in vista
Repairing Vista
Recovering Vista

Interesting buy no help here
http://www.istartedsomething.com/20070929/vista-sp1-recovery-disc/


Repair MBR
http://www.msfn.org/board/Recover-Vista-MBR-t83943.html

 

Help to Fix, Recover and Repair Windows Vista When a PC/Computer Crashes or Fails to Boot
http://www.pcbuyerbeware.co.uk/Recovering_Repairing_Windows_Vista.htm

 

 

While all of the above, at least so far, has proved very interesting, none of it is really addressing my question which is (as I recall) how to recover the user accounts from a crashed system. To that point I did a quick experiment on my Vista machine, after backing up the registry of course.

I fist copied the original user folder with its sub-folders to the user folder on my machine. Then created the user account. That did not use the folder I had copied but created a new one with a suffix of .ameek.pc. So I removed the copied folder and (through the control panel) remove the test user. Restarted and tried to establish that user again, this time with no information in my users folder.

While moving the data filled folders out of my user folder I noticed that I was moving ntuser files and as I recall from working with Windows XP user accounts, they might be best left unmoved.

Double check my user's folder and deleted reaming references to the test user. Shut down and restarted. Recreated the test user, logged off of my account and into the test user. Logged off the the test user and back on to mine. Check my user's folder ant the test user was back and looked OK. Copied all of the data (including ntuser files) into the test user's folder.

Well I tried to anyway, it won't let me copy ntuser.dat, ntuser.dat.log1, ntuser.dat.log2, ntuser.dat.(whole bunch of numbers).blf, 2 ntuser.dat.(whole bunch of numbers). REGISTRANS-MS files, UserClass.dat, UserClass.dat.LOG1, UserClass.dat.LOG2.

Guess what? It worked. I was able to log into that account (NO CRASH) and I can see their documents and favorites. Not sure about the rest but since I have no idea what they had I really won't know until the machine goes home and they have time to play with it. Stay tuned.

*********

Now to the clients machine.

I read in several of the searches I did for information about restoring, merging or recovering user accounts that it is best to install any and all software before trying to bring the users on-board.I instlled their copy of Microsoft Office 2003, Student and Teacher edition and the usual round of utilities, including Avast! Anti virus before setting up and importing the users and their data.

 


Tip for transferring user account information: allow, at least temporarily, all files, including hidden system files, for all foldrs.