As part of a recent upgrade of a piece of 3rd party software, I recently restarted one of the Windows 2000 servers that I currently maintain, only to be greeted with this message:
"Windows 2000 could not start because the following file is missing or corrupt: \WINNT\SYSTEM32\CONFIG\SYSTEM".
Ouch. I rebooted the server, and after looking in the 'OS Choice' menu, I found that it didn't have the Recovery Console installed on it. After a bit of digging, I eventually found a set of four Windows 2000 Server boot disks (the CDs for Windows 2000 Server were not bootable) and booted up into the repair console.
To do this:
- Boot from the four Windows 2000 server boot disks. (See this link on how to make these if you don't already have them.)
- At the "Windows 2000 Server Setup, Welcome to Setup" screen, use the second option, "To repair a Windows 2000 installation, Press R."
- At the "Windows 2000 Repair Options" screen, use the first option, "To repair a Windows 2000 installation by using the recovery console, press C."
- At this point, you'll be given the option to choose which Windows installation you want to log on to. Usually, you'll just have the one. Type the number of the listed Windows installation and press enter.
- Now you're prompted for the Administrator password. (You ARE the administrator aren't you?) Once you have typed the password you are presented with a very welcome command prompt.
Of course, having been through this once, I've now checked that all of the Windows servers I maintain have the Recovery Console installed and available at boot time. (See below for details.)
At the Recovery Console
You might like to run chkdsk /f on the partition that contains the system files, just in case a damaged file system is the cause of your problem. If, when you reboot your server, you find the problem isn't resolved, you'll really wish that you had the Recovery Console installed but for now it's back to the floppy disks...
If the chkdsk /f didn't help, it's time to restore the Registry Hive to a previous version.
- Find the latest backup of your 'system' file.
- On Windows 2000, the orginal file will be in %SystemRoot%\Repair and backups will be in %SystemRoot%\repair\Regback
- On Windows 2003, the file will be in %SystemRoot%\Repair and will be the latest version created at the installation or during a backup.
- Change your working directory to %SystemRoot%\repair and check that you have a file called 'system'.
- Change your working directory to %SystemRoot%\system32\config. Rename the 'system' file to system.old
- Copy the 'System' file that you found in the first step to %SystemRoot%\system32\config.
- Reboot your server.
If your latest 'system' file is out of date like mine was, some parts of your system may be restored to a previous state and you may find that you have to fix some items manually. For example, because my server had been renamed since %SystemRoot%\Repair\system was last updated, I had to remove my server from the domain, rename it and re-join it to the domain. However, at least I had a server that booted again.
Don't copy the system.sav file over the system file as it is likely to be the system registry hive as it looked after the text based part of the Windows installer ran. (See below for details.)
Updating the Backup Files in the \Repair Directory
For the future, it's probably worth updating the files in the %SystemRoot%\Repair directory to match your current installation.
You could use the ERD Wizard to create a recovery disk which will update the %SystemRoot%\Repair directory during the ERD creation. However, if you don't want to create an ERD, you can just use the Backup tool to backup the System State. The files in the %SystemRoot%\Repair directory will be updated as part of the backup.
On a Windows 2000 Server backing up the System State will put the latest version of default, SAM, SECURITY, software and system into %SystemRoot%\repair\Regback, leaving the original files in place.
On a Windows 2003 Server backing up the System State will put the latest version of default, SAM, SECURITY, software and system into %SystemRoot%\repair\, overwriting the original files.
For Windows NT4, you can use rdisk /s. The /s tells the repair disk utility to NOT request a floppy to generate an new ERD, but to only update the \%SystemRoot%\Repair directory.
Installing the Recovery Console for Future Use
Booting from floppy disks is a slow process (if you can even create or use them at all), so why not install the Windows Recovery Console on to your servers now? To do this:
- Insert your Windows Server installation CD. (Or you could make the i386 folder available from the network if you prefer.)
- Click Start & Run, and then type WindowsInstallationMedia\i386\WINNT32.exe /cmdcons in the Open box.
- Click OK and follow the instructions on the screen.
- When you restart the server, you will have a new option for the Recovery Console in the boot menu.
Windows 2003 Server installation disks are bootable so this isn't such a big issue for Windows 2003 machines. You can just boot from the CD to the Recovery Console instead.
Standard Registry Hives and the Associated Files
- HKEY_CURRENT_CONFIG: System, System.alt, System.log, System.sav
- HKEY_CURRENT_USER: Ntuser.dat, Ntuser.dat.log
- HKEY_LOCAL_MACHINE\SAM: Sam, Sam.log, Sam.sav
- HKEY_LOCAL_MACHINE\Security: Security, Security.log, Security.sav
- HKEY_LOCAL_MACHINE\Software: Software, Software.log, Software.sav
- HKEY_LOCAL_MACHINE\System: System, System.alt, System.log, System.sav
- HKEY_USERS\.DEFAULT: Default, Default.log, Default.sav
Registry Hive File Extensions
- no extension: A complete copy of the hive data
- .alt: A backup copy of the critical HKEY_LOCAL_MACHINE\System hive. Only the System key has an .alt file
- .log: A transaction log of changes to the keys and value entries in the hive
- .sav: A backup copy of a hive
On Windows 2000 and Windows 2003 Server editions, the .sav file will most likely be a Hive backup from the text-mode stage of the server installation. It is created by the text-mode stage so that if the graphics-mode stage of setup fails, only the graphics-mode stage needs to be repeated when the computer is restarted.