Don't let a blue screen stop you. Here's a guide to get your server back online quickly.
Resurrection, Step by Step
Don't let a blue screen stop you. Here's a guide to get your server back online quickly.
- By Jim Richards
- September 01, 2001
Here's a guide we developed in our disaster recovery
tests to resurrect machines hit with the bluescreen
error. This procedure can be used on Windows NT
4.0 Server, Workstation and Enterprise and Windows
2000 Professional, Server and Advanced Server
installations.
- Once you receive the bluescreen that I describe
in the main
article, make a note of the RAID device
(.sys file) that failed to load. Find this information
at the top of the screen. This will be the device
that is causing the conflict.
- Install a parallel copy of Windows NT into
another directory on the local C:\ partition.
Call this installation WINNTSOS.
Tip: By pressing the F6 key repeatedly when
the first blue screen appears during setup,
you can bypass the NT setup's auto-detect feature
and manually specify which driver you want to
load for the RAID device.
- Log into this newly built parallel copy of
Windows NT as the administrator.
- Click on Start|Run and type Regedt32. Open
the HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
key .
- Scroll down until you find the key that contains
the name of the RAID controller that is physically
present in the system you are working (shown
in the following figure). If you do not know
the name of your device, you can look in the
devices control panel applet to identify which
RAID device is started. You could also use a
text editor like Notepad.exe to review the .INF
file on your manufacturer's driver diskette
to identify the device key name.
- Use this table to identify the device key
name associated with your hardware:
Compaq
controller type |
Controller
type |
Compaq
3200 & Smart2 RAID devices |
CPQARRAY |
Compaq 4200
Series RAID devices |
CPQARRAY2 |
Compaq 5300
Series RAID devices |
CPQCISSM |
|
- Highlight the key and click on Registry|Save
Key. Save this key with the same name as is
displayed in the registry. This will avoid confusion
later. For example: Save a key named HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cpqcissm
as c:\cpqcissm.reg
- Scroll back up now and go to the key named
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root.
- Look for the name of the LEGACY key associated
with the driver. For example: HKLM\System\ControlSet001\Enum\Root\LEGACY_CPQCISSM.
- Follow the procedures in Step 5 and save the
key in the same location using the same naming
convention. Example: c:\legacy_cpqcissm.reg
- Scroll up to the top of the window and highlight
the HKEY_LOCAL_MACHINE key.
Note: It is important to determine the
name of the system root directory that was in
use by the restored (target) computer. By default
this name would have been c:\WINNT. If there
were previously multiple installations of NT
present on the system, this will have to be
identified before proceeding. When performing
Steps 10 and 11 you must know where the registry
hives for the restored (target) build are located
(%systemroot%\system32\config). If you modify
the wrong registry file, results can vary from
having no effect at all, to rendering the OS
not bootable.
- On the menu bar go to Registry| Load Hive
as shown here:
|
- A box will appear requesting the location
of the hive to be loaded. Browse to the location
of the system hive from the restored (target)
build and open the file named "system." This
file will usually be found in c:\winnt\system32\config
and will not have an extension. It will just
be named "system."
- When prompted for a key name, type in your
name. This is a display name that you will use
to differentiate between the active system hive
and the hive you just loaded. The name chosen
cannot be "system," as that name is in use already
by HKEY_LOCAL_MACHINE.
- Once you load the hive it should be visible
in the list directly under the root of HKEY_LOCAL_MACHINE.
Scroll down to key named "select" under the
hive you just loaded.
- Double click on this key to reveal the values
associated with this key on the detail pane
of the registry window. Verify which control
set is being used to boot the target system
by looking at the value listed as "Current."
The number following REG_DWORD: 0x will indicate
which control set the target build is scheduled
to boot from. For example: A value of 0x1 would
indicate that the system uses ControlSet001,
and a value of 0x2 would indicate that the system
uses ControlSet002:
|
- Once you've identified the "current control
set" for the target build double click on it
and scroll down until you get to the key named
"Services."
- Highlight the "services" key and go to Edit|Add
Key. Give this key the same name as the key
you identified earlier in Step 5. For example,
if the key was HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cpqcissm
the new key name would be cpqcissm. Leave the
class field blank for this key.
- Highlight the new key you just created and
go to Security|Permissions. Set the permissions
for "Everyone" to "Full Control." Press OK to
accept the settings.
- With the newly created key still highlighted,
go to Registry|Restore. Browse to the .reg file
you created earlier in Step 6. Select Open to
restore this file over the newly created key:
|
- With the newly restored key still highlighted
go back and reset the security permissions on
this key for "Everyone" to "Read." Make sure
you select the "Replace Permission on Existing
Subkeys" option. (This is because the restore
performed in Step 20 added new subkeys that
inherited the previous "Full Control" permissions.)
- Verify that the startup type for this new
device is "0" as shown in the following figure.
There are five different start values for devices.
0=boot, 1=System, 2=Automatic, 3=Manual, 4=Disabled.
Note the driver file name referenced in the
ImagePath.
- Scroll back up to the loaded hive and highlight
the subkey named ControlSet00x\Enum\Root. Go
to Security- Permissions and change "Everyone"
to "Full Control." Make sure you select the
"Replace Permission on Existing Subkeys" option
as shown here:
|
- With the "Root" key highlighted, go to Edit|Add
Key. Give this key the same name as the key
you identified earlier in Step 9. This key is
case sensitive and should be in upper case such
as "LEGACY_CPQCISSM." Leave the class field
blank for this key. This will create a new key
under "Root" with the name HKLM\YourName\ControlSet00x\Enum\Root\LEGACY_DEVICENAME.
- Scroll Down to this newly created key and
go to Registry|Restore. Browse to the legacy
.reg file you created earlier in Step 10. Select
Open to restore this file over the newly created
legacy key.
- Scroll back up and highlight the "Root" key.
Reset the security permissions on this key for
"Everyone" to "Read." Make sure you select the
"Replace Permission on Existing Subkeys" option.
- Go to HKLM\YourName\ControlSet00x\Services
and select the key associated with the device
that is causing the bluescreen identified in
Step 1. Notice that the startup type will be
"0" as shown here:
|
- Double click on the "Start" value for this
key and a box will appear allowing you to change
the value.
- Change this value to "4" and select OK as
shown here:
- Go to HKLM\YourName. Highlight this key and
go to Registry|Unload Hive as shown in the last
figure below. This will save the YourName hive
under the name "system" from the location you
originally loaded it from in Step 11. (%Systemroot%\system32\config\system).
- Copy the device driver file from the C:\WINNTSOS\System32\drivers
directory (noted earlier in Step 20) to the
%Systemroot%\system32\drivers directory for
the target build (usually c:\winnt).
- Reboot the system and select the restored
target build when prompted. The system should
now boot normally. Any additional devices that
cause the system to bluescreen can also be modified
using this procedure.
Remember to remove the C:\WINNTSOS directory
and all of its contents once you've booted successfully.
Also remember to modify the c:\boot.ini file and
remove any references to C:\WINNTSOS.