Cannot log in locally

[ButtNut]

Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then closes and
end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because of
this we can't use the winternals ERD or the EBCD recovery tools to get in.
we placed the disk in another machine and at least we copied most of the
data off. But it would sure suck to have to re-intsall the OS and ALL of the
programs.
Any suggestions?
Please post answers here.
Thank you

 

[Roger Abell]

You say the message was that you could _only_ log in locally?
That is a new one on me!! Perhaps it was a message that you
could only log in with a local, temporary profile?

Evidently you did not have multiple accounts to try.
When you have a login process start, but then before getting
the desktop you are dumped back at the login screen, this is
often a failure of something that is configured to run at login
(like the login script). You could try replacing the login
script file with something that is guaranteed to work fine,
if your accounts are configured to use one that is. Also,
think over what things are set to run at login for all accounts
(assuming that it was creating a new temporary profile, and
failed to log in with it). Perhaps one of these items has
failed ungracefully.
Normally, I would suggest renaming the profile folder of
the account while you have the disk accessible from another
boot, as this will then force creation of a new profile for the
account at next login - however, it sounds like it was not able
to create a new temp profile so this is likely to be fruitless.

 

[Buttnuts]

I cannot login at all. after first try we get an error that says it
must log in locally then I get an error that it could not create
temporary profile. I have three admin user accounts and none of them
work. same thing happens.
There are no login scripts either, no need to connect to domain or
shared resources as there really arent any other than a mapped data
drive to our storage server.

You say the message was that you could _only_ log in locally?
That is a new one on me!! Perhaps it was a message that you
could only log in with a local, temporary profile?

Evidently you did not have multiple accounts to try.
When you have a login process start, but then before getting
the desktop you are dumped back at the login screen, this is
often a failure of something that is configured to run at login
(like the login script). You could try replacing the login
script file with something that is guaranteed to work fine,
if your accounts are configured to use one that is. Also,
think over what things are set to run at login for all accounts
(assuming that it was creating a new temporary profile, and
failed to log in with it). Perhaps one of these items has
failed ungracefully.
Normally, I would suggest renaming the profile folder of
the account while you have the disk accessible from another
boot, as this will then force creation of a new profile for the
account at next login - however, it sounds like it was not able
to create a new temp profile so this is likely to be fruitless.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then closes and
end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because of
this we can't use the winternals ERD or the EBCD recovery tools to get in.
we placed the disk in another machine and at least we copied most of the
data off. But it would sure suck to have to re-intsall the OS and

ALL of
the

programs.
Any suggestions?
Please post answers here.
Thank you

 

[Roger Abell]

When you had the disk attached to the other system did you
scan it for virii and other malware ?
When the disk was booted did you try use of last known good
boot ? (note: this will likely reverse the software update that
you mentioned having applied)

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

I cannot login at all. after first try we get an error that says it
must log in locally then I get an error that it could not create
temporary profile. I have three admin user accounts and none of them
work. same thing happens.
There are no login scripts either, no need to connect to domain or
shared resources as there really arent any other than a mapped data
drive to our storage server.

You say the message was that you could _only_ log in locally?
That is a new one on me!! Perhaps it was a message that you
could only log in with a local, temporary profile?

Evidently you did not have multiple accounts to try.
When you have a login process start, but then before getting
the desktop you are dumped back at the login screen, this is
often a failure of something that is configured to run at login
(like the login script). You could try replacing the login
script file with something that is guaranteed to work fine,
if your accounts are configured to use one that is. Also,
think over what things are set to run at login for all accounts
(assuming that it was creating a new temporary profile, and
failed to log in with it). Perhaps one of these items has
failed ungracefully.
Normally, I would suggest renaming the profile folder of
the account while you have the disk accessible from another
boot, as this will then force creation of a new profile for the
account at next login - however, it sounds like it was not able
to create a new temp profile so this is likely to be fruitless.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA

Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then closes and
end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because of
this we can't use the winternals ERD or the EBCD recovery tools to get in.
we placed the disk in another machine and at least we copied most of the
data off. But it would sure suck to have to re-intsall the OS and

ALL of
the

programs.
Any suggestions?
Please post answers here.
Thank you

 

[Buttnuts]

When the disk was attached to the other system I ran our Norton AV Corp
ed., AVG7, TrendMicro House Call, Ad Aware Pro, and BulletProof Spyware
remover (all upto the minute up to date). and nothing was found.
When the incident first occured I did try last known and had the same
problem. 'Could not log in into profile so creating temporary profile'
then cannot create temporary profile and back to log in screen.

 

[Roger Abell]

When the disk was attached to the other system I ran our Norton AV Corp
ed., AVG7, TrendMicro House Call, Ad Aware Pro, and BulletProof Spyware
remover (all upto the minute up to date). and nothing was found.
When the incident first occured I did try last known and had the same
problem. 'Could not log in into profile so creating temporary profile'
then cannot create temporary profile and back to log in screen.

That really blows ! but what is worse is that you have
due diligence, the ERD recovery ready and all, but unusable.
It seems the key is getting at why it cannot create a new
temp profile. Need to think on this a while . . .

Anyone else with ideas ??

 

[Buttnuts]

Yeah,
I've stepped away from it for a day to try and think of something. I
used the W2k Adv Srv boot/install floppies and tried to repair with an
erd i made just last week and still cannot log in <:0
I appreciate your help if you can think of ANY thing please post.
Thank you again

 

[Steven L Umbach]

Can you access the computer remotely to view the Event Log and file
permissions through the admin share/Computer Management - other computer or
such? Maybe something happened to file permissions. You would want to check
the root folder, documents and settings folder, and system folder all of
which should have full control for administrators and system and
read/list/execute for users. Also check for any deny permissions that can be
causing problems. Keep in mind that administrators are also members of
everyone and users group. If you can boot into Recovery Console [probably
not if you do not have it installed already] be sure to try that and run
Check Disk to see if there is any file/folder corruption it may be able to
fix. --- Steve

 

[Roger Abell]

I am wondering if ntuser.dat (or other parts of) in the
Documents and Settings\Default User profile got wiped.
Let's see . . . system boots but cannot create a usable
temporary profile . . . (and existing account profiles
are not usable) Hmmm explorer hooked in some way
so that userinit cannot fire up the shell ? . . .

--
Roger

Can you access the computer remotely to view the Event Log and file
permissions through the admin share/Computer Management - other computer or
such? Maybe something happened to file permissions. You would want to check
the root folder, documents and settings folder, and system folder all of
which should have full control for administrators and system and
read/list/execute for users. Also check for any deny permissions that can be
causing problems. Keep in mind that administrators are also members of
everyone and users group. If you can boot into Recovery Console [probably
not if you do not have it installed already] be sure to try that and run
Check Disk to see if there is any file/folder corruption it may be able to
fix. --- Steve

Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then closes and
end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because of
this we can't use the winternals ERD or the EBCD recovery tools to get in.
we placed the disk in another machine and at least we copied most of the
data off. But it would sure suck to have to re-intsall the OS and ALL of
the
programs.
Any suggestions?
Please post answers here.
Thank you

 

[Steven L Umbach]

Interesting. I don't think I have ever had a problem with corrupt default
user profile and the resulting symptoms/cure [other than restore it from
backup]. Hopefully if he can get a look in Event Viewer he will get more
helpful info. Not being able to boot from the cdrom makes it rough and makes
me wonder what is up with that. By the way Merry Christmas Uncle Rog! I
don't know if you celebrate or what, but enjoy the weekend either way. ---
Steve

I am wondering if ntuser.dat (or other parts of) in the
Documents and Settings\Default User profile got wiped.
Let's see . . . system boots but cannot create a usable
temporary profile . . . (and existing account profiles
are not usable) Hmmm explorer hooked in some way
so that userinit cannot fire up the shell ? . . .

--
Roger

Can you access the computer remotely to view the Event Log and file
permissions through the admin share/Computer Management - other computer or
such? Maybe something happened to file permissions. You would want to check
the root folder, documents and settings folder, and system folder all of
which should have full control for administrators and system and
read/list/execute for users. Also check for any deny permissions that can be
causing problems. Keep in mind that administrators are also members of
everyone and users group. If you can boot into Recovery Console [probably
not if you do not have it installed already] be sure to try that and run
Check Disk to see if there is any file/folder corruption it may be able
to
fix. --- Steve

Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then closes and
end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because
of
this we can't use the winternals ERD or the EBCD recovery tools to get in.
we placed the disk in another machine and at least we copied most of
the
data off. But it would sure suck to have to re-intsall the OS and ALL
of
the
programs.
Any suggestions?
Please post answers here.
Thank you

 

[Roger Abell]

I hope you have had a great Xmas too Steve, and yes,
I have had some family time . . .

As he did (does?) have the disk hung off of a bootable
system I cannot believe I had not though to mention
opening the event logs to see what was there !!! Doh!

--
Roger

Interesting. I don't think I have ever had a problem with corrupt default
user profile and the resulting symptoms/cure [other than restore it from
backup]. Hopefully if he can get a look in Event Viewer he will get more
helpful info. Not being able to boot from the cdrom makes it rough and makes
me wonder what is up with that. By the way Merry Christmas Uncle Rog! I
don't know if you celebrate or what, but enjoy the weekend either ay. ---
Steve

I am wondering if ntuser.dat (or other parts of) in the
Documents and Settings\Default User profile got wiped.
Let's see . . . system boots but cannot create a usable
temporary profile . . . (and existing account profiles
are not usable) Hmmm explorer hooked in some way
so that userinit cannot fire up the shell ? . . .

--
Roger

Can you access the computer remotely to view the Event Log and file
permissions through the admin share/Computer Management - other

computer
or

such? Maybe something happened to file permissions. You would want to check
the root folder, documents and settings folder, and system folder all of
which should have full control for administrators and system and
read/list/execute for users. Also check for any deny permissions that

can
be

causing problems. Keep in mind that administrators are also members of
everyone and users group. If you can boot into Recovery Console [probably
not if you do not have it installed already] be sure to try that and run
Check Disk to see if there is any file/folder corruption it may be able
to
fix. --- Steve


Please Help if you can,

we have a win2k sp4 750mb ram 40G hdd adv srvr [work group not a DC] that
was running well until yesterday. did a software update that required a
reboot and now we cannot log in. get a message profile cannot be created
and that we can only log in locally, log in process starts then

closes
and

end up back at the log in window. Also the system wll not boot from the
CDROM drive even after making sure the bios is set correctly. because
of
this we can't use the winternals ERD or the EBCD recovery tools to

get
in.

we placed the disk in another machine and at least we copied most of
the
data off. But it would sure suck to have to re-intsall the OS and ALL
of
the
programs.
Any suggestions?
Please post answers here.
Thank you

 

[Buttnuts]

Hi guys,
Thanks for the help. I could not open any of the event log files when I
put the drive into another madhine. told they are corrupt
I reset the permissions on the entire drive too.
When I place the drive back into the original server it looks like it
boots with no problems, gets to the clt alt del login. I enter the
admin username and password and it looks as if windows is loading; it
tries to connect to a networked drive(that is online and working),
cannot, askes if I wish to continue restoring network conntections and
whether I choose yes or no it then says 'saving configuration' and
takes me back to the login screen.
I did run chkdsk with /r and found no problems.
I am stumped [and unbelievable agitated]
Any other ideas? It would be great to be able to work tomorrow.
Thanks again.

 

[Roger Abell]

Can you run compmgmt.msc or usrmgr.msc remotely and over the
network define a new account ? Probably will end the same as
the attempts to define temp profile.
When you set the permissions on the drive, can we assume that
administrators were given full control, and you try to log in with
and admin, so there should be no issues now with profile NTFS
permissions.

 

[Buttnuts]

good idea tried one but didn't try the usrmgr.msc; though, as you said
might just get the same.
as for permissions, yeah, gave admins full and even added the
'everyone' group the the root with full - read, write, own etc.
Like I said I really appreciate the help.
If this were one of my clients this drive would have been wiped and a
clean install and what ever was back upped working by now; but as an
admin for many many diverse clients and systems and with loads of tools
and settings for a 'gazillion' things installed and configured I loath
the thought of a 'when in doubt - wipe it out' episode for me. I am
sure I probably would only spend a few days to get to where I was
but...
I CANNOT let a man made machine (and accompanying code - and possible
hack) bring me to my wits end.
I feel like a kid again. I do not want this to stop me.
Any way thanks again.
I am going to dig into this fargin corksucker tomorrow morn. With the
holidays have a little time to try to figure this out

 

[Roger Abell]

I hear you. Sometimes walking away from a system leaves this
distaste that there is some unknown looming in the future to bite
again when in fact there is a simple setting that would open the
path . . .

btw looks like I left the l off the front of lusrmgr.msc

 

[Buttnuts]

Again thanks for the help.
For now looks like I am going to have to set that drive aside and put
in another one and due the nasty and re-install, reload and reconfigure
it all over,
Man I hate that.
Although I am sure things will be faster and smoother. Just the time
thing and the fact that I still cannot figure out why I can't get in.
If anyone has any other ideas just let me know.
Thanks,
Peace to all and have a great New Years.

 

[Steven L Umbach]

OK. Good luck. Here is another link to check out. Probably a long shot but
worth a look at. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q249321

 

[Roger Abell]

Good thinking Steve. I guess I am so used to systems not even
completing the boot when the letter has shifted, but then I am
still in the W2k era/mindset on that and longing for the NT4 days.

I notice in the KB you referenced
<quote>
Change from:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current
Version\Winlogon\Userinit:Reg_SZ:C:\WINNT\system32\userinit.exe
Change to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current
Version\Winlogon\Userinit:Reg_SZ:userinit.exe
</quote>
which makes me wonder why they hardcoded the full path
into the reg value to being with !! I never knew one could
rely on the system using a searchpath at that point in time.