Issue w/ hotfix 840987

  • Thread starter Thread starter Jeremy
  • Start date Start date
J

Jeremy

I have an SUS server setup at work and Thursday night I approved the
hotfixes that were released earlier this week. When I arrived at work
on Friday, I had an e-mail from a staff member that has WinXP on their
machine. The e-mail told me that they had received a registry
recovery message when they logged on to their computer. I went to the
machine and logged into the machine and had the following message
popup: "Windows - Registry Recovery : One of the files containing the
system's Registry data had to be recovered by use of a log or
alternate copy. The recovery was successful." (This is listed as
Event ID: 26 in Event Viewer). I uninstalled/reinstalled hotfixes
until I found which hotfix was causing the problem (hotfix 840987).
There is an NT4 domain setup and the message only occurs when logging
in with a domain account. If a local account is used, the message
does not show. If a domain account w/ a roaming profile is used, the
message occurs three times. I could not replicate this problem on any
Windows 2000 machines with the 2k version of hotfix 840987 installed,
only on the XP machines.
 
Jeremy,
I have been having the same problems with no luck so far. I have also found
out that if you run Group Policy on the PC. gpedit.msc that it will pop up
the same message.
 
Hi all

I have the same problem with over 100 machines. I found which file
generates such message. It is %windir%\system32\ntoskrnl.exe. You can
replace this file with earlier version located in
%windir%\$NTUninstallKB840987$ and the message disappears. Please try.
But I'm not sure it's safe. Maybe there are other security isues I
don't know yet.

Regards
Pawel
 
I have the same issue with multiple machines. I'd like to have a solution
other than replacing the ntoskrnl.exe. That negates the purpose of
installing the patch because whatever security hole this was fixing remains
open.
 
I have seen the same issue on over 100 XP desktops
Have not seen anything from Microsoft on this issue
- keep posting reports
 
Back
Top