Logon / Logoff loop

[Guest]

Hi

I'm stucked with the login logout loop on my XP pro sp2 swedish

Bakground is that I get a windows error (send to ms..) message from a
application during application execute. I was installed this application (a
serious) earlier during this session. Then I could not start the application
again after this message so I restared and now I have the logon logoff loop
for all local and domain acounts.
I can logon in correctly for all these acounts in safe mode.

I have done a registry restore both manually and thrue the system restore.
I have replaced userinit (blazefind), explorer and msgina.dll from another pc.
I have deleted all files as I can se from the installing application and
registry.
I have disabled all autostarts in msconfig.
I have run a spyware check.


When I logon, a fast change of background color appear for the profile
before message "saving settings appear and log me out back to logon screen.

I usually help people with this kind of problem as, but now its seems to be
my turn.
Any suggestions, what have I missed ?
Is someone know the start procedure scheme looks like after logon, with
files is involved?


Thanks,
Christer

 

[Will Denny]

Hi

Please try the following link to Jim Eshelman's web site:

http://aumha.org/win5/a/shtdwnxp.php

--


Will Denny
MS-MVP Windows Shell/User
Please reply to the News Groups

 

[Pegasus \(MVP\)]

Hi

I'm stucked with the login logout loop on my XP pro sp2 swedish

Bakground is that I get a windows error (send to ms..) message from a
application during application execute. I was installed this application (a
serious) earlier during this session. Then I could not start the application
again after this message so I restared and now I have the logon logoff loop
for all local and domain acounts.
I can logon in correctly for all these acounts in safe mode.

I have done a registry restore both manually and thrue the system restore.
I have replaced userinit (blazefind), explorer and msgina.dll from another pc.
I have deleted all files as I can se from the installing application and
registry.
I have disabled all autostarts in msconfig.
I have run a spyware check.


When I logon, a fast change of background color appear for the profile
before message "saving settings appear and log me out back to logon screen.

I usually help people with this kind of problem as, but now its seems to be
my turn.
Any suggestions, what have I missed ?
Is someone know the start procedure scheme looks like after logon, with
files is involved?


Thanks,
Christer

This is a well-known problem that is caused by your system drive
letter having changed. The cure depends on your setup: It's easy
if the machine is networked, much less easy if you have another
not-networked Win2000/XP nearby and harder again if it is a
stand-alone machine. What is your setup?

 

[Guest]

Hi

hmm.. I wonder how the system drive has changed..
I'm networked, and can also switch disks if needed, but I preferes network.
WinXp is installed and running on same C: drive, no boot managers but a D:
drive is a W98 that I somtimes switch to by bios change.

/christer

 

[Pegasus \(MVP\)]

Okej, du kan göra så här:
1. Start the problem PC (PC1) but don't log on.
1. Get onto a networked PC, PC2.
2. Run this command: psexec \\PC1 cmd.
3. Type this command: set system.
4. Run regedit.exe on PC2.
5. Open the registry of PC1.
6. Navigate to HKLM\System\MountedDevices of PC1.
7. Rename \DosDevices\Y: to \DOSDevices\Z:
where Y: is the system drive letter from Step 3
and Z: is the correct system drive letter (usually C.
8. Reboot PC1.
You can get psexec.exe from www.sysinternals.com.

 

[kenchi]

try this
boot to safemode as administrator, insert windows xp setup cd in th
cdrom drive. click start->run type "sfc /scannow" without quotes an
hit enter.
follow the instructions.

 

[Guest]

Hi
Sorry, I got this error message:
C:\Documents and Settings\Administratör>sfc /scannow
Det gick inte att initiera en sökning efter skyddade systemfiler.

Den specifika felkoden är 0x000006ba [RPC-servern är inte tillgänglig.
].

It is swedish (for pegasus) and means "Could not start a search for
protected system files, RPC server is not availiable) in english..
RPC serivice is started and I am logged on with administrator rights.

/christer

 

[Guest]

Hej

Sorry, error message is :
"Could not start PsExec service on PC1"

I have to use -u -p rarameters to get thrue..

In event log, the logon is ok, but nothing else then "DCOM could not start
in safe mode" in system log.

I tried to make a similar connection to a third pc, and its works fine.

(nice tool, it is like old LM days)

That would be nice if you respond if you know the cause of the error is, I
would also try more..

/christer

 

[Pegasus \(MVP\)]

The parameters you had to use would have established
your credentials on PC1, nothing more, nothing less.
Did you determine the System Drive letter on PC1? Did
you run regedit as I suggested? What DosDevices did
you see in Step 6?

Please provide full feedback on the eight steps I suggested.
Without your feedback I won't know how to continue.

 

[Guest]

Hi

1-2. PSEXEC connection from PC2 to faulty PC1 is ok.
(connection error depended that I started up PC1 in safe mode)

3. PC1 result:
SystemDrive=C:
SystemRoot=C:\WINDOWS

4-5. PC1 registry opens fine on PC2

6. PC1 result (execpt REG_BINARY data)
\DosDevices\A:
\DosDevices\C:
\DosDevices\D:
\DosDevices\E:

7. I'm not sure what to do here, as C: is already in list .. or?
..so I try to delete all of these keys and reboot , after all execpt E:
was back.

/christer

 

[Pegasus \(MVP\)]

OK, this tells me a lot more. Here is the full story:

The logon loop problem is caused by userinit.exe
not being in the system32 directory. This is usually
caused by the system drive letter being incorrect,
which can happen after manipulating partitions or
performing disk imaging actions. It can be fixed by
restoring the correct system drive letter.

In your case the system drive letter is correct. Deleting
the DosDevice values did no harm but it did not do
much good either.

The same problem can also be caused by some versions
of AdAware. The following link used to have a solution
but it appears to be off the air:
http://www.smile-computers.nl/helpdesk/unablelogonadaware.htm
You can google for links with this string: "userinit.exe" logon.
Perhaps the Lavasoft FAQs have a hint - de befinner sig
i ditt eget land!

As a quick solution you could make a network connection
from PC2 to PC1 and copy an intact version of userinit.exe
to the system32 directory of PC1. At the same time you
must make sure that no other file called userinit.* exists.
If it does then you should rename it to render it inactive.

Lycka till!

 

[Guest]

Hi Pegasus, and thanks for "lycka till" , that and my patience helped me a bit!

Here is the history:

Your suggested link seems now be instead:
http://www.smilecomputers.nl/helpdesk/unablelogonadaware.htm
It seems to be for blaze find issues, and I can not se anything that
blazefind should be the cause.

I tried to reinstall xp sp2 to se if it might repair any corrupted file.
But no changes as I could se, and I guess I also need to logon to finnish
the reinstall, as I se that it is several tasks left in the "runonce" key ,
and I can not logon in sharp mode..

I also tested the userinit.exe in registry to se if the startup process
really try to access this file, and it does acces file ok, and if I remove
the file , I also come in to the logon loop in safe mode.

BUT!!, when I rename the userinit.exe file to e.g. test.exe then I can logon
ok!
(at last.. 5 days later, and my work queue increases every hour ..)

I then try to rename back the file, and same loop occour.

So now my Winlogon key in registry points to c:\windows\system32\test.exe,
but I would like to get it back to original setting.
Have you any clue how I could continue or if there is another path to
userinit somewhere, I can not find any other pointer in registry that maybe
could have an influence.

/christer

 

[Pegasus \(MVP\)]

If I understand you correctly then you currently have this situation:

a) If then Winlogon key in registry points to c:\windows\system32\test.exe
and if the file c:\windows\system32\test.exe is identical to the file
c:\windows\system32\winlogon.exe then you can log on successfully.

b) If then Winlogon key in registry points to
c:\windows\system32\winlogon.exe
then your log on process loops.

You have done some very nice trouble-shooting work to arrive at this
solution. Even though it is temporary, it now lets you use your machine
again.

I can think of several reasons why b) should not work:
- The file c:\windows\system32\winlogon.exe is not the same as the
file c:\windows\system32\test.exe.
- The file c:\windows\system32\winlogon.exe has ntfs attributes that
make it inaccessible to the logon process.
- You have a virus that intercepts all calls to winlogon.exe.