Close but no cigar: Complex Boot Failure after System Restore (Win7)


  1. UD555
    Posts : 5
    Various
       New #1

    Greetings all. Well, I haven't had to bug you guys in quite a while, but I find myself back begging at the door. The situation is a bit complex, but tantalizingly close.

    The system has primarily run w7 for years, but still can dual boot the older Vista. I'm on the Vista right now. There are four physical drives. From vista, I can access the w7 c: drive as N:.

    Problems began last night with power hit and failure of backup supply.

    On boot, system wanted to check the disk, but complained it couldn't due to "recently installed programs." -- then proceeded to boot to w7 seemingly normally. I decided to do a system restore to prior to the program I had installed earlier in the evening, but restore complained that I needed to check the disk first. Trapped!

    I went ahead and uninstalled the program that had been recently installed.

    For the first time in ages, I booted to vista -- vista noticed the disk check issue on the win7 partition (I should note, both win7 and vista share the *physical* C: drive) and proceeded to successfully check it. There were about 5 orphan files and 5 index errors corrected.

    I rebooted and came back into win7 successfully. However, I felt unsure about the state of that previously installed program, and decided to do a restore to just prior to its installation. Restore seemingly OK. System reboots.

    At this point, win7 startup began failing. Apparently that restore was not the best idea I ever had.

    Boot sequence proceeds normally through "busy bar" animation to the point when the GUI would launch. At that point I see a message at the top of the screen too fast to read and the hardware reboots again.

    I cannot get into GUI or command prompt safe mode. Lots of drivers load, there's a long pause, then reboot. System Repair comes up clean on everything until it says "unspecified system changes may be preventing boot". When I try to restore to an even earlier restore point from within Repair it all proceeds and then says fail at the end. I turned on the boot logging but am unsure where that file is now. As noted I CAN access the w7 C: drive from Vista. In fact I just did another chkdsk on it and it comes back clean.

    My assumption is that probably a single file or some such was blasted. I very much want to try bring this system back without a full load -- I know I could copy off /Users and other data like that but there are many programs with complex configurations I do not want to lose if at all possible.

    I'm hoping to attack this as systematically as possible, but I need to throw myself at your mercy for a suggested line of attack.

    Thanks!

    Additional info. I now have the boot log -- it is quite lengthy.

    I have also managed to catch the error that appears just before the reboot (that is, busy bar runs, screen goes dark for a few seconds, this error flashes, then system reboots):

    It appears to be (I had to catch this on video and dig down to the frame):

    STOP: c000021a (Fatal System Error)
    The initial session process or system process te ... [cut off]

    Thanks!

    More info. The error message above appears to be described at:

    How to troubleshoot a "STOP 0xC000021A" error

    This is very illuminating, and describes how various "remote control" programs may
    replace the default winlogin DLL. And in fact, the program I had installed just before this entire sequence began was indeed a remote access program I was testing.

    So right now I'm trying to figure out how to get at the registry value for that system from over on Vista. I found instructions for using regedit on a different disk, and navigated (I think) over to the proper drive's \windows\system32\config\SYSTEM. At that point it requests a key name (apparently for reference) -- I just used FIX1. But navigating down into (what I believe is) that registry I do not find the key described in the KB article listed above.

    So right now my focus is in finding out how to get at the appropriate registry value on that drive (the C: drive for Win7, N: from Vista) and see if I can set the winlogin back to the default as described.

    Any clues appreciated! Thanks.
    Last edited by Brink; 11 Sep 2012 at 14:20. Reason: merged
      My Computer
    Quote Quote

  3. UD555
    Posts : 5
    Various
    Thread Starter
       New #2

    More info. Under Win7, control of the Winlogin is apparently under the registry path:

    HKLM/Microsoft/Windows/CurrentVersion/Authentication/Credential Provider Filters


    In my case containing:
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}


    and
    KLM/Microsoft/Windows/CurrentVersion/Authentication/Credential Providers
    In my case containing:
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{25CBB996-92ED-457e-B28C-4774084BD562}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{8bf9a910-a8ff-457f-999f-a5ca10b4a885}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{94596c7e-3744-41ce-893e-bbf09122f76a}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{AC3AC249-E820-4343-A65B-377AC634DC09}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
    HKEY_LOCAL_MACHINE\test\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}

    Most (but not all) of the Content Providers appear to be normal Win7.

    The Content Filter may not supposed to have any entry at all for standard login, but I'm not sure.

    Before I start screwing with this, any advice would be welcome. My goal again is to get back to standard Windows login. I believe the boot error I'm getting is because the Provider currently set is no longer valid due to the issues above.

    Any clues?

    Thanks!
      My Computer
    Quote Quote

  4. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #3

    Advanced Boot Options
    Do "Disable Automatic Restart on System Failure"
    Post all errors listed on BSOD
      My Computer
    Quote Quote

  6. Kaktussoft
    Posts : 10,796
    Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
       New #4

    Once you could logon normally. Then you did a "system restore". You can restore to "undo restore point"! Do it from win7 system recovery environment if even safe mode crashes
      My Computer
    Quote Quote

  7. gregrocker
    Posts : 50,642
       New #5

    Other steps for Troubleshooting Windows 7 Failure to Boot

    I would want each OS on a separate HD booted only via the BIOS (unplug all others during isntall) so if you come to step to Clean Reinstall consider it closely.
      My Computer
    Quote Quote

  8. UD555
    Posts : 5
    Various
    Thread Starter
       New #6

    So far when I've tried doing a restore -- to any of my restore points -- from the Recovery environment, the process seems to run OK, but eventually gives a "recovery error, nothing changes" error.
      My Computer
    Quote Quote

  10. gregrocker
    Posts : 50,642
       New #7

    Keep working through the steps and reporting back.
      My Computer
    Quote Quote

  11. UD555
    Posts : 5
    Various
    Thread Starter
       New #8

    It's been a while since I've looked at this, but as I recall the boot environment of this system is (or was) a bit odd, involving two physical drives. In any case, the system IS getting far along in the boot. It runs through the "idle lights" for quite a few seconds, then the screen goes dark for more seconds as would be typical, and at that point it fails. I am extremely suspicious about the fact that the remote control software had just been installed and uninstalled -- the c000021a error writeup specifically notes this issue of the login credential provider being changed. My suspicion is that the system is trying to vector through a credential provider that no longer exists, instead of the system login default. By definition, if that fails, the system is supposed to stop. But the referenced DLL does appear to exist.

    The full text of the blue screen error is:

    STOP c000021a (fatal system error)

    the initial session process or system process terminated unexpectedly with
    a status of:

    0x00000000 (0xc0000034 0x00100724)

    system shut down
      My Computer
    Quote Quote

  12. UD555
    Posts : 5
    Various
    Thread Starter
       New #9

    Win7 back up. For the record, Repair cycles were unable to fix the problem -- they just said "unspecified changes" were at fault, and the integrity scan found nothing wrong.

    So I worked my way back through all my restore points (from Repair's restore function). All but one would not restore. They churn for 10 or 15 minutes "restoring files" and then fail with "unspecified error." But the oldest one I had, from 8/26, did succeed. That got me back in, and though I found a bunch of services disabled for some reason (Window Defender, Volume Shadow Copy [needed for restore points]), etc., I re-enabled them and things look to be in pretty good shape. So while I don't really know the root cause of the problem, at least the problem was averted this time.

    Thanks all!
      My Computer
    Quote Quote

  13. gregrocker
    Posts : 50,642
       New #10

    I would post up your BSOD information in our Crashes section for expert analysis using this tool: Blue Screen of Death (BSOD) Posting Instructions - Windows 7 Forums
      My Computer
    Quote Quote

 

  Related Discussions
OOPS - complex possible failure
in General Discussion

Came back here today planning to research disk space consumption and clean up any unnecessary stuff. prior to using Disk Cleanup. Machine has been stable for almost a year. Got sidetracked. Found a thread that led me to run SFC/SCANNOW ... which seems to be consuming considerable resources. ...
Win7 pro x64. I can create images and restore them using bootable media , however if I attempt to restore an image using the Backup and Restore option in Control Panel, Specifically - Recover system settings or your computer>Advanced recovery methods>use a system image you created earlier to...
System Restore Failure
in Backup and Restore

Having trouble booting Windows. Have tried system repair and restore from multiple restore points and attempted startup repair infinite loop recovery. No luck so far. I've been having battery issues and have in the past recovered by using system restore. When I start windows normally, the...
I have recently installed windows ultimate x64 on my computer. i have an asus p6t deluxe v2 mobo, i7-960 cpu and a wd velociraptor hdd. The install went ok, I even managed to restart my computer a few times after but after windows updates installed it won't boot. I tried to boot into safe mode,...
System restore failure
in Installation & Setup

Hi, During a blackout the other night my comp was obviously shut off, when the power came back I turned on my computer and logged in. After about ten or fifteen seconds it gave the bsod and shut down, then continued to do that for a while. I asked a friend what to do and he suggested a system...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 13:07.
Find Us