-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
2003 Server logging in then logging right back out...
- Thread starter Corbett
- Start date
RebateMonger
Elite Member
It's not SBS 2003, is it?
Any error messages at all?
Any error messages at all?
Thor86
Diamond Member
Is this a member server on a domain?
I've seen this behaviour on Member servers that were restored from backup.
If this is the case, you will need to login using the local administrative account, and possibly remove the system from the domain and re-add it afterwards as it seems like the security identification (SID) of the machine has become corrupted.
I've seen this behaviour on Member servers that were restored from backup.
If this is the case, you will need to login using the local administrative account, and possibly remove the system from the domain and re-add it afterwards as it seems like the security identification (SID) of the machine has become corrupted.
Yes I did add an external drive recently but I unplugged it before I rebooted and now I cannot login. It is 2003 server standard edition. No matter what local usename i use to login diretly to the server, it logs in thne immediately kicks me right back out to the login prompt. How would I go about editing my server registry from another pc? If I boot the server up and dont login I can still get to my mapped drives on the server from a client pc.
EDIT : Also, No i do not receive any type of error message. Its just immediately logs me right out after I login.
EDIT : Also, No i do not receive any type of error message. Its just immediately logs me right out after I login.
Yeah you drive letter shifted.
you'll need to edit your mountedevices regkey to correct this but first you'll want to get logged on. Leave the busted box sitting at the logon screen. Jump on a different box on the network and fire up regedit. From the File menu Connect to remote registry and specify the busted boxes name.
Find this regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the Userinit value on the right just clear out the path so that it just says, "userinit.exe," (with ending comma, no quotes of course).
you should then be able to immediately logon to the busted box.
Now you gotta fix mounted devices. Again there is a great KB article on it. Search on "mounteddevices" and "drive letter". It and the userinit article are cross linked to each other.
If you have some balls you can just do what I would do: backup the mountedevices key and then clear everything in it except (default) at the top. Reboot. The reboot will be a bit longer than normal as the key is rebuilt automatically. With just the tiniest bit of luck it will repopulate just the way you had it ...assuming you have that extra drive taken back out. If this works it's a much easier route. If not you can always take the long way mentioned in that KB.
Note that the mountedevices regkey is outside of your control sets so if you fat finger something a lastknowngood won't help you. If something horrible does goes wrong you can just boot with a windows\repair copy of your system hive, open the now bad hive and paste that mounteddevices regkey you backed up back in. Quite a bit of a hassle but can definately be done.
you'll need to edit your mountedevices regkey to correct this but first you'll want to get logged on. Leave the busted box sitting at the logon screen. Jump on a different box on the network and fire up regedit. From the File menu Connect to remote registry and specify the busted boxes name.
Find this regkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
In the Userinit value on the right just clear out the path so that it just says, "userinit.exe," (with ending comma, no quotes of course).
you should then be able to immediately logon to the busted box.
Now you gotta fix mounted devices. Again there is a great KB article on it. Search on "mounteddevices" and "drive letter". It and the userinit article are cross linked to each other.
If you have some balls you can just do what I would do: backup the mountedevices key and then clear everything in it except (default) at the top. Reboot. The reboot will be a bit longer than normal as the key is rebuilt automatically. With just the tiniest bit of luck it will repopulate just the way you had it ...assuming you have that extra drive taken back out. If this works it's a much easier route. If not you can always take the long way mentioned in that KB.
Note that the mountedevices regkey is outside of your control sets so if you fat finger something a lastknowngood won't help you. If something horrible does goes wrong you can just boot with a windows\repair copy of your system hive, open the now bad hive and paste that mounteddevices regkey you backed up back in. Quite a bit of a hassle but can definately be done.
SoulAssassin
Diamond Member
I would remotely check the sys log before making any of the changes listed above just to CYA.
Pardon my ignorance but how would i check the sys logs without being logged in?
Also, I will get back to you on this issue and let you know.
Are you sure its going to work? LIke I said, I plugged an external drive into this system and then unplugged it. Seems odd that would cause something like this.
Thanks again!
SoulAssassin
Diamond Member
From regedit, file/connect network registry....enter '\\nameofbustedserver'.
Yep, positive. This is how it happens:
234048 How Windows 2000 Assigns, Reserves, and Stores Drive Letters
http://support.microsoft.com/default.aspx?scid=kb;EN-US;234048
To get logged on so you can fix mounted devices use method 3 from this KB (same thing I was saying earlier):
249321 Unable to log on if the boot partition drive letter has changed
http://support.microsoft.com/default.aspx?scid=kb;EN-US;249321
If you are a bit shaky on how to regedit and check system logs remotely you're probably a better candidate for fixing this per the KB rather than just whacking mounted devices all together:
223188 How to restore the system/boot drive letter in Windows
http://support.microsoft.com/default.aspx?scid=kb;EN-US;223188
Both Regedit and Event Viewer can be used remotely from another computer. Like soulassasin said, just specify the busted computer with \\computername.
Good luck, let us know how it goes.
SoulAssassin
Diamond Member
So what does the sys log say?
Open computer manager, right click on local computer, connect to remote machine and check the event logs. Also, just curious if you can login via RDP. I'm guessing no, but give it a try.
Open computer manager, right click on local computer, connect to remote machine and check the event logs. Also, just curious if you can login via RDP. I'm guessing no, but give it a try.
Didnt check sys logs. Here is what I did :
Ran repair install on 2003 Server.
Noticed no anti-virus.
Installed Symantec 10.1 and SSC.
Rebooted and logged in fine.
Immediately Symantec finds about a ton of infected files.
W32.pinfi is the culprit.
Install Symantec on 10 other pcs in office.
Entire office in infected.
And they have only had the internet for 2 weeks there!
Ran repair install on 2003 Server.
Noticed no anti-virus.
Installed Symantec 10.1 and SSC.
Rebooted and logged in fine.
Immediately Symantec finds about a ton of infected files.
W32.pinfi is the culprit.
Install Symantec on 10 other pcs in office.
Entire office in infected.
And they have only had the internet for 2 weeks there!
Yeah, 1 pc i had to completely reload. I believe it is where the virus originated from. Was getting popups galore. To teach them a lesson i shut off the internet completely on that machine.
After reading up on symantecs site it seems like I just have to turn off system restore and run a scan in safe mode and that should take care of it. Will update when done tomorrow.
After reading up on symantecs site it seems like I just have to turn off system restore and run a scan in safe mode and that should take care of it. Will update when done tomorrow.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
