Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, January 1, 2019 8:27 PM
Hi,
Help me please!
I have accidentally deleted the HKLM\System\CurrentControlSet\Control\Lsa key and subkeys/values.
I recreated it from registry export but the Windows won't boot now.
It reboots before the desktop showing.
Safe mode won't boot, the BSOD reason is CRITICAL_PROCESS_DIED.
I can send the memory dump or Windows/System32/config/SYSTEM file.
I think ownership and/or permissions of key or subkeys/values is wrong but its not 100%.
I try to import the subkeys/values from a fresh installation but no success.
Its a Windows 10 upgraded from Windows 7 installed in early 2010's so i have hundreds of installed apps on it so i must rescue this installation.
Please help!
All replies (8)
Tuesday, January 1, 2019 11:34 PM
Create a Windows 10 installation media.Kindly follow all the instructions given there. Make a bootable USB drive.Make sure to set up your BIOS to boot from the USB drive.
After booting into setup, choose the Repair Computer option > Troubleshoot > Advanced Options > Command Prompt. If you are using a recovery drive, click Troubleshoot > Advanced Options > Command Prompt.
Once you have the command prompt up on screen, you will need to issue a set of commands to find and resolve issues that might be preventing your computer from booting.
Type BOOTREC /FIXMBR and hit <Enter>.
This command will attempt to fix any corruption issues with the master boot record.
If all goes well, you should see The operation completed successfully.
Next, type BOOTREC /FIXBOOT then hit <Enter>
If you are seeing an error such as Boot Manager is Missing, then the BOOTREC /RebuildBcd command might be able to fix it.
See also:
Recovery options in Windows 10
S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP
Wednesday, January 2, 2019 12:28 AM
Dear S.Sengupta,
I tried this but not helps.
Bcdboot C:\Windows too.
I think the bcd is okay, the problem is inside the following registry key: HKLM\System\CurrentControlSet\Control\Lsa
I dont have any restore points or any backup of the working registry :/
Thank you!
Wednesday, January 2, 2019 1:39 AM
Hi,
Thanks for your post in our forum.
Have you tried last know good? can it be helpful?
Boot the machine, and press F8, then select last know good to boot the machine, it will return the registry before the issue happened.
Hope above information can help you.
Thanks again for your understanding and support.
Best Regards,
Otto
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, January 2, 2019 10:45 AM
Dear otto wang,
The last known good boot option is only in Windows 7 but this is Windows 10 :/
I dont have HKLM\System\ControlSet002 backup (last known good) and Windows/System32/config/RegBack dir is empty too.
I have a complete dd backup of the Windows 7 before i upgrade to Windows 10 months ago but this wont boot too :/
I think its because all of the hardware parts is changed.
Thank you!
Wednesday, January 2, 2019 12:25 PM
I think its possible to the following keys is not okay:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG
The reboot is occur instead of the login screen shows.
--
SYSKEY
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\SecureBoot
- 1: SYSKEY is stored locally in the registry (SYSTEM file),
- 2: SYSKEY is derived from an administrator selected password, or
- 3: SYSKEY will be stored on a floppy disk
- encryption key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\JD,Skew1,GBG,Data}, HKEY_LOCAL_MACHINE\Security\Policy\PolSecretEncryptionKey, HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\F
--
I found the following links:
https://www.harmj0y.net/blog/activedirectory/remote-hash-extraction-on-demand-via-host-security-descriptor-modification/
https://download.openwall.net/pub/projects/john/contrib/pwdump/syskey.txt
http://moyix.blogspot.com/2008/02/syskey-and-sam.html
Anybody know how can i recreate the correct values to get the PC to boot?
Thank you!
Thursday, January 3, 2019 2:58 AM
Hi,
Thanks for your reply.
As I know, the last know good should also be on the windows 10.
Try the following steps.
Step 1. First, you click Start and select Power > Press and hold Shift > Click on Restart.
Step 2. Next, you select Troubleshoot > click Advanced Options > Click on Start Up settings.
Step 3. Now you click on Restart.
Step 4. After restarting Windows, the advanced boot options menu occurs on a black screen.
You just choose Last known good configuration (Advanced) and tap Enter.
Hope above information can help you.
Thanks again for your understanding and support.
Best Regards,
Otto
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, January 7, 2019 6:15 AM
Hi,
Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, January 10, 2019 6:07 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Otto Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].