Squishnet

Blue Screen – Windows XP BAD_SYSTEM_CONFIG_INFO

Posted on 23 August 2009

So the other week I hear from a user that their machine is borked. Typical BSOD I thought, let’s get into safe mode and find out what’s up. Doh – BSOD trying to get into safe mode. Nothing worked.  Everything I try results in the same error – BAD_SYSTEM_CONFIG_INFO STOP 0×00000074 (0×00000003, 0×00000002, 0×80087000, 0xc000014c) Well I figured I’d have to re-image the machine, but I came across a procedure to get around this error without rebuilding. I cleaned it up and posted it below. See here for the original post.  Also, Microsoft KB here.

This fix is a 3 phase process

• Phase 1 – use recovery console to access os and replace default registry files.
• Phase 2 – boot to Windows and grab files from system recovery area.
• Phase 3 – replace default registry files with recovery area files.

1. Boot to Windows XP
2. When you get to the XP installation menu choose R
3. Once the recovery console starts you will be asked to choose which windows installation you want to login to.  For most people this will be 1: C:Windows.  Hit 1 or select the correct windows installation.
4. Log in with the administrators password.
5. First create a new temporary directory “md c:\windows\tmpcopy”
6. Now copy the existing registry files to the temp directory created in step 5
   1. Copy C:\Windows\system32\config\system  C:\Windows\tmpcopy\system.bak
   2. Copy C:\Windows\system32\config\software  C:\Windows\tmpcopy\software.bak
   3. Copy C:\Windows\system32\config\sam  C:\Windows\tmpcopy\sam.bak
   4. Copy C:\Windows\system32\config\security   C:\Windows\tmpcopy\security.bak
   5. Copy C:\Windows\system32\config\default   C:\Windows\tmpcopy\default.bak
7. Remove the existing registry files after creating the backup files
   1. Del C:\Windows\system32\config\system
   2. Del C:\Windows\system32\config\software
   3. Del C:\Windows\system32\config\sam
   4. Del C:\Windows\system32\config\security
   5. Del C:\Windows\system32\config\default
   6. Note: if you receive an error when trying to delete these files, rename them instead by using a non-standard extension (CD C:\Windows\system32\config  rename system system.foo).
8. Now copy some default reg files to C:\Windows\system32\config to get the system to boot.  Windows won’t look the same and most programs won’t work after this boot, but that is fine.  We are just trying to get windows to boot.  These default registry files are located in C:\Windows\repair (XP) or C:\Windows\System32\config\regback (Vista).
   1. copy c:\windows\repair\system  c:\windows\system32\config\system
   2. copy c:\windows\repair\software  c:\windows\system32\config\software
   3. copy c:\windows\repair\sam  c:\windows\system32\config\sam
   4. copy c:\windows\repair\security  c:\windows\system32\config\security
   5. copy c:\windows\repair\default  c:\windows\system32\config\default
9. Exit the Recovery Console and Boot into Windows………If it worked then you are on the right track.  If not well?
10. In this part we will prepare to copy files from one of the system restore points that was created before the wheels came off.  You are using system restore aren’t you?  If not it’s probably time to reinstall all your applications
11. To copy registry files from a system restore point, you will need to make the system restore directory visible.  Using the system restore utility will not work because of what we did in steps 7 and 8.  Here is what to do.
    1. Start Windows Explorer
    2. Tools > Folder Options
    3. Click the view tab. Select “Show hidden files” and then clear “Hide operating system files” and click yes to confirm and ok.
    4. Navigate to the drive that Windows is installed on and look for the “System Volume Information” folder.  Most likely you will not be able to get into the “System Volume Information”.  To remedy this, right click on the folder, go to sharing and security and then the security tab.  If you don’t have a security tab, right click and choose “share this folder”.  Check both the “share this folder”  and “allow network users to change my files”. 
    5. On the security tab choose Add and then add the user you are logged in as.
    6. Now you should be able to open the folder.  Inside you will see (hopefully) a bunch of folders named similar to “_restore{guid}” like “”_restore{81AC3458-3199-486Z-145F-F86E60B3D3E3}”  These are the snapshots.
    7. Choose a folder that is dated before the event and open it.  Inside there should be a snapshot folder. (ex. C:\System Volume Information\_restore{81AC3458-3199-486Z-145F-F86E60B3D3E3}RP1Snapshot)
    8. From this folder copy the 5 registry files into C:\Windows\Tmpcopy folder.  The files you will copy are “registry_user_.default”,” _registry_machine_security”,”_registr_machine_software”, “_registry_machine_system”, “_registry_machine_sam”
12. Boot back to XP Recovery
13. Replace the temporariy default registry files
    1. delete c:\windows\system32\config\sam
        delete c:\windows\system32\config\security
        delete c:\windows\system32\config\software
        delete c:\windows\system32\config\default
        delete c:\windows\system32\config\system
        
        copy c:\windows\tmp\_registry_machine_software c:\windows\system32\config\software
        copy c:\windows\tmp\_registry_machine_system c:\windows\system32\config\system
        copy c:\windows\tmp\_registry_machine_sam c:\windows\system32\config\sam
        copy c:\windows\tmp\_registry_machine_security c:\windows\system32\config\security
        copy c:\windows\tmp\_registry_user_.default c:\windows\system32\config\default (Notice the period (“.”)
14. That’s it.  You should now be able to boot the system to XP and all your programs should work.
15. Consider running chkdisk or some other disk checker.  This type of problem is usually caused by a corrupt registry file which may indicate disk problems.