From: John John - MVP on 9 Jun 2010 15:51 Felix wrote: > Hey John John... > > When I boot up my laptop as usual, it gives me BIOS options and then the PGP > screen appears. I enter in my company network password and I receive the > 'Safe Mode' options screen. I choose 'Start Windows Normally' and the Windows > Logo Boot screen appears and simulate loading the OS as it always has before > my system crashed. The, out of the blue, I get a BSOD...Session3, etc. > > When I boot to that slipstreamed Windows XP Install CD, I do not receive any > prompts from PGP nor do I have to login(?). Per the details I provided last, > I'm able to get to the Recovery Console. So you're saying that I can not > 'chkdsk' nor 'fixboot'? No, because the disk is still encrypted. When you boot the pc it will boot to the selected device, either the hard disk or the CD, it can't boot both at the same time. When you set the computer to boot to the hard disk the BIOS loads the MBR (sector 0 on the disk) and then passes the boot process to the MBR. Your PGP encryption program has a hook in the MBR, it replaced or modified the IPL so that it can present you with the PGP screen where you can enter your pass phrase which will unlock the drive and allow the boot process to continue. When you boot to the CD the BIOS completely ignores the hard disk and its MBR, instead it loads the boot image on the CD and then passes the boot process to the boot image, the PGP hook doesn't run and the drive remains encrypted. So, effectively, you are in a catch 22 situation, you cannot remove encryption unless you boot with the hard disk yet you need to boot to the CD to run the Recovery Console but the RC cannot do anything on the encrypted disk. To do anything with this non booting encrypted disk you will have to mount it in another computer with PGP software installed and you will have to provide the encryption key to unlock it. Or you will have to somehow remove the PGP encryption and return the MBB to its previous state. Whatever you do *DO* *NOT* try to run the fixmbr command on this disk while it has PGP encryption! > A laptop tech sent me a replacement HDD for my model laptop. I haven't > checked it out but all HDDs have PGP on them. I may or may not have to load > it myself. But what I'm gathering you're saying is that I have to remove my > corrupt SATA HDD, apply a SATA adapter or PE Disk(?), insert my new SATA HDD > (not sure if its got PGP installed already) into laptop and connect my SATA > HDD adapter corrupt HDD to my laptop's USB port instead of 'chkdsk' or > 'fixboot'? I mean, it's sounds as if I need to disable PGP on my corrupt HDD > after plugging it and the adapter into my laptop and mounting to new SATA HDD > my company has sent me. If not, what options do I have with 'chkdsk' or > 'fixboot' in this scenerio? Forget about fixboot for now, there is most likely nothing wrong with the boot sector. If you can unlock the disk you could run a chkdsk on it from another up and running Windows installation and you could verify the integrity of the Smss.exe file. As stated earlier you can't do anything with this disk while it is encrypted. Unless you can mount the disk to another computer with PGP software and unlock it your IT people or tech support at PGP are really the only ones who can help. Probably PGP has a method of removing encryption on non booting disks but it is a question that you will have to ask them. You should be able to mount your laptop's SATA drive in any desktop that has a SATA controller, the SATA connections are the same. Or you can put it in a USB enclosure and access it with the laptop (after you install your new hard disk with the new Windows installation in it). > Thanks for your additional insight! You're welcome. John > > "John John - MVP" wrote: > >> PGP encryption puts a 'hook' in the MBR, when you boot the hard disk the >> MBR hook runs a programs that presents you with the PGP screen so that >> you may unlock the disk. Do you actually see this PGP screen when you >> boot with the Windows CD? If no then the disk remains encrypted and >> there is diddly squat that you will be able to do with the Recovery >> Console. The next best thing would be to install PGP on another >> computer and then mount the disk on that installation and then see if >> you can unlock the disk or remove the encryption on the disk from the >> other Windows installation. >> >> John >> >> Felix wrote: >>> I did to two days ago before submitting this post. There response was >>> reimage, reimage, reimage. I stalled them and asked for a replacement drive >>> to be shipped. I can return this corrupt drive at ANY time. In the mean time, >>> I post here and hopped that I could at most install new SATA drive and use >>> SATA HDD adapter on my corrupt drive to recover Favorits, MyDocs & Desktop >>> files...two years worth. >>> >>> If you're familiar with PGP, when an OS is operational, there's a passkey to >>> disable it. I could disable it, sure and debug it like I am. But they see >>> that as a waste of man-hours, so consider me moonlighting while I support my >>> users from a personal PC using OWA. And how in the world could they help me >>> especially if I'm at DOS level and can't access OS. I can access my PGP >>> screen which appears after BIOS loads, but as you know, I can't boot into OS. >>> >>> "John John - MVP" wrote: >>> >>>> You *really* need to contact your IT department for help with this! >>>> There is no way to fiddle about with this if the whole drive is >>>> protected with PGP encryption, trying to access the disk or files may >>>> only cause more problems or even cause you to lose all the files on the >>>> disk. >>>> >>>> John >>>> >>>> Felix wrote: >>>>> Hey John John & Jose: >>>>> >>>>> I believe I successfully created a 'slipstream' Windows XP install CD using >>>>> nLite. I don't think I have any extra partitions on my (C:) drive either. But >>>>> read on and you decide if its relevant or not in what I'm doing per using >>>>> both your instructions. >>>>> >>>>> Long story short, I booted to CD, selected F6 and after processing drivers, >>>>> the Install asked me to press 'S' to load additional storage drivers(?). One >>>>> way or another if I recall, the installation the installation gave me two >>>>> options. One was to select 'Enter'. When I did, I was given the Windows >>>>> Install and Recovery Console options. I selected Recovery Console and the >>>>> system went into DOS. Yippiee! No other external (storage) devices were >>>>> attached to my PC but the power cable. Now the hard part. >>>>> >>>>> It gave me a (C:) prompt. So I typed 'Windows' (without quotes) at prompt >>>>> and it says..."command is not recognized." >>>>> >>>>> Next at (C:) prompt, I typed "cd windows" and it says..."the path or file >>>>> specified is not valid. >>>>> >>>>> Next at (C:) prompt, I typed "DIR" and it says..."Directory of C:\ (space) >>>>> An error occurred during directory enumeration". >>>>> >>>>> Next at (C:) prompt, I typed "chkdsk" (without quotes) and it says..."the >>>>> volume appears to contain one or more unrecoverable problems". >>>>> >>>>> Next at (C:) prompt, I typed "fixboot" (without quotes) and it says..."the >>>>> target partition is C. Are you sure you want to write a new bootsector to the >>>>> partition C"? >>>>> >>>>> It's holding at that prompt, I'm nervous and I must admit I've maxed out my >>>>> knowledge up to this point? I recall these commands from my days back when >>>>> administering Windows NT (blah!!), but can't remember what to do next nor >>>>> what to do after that to fix smss.exe file(?) and or get the OS to load like >>>>> it used to. I'd like to recover my Favorites, MyDocs and Desktop files bare >>>>> minimum. Oh and I'm running a PGP encryption program my company made >>>>> mandatory on our laptops. I'm nervous cause I think I'm close to recovery?!?! >>>>> (knock-on-wood) If this is what successfully 'slipstreaming' and booting SATA >>>>> drive does, thanks too!! What do I do next, fellows? chkdsk or fixboot? >>>>> >>>>> "John John - MVP" wrote: >>>>> >>>>>> Jose wrote: >>>>>>> On Jun 8, 3:12 pm, Felix <Fe...(a)discussions.microsoft.com> wrote: >>>>>>>> Hey Jose. Appreciate help thus far! To answer your question, I have a Windows >>>>>>>> XP Install CD...the original CD. No copies. >>>>>>>> >>>>>>>> When I boot to the CD, and opt to select Recovery Console, the CD >>>>>>>> immediately prompts me that "...there aren't any drives installed on the >>>>>>>> system. Select F3 to exit." >>>>>>>> >>>>>>>> As a test, I reboot the PC onto same CD and simulate formatting drive with >>>>>>>> new XP install. Instead of selecting Recovery Console, I select 'ENTER' to >>>>>>>> bring up prompt to install Windows XP. Instead, it prompts me that "...there >>>>>>>> aren't any drives installed on the system. Select F3 to exit." >>>>>>>> >>>>>>>> When my system originally crashed, I was surfing the 'Net and it simply >>>>>>>> dragged (mouse) to a stand-still. Couldn't open Task Manager. So I pressed >>>>>>>> the laptop's power button for 2 seconds and it powered down. When I powered >>>>>>>> laptop backup, I logged into company's PGP password screen as usual but got >>>>>>>> the 'Safe Mode' options screen. I simply clicked on 'Start Windows Normally' >>>>>>>> option and it blue screen to Session3 error. After checking BIOS, didn't >>>>>>>> change anything, I powered down laptop and reseated its hard drive >>>>>>>> thoroughly. I removed all peripheral USB devices and the network cable. >>>>>>>> Booted up and still received Session3 BSOD. Then that's when I tried the >>>>>>>> recovery option. Granted, I did not change anything nor did I choose to >>>>>>>> format the HDD AND if I let the system boot normally, it BSODs AFTER the >>>>>>>> Windows Logo boot screen appears. So the OS IS trying to load!! I just wanna >>>>>>>> get in a download my Favorites, MyDocs and Desktop files before an inevitable >>>>>>>> reimage. Appears the Smss.exe is corrupt. Is there an adapter I can attach to >>>>>>>> this SATA HDD to tether to another PCs USB port, mount it and download those >>>>>>>> items? >>>>>>>> >>>>>>>> Oh and whenever I'm given the option to select the BIOS system recovery >>>>>>>> option after reboot (F11), I receive the Unmountable Boot Volume BSOD. >>>>>>>> >>>>>>>> Its a SATA hard drive in a 2008 Lenovo T61 laptop. Emptied quarantied items >>>>>>>> from SAV11 early last week. Thanks again for any advice you all can offer! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> "Jose" wrote: >>>>>>>>> On Jun 8, 11:48 am, Felix <Fe...(a)discussions.microsoft.com> wrote: >>>>>>>>>> Thanks Jose. I have SAV v11. After VPN'ing into company network repeatedly >>>>>>>>>> over 8 months ago to present, Network Admins scheduled SAV to run everyday at >>>>>>>>>> 12:02am. My system crashed at 3:11am while browsing the 'Net. But when I run >>>>>>>>>> Recovery Console from a Windows bootable Recovery Console CD (ie, Windows XP >>>>>>>>>> Install CD), the installation prompts me that there aren't any drives >>>>>>>>>> installed on the system. >>>>>>>>>> But the HDD diagnostic I run via BIOS indicates that HDD drive tests just >>>>>>>>>> fine. Any thoughts? >>>>>>>>>> "Jose" wrote: >>>>>>>>>>> On Jun 8, 3:36 am, Felix <Fe...(a)discussions.microsoft.com> wrote: >>>>>>>>>>>> I'm running a Lenovo laptop with PGP Encryption Windows XP SP3 SATA hard >>>>>>>>>>>> drive. This is my work laptop I've had since October 2008 without issue. I'm >>>>>>>>>>>> somewhat of a low-level techie working permanently from home and my company's >>>>>>>>>>>> IT Dept is 2000 miles away. But these following errors/BSODs escapes me. Two >>>>>>>>>>>> days ago, the system stalled and I elected to hard reboot the system. When it >>>>>>>>>>>> came back up, I logged into PGP login screen as usual and received the 'Safe >>>>>>>>>>>> Mode' screen options. I clicked 'Start Windows Normally' option, the Windows >>>>>>>>>>>> Logo boot screen appears like it's gonna load the OS but then it BSODs to >>>>>>>>>>>> "Session3 Initialization Failed STOP:0x0000006F >>>>>>>>>>>> (0xC000000E,0x00000000,0x00000000,0x00000000)". Rebooting and selecting any >>>>>>>>>>>> of the three Safe Mode options and 'Last Known Config' results in the same >>>>>>>>>>>> BSOD error message. I removed my USB devices and the network cable from >>>>>>>>>>>> laptop. Only power cable is connected...wireless is disabled. I had some >>>>>>>>>>>> Lenovo ThinkPad system recovery CDs. Although I've never backed up my hard >>>>>>>>>>>> drive (HDD), I booted to those recovery CDs. But they did not detect the >>>>>>>>>>>> laptop's HDD. Hmmm? I select F1 to check if HDD is listed and what order in >>>>>>>>>>>> boot list. I move it above the CDRom Drive. While in BIOS, I ran a hard drive >>>>>>>>>>>> diagnostic and the HDD was detected and passed diagnostics!! WooHoo! So I >>>>>>>>>>>> used a recovery tool embedded in BIOS called ThinkVantage. When I run it, it >>>>>>>>>>>> gives me three options...1. it takes me back to the BIOS options page, or 2. >>>>>>>>>>>> connect to an external USB device or 3. reboot PC. I choose to reboot PC >>>>>>>>>>>> since there's no other changes needed to BIOS and it boots back to the PGP >>>>>>>>>>>> encryption page. After entering my company password, the next screen gives me >>>>>>>>>>>> an option to select F11 and enter a 'system recovery mode'. After selecting >>>>>>>>>>>> F11, I receive...BSOD "Unmountable Boot Volume - STOP: 0x000000ED >>>>>>>>>>>> (0x89A3E550, 0xC000014F, 0x00000000, 0x00000000)". So I hard rebooted onto a >>>>>>>>>>>> Windows XP Install CD to run Recovery Console so that I could at least run >>>>>>>>>>>> checkdisk or fixboot. After selecting 'R' to run Recovery Console, the >>>>>>>>>>>> Installation prompts me that there aren't any drives installed on the >>>>>>>>>>>> system!!! If so, how is it that my laptop runs successful HDD diags and the >>>>>>>>>>>> OS almost boots if I select 'Start Windows Normally/Last Known Config'? If I >>>>>>>>>>>> plug in an external USB HDD, the Recovery Console detects it as the (C:) >>>>>>>>>>>> drive. If I unplug external USB HDD, reboot and run Recovery Console again, >>>>>>>>>>>> the Installation still prompts me that there aren't any drives installed on >>>>>>>>>>>> the system!!! I've seen this before back in the day using IDE drives. I'd >>>>>>>>>>>> simply slave it out, mount it and copy corrupt HDD files to new HDD. What >>>>>>>>>>>> I've found so far is that the Smss.exe file may be corrupted by >>>>>>>>>>>> virus...that's where Recovery Console comes in right?Is this possible with >>>>>>>>>>>> SATA? Is there an adapter I can buy to connect HDD to USB port or even if I >>>>>>>>>>>> do, wouldn't I come into problems with my PGP encryption program? Thanks in >>>>>>>>>>>> advance for your response(s)! >>>>>>>>>>> I hope you have not FUBAR'd your system with experimental >>>>>>>>>>> troubleshooting methods. >>>>>>>>>>> Here is my standard response to your first symptom. >>>>>>>>>>> If you mean you are getting a STOP error that says something like: >>>>>>>>>>> SESSION3_INITIALIZATION_FAILED >>>>>>>>>>> *** STOP: 0x0000006F (0xc0000034, 00000000, 00000000, 00000000) >>>>>>>>>>> The usual culprit is some (poorly designed) antivirus software - >>>>>>>>>>> perhaps Avast!, AVG or Avira that has deleted or quarantined necessary >>>>>>>>>>> XP files such as the Windows Session Manager file: >>>>>>>>>>> c:\windows\system32\smss.exe >>>>>>>>>>> I suppose it could have been really infected and quarantined, but that >>>>>>>>>>> has never been my experience. >>>>>>>>>>> What antivirus software are you running and did you just use it prior >>>>>>>>>>> to this incident? >>>>>>>>>>> If the files have been quarantined or deleted, you can replace them >>>>>>>>>>> from the copies that are already on your HDD, but to do so you must >>>>>>>>>>> boot your system into the Windows XP Recovery Console. >>>>>>>>>>> Boot into the Windows Recovery Console using a bootable XP >>>>>>>>>>> installation CD, or create on a bootable XP Recovery Console CD. >>>>>>>>>>> This is not the same as any recovery disks that might have come a >>>>>>>>>>> store bought system. If you are not sure what kind of bootable CD you >>>>>>>>>>> have, make a bootable XP Recovery Console CD and be sure. >>>>>>>>>>> You can create a bootable XP Recovery Console CD when no XP media is >>>>>>>>>>> available by following the directions in this link: >>>>>>>>>>> http://www.bleepingcomputer.com/forums/topic276527.html >>>>>>>>>>> There are three possibilities for these missing files that result in >>>>>>>>>>> the SESSION3 or SESSION5 type message: >>>>>>>>>>> Windows\System32\smss.exe <--most likely, so replace this one first >>>>>>>>>>> Windows\System32\ntdll.dll >>>>>>>>>>> Windows\System32\ntoskrnl.exe >>>>>>>>>>> After booting into the XP Recovery Console, you should be in the C: >>>>>>>>>>> \WINDOWS folder. If you are not in the C:\WINDOWS folder you have >>>>>>>>>>> some other problem that you need to fix first. >>>>>>>>>>> When copying files, you may be replacing existing files with the >>>>>>>>>>> copies, so respond in the affirmative if asked to overwrite existing >>>>>>>>>>> files. If the copy succeeds, you should see a message that the file >>>>>>>>>>> was copied successfully. >>>>>>>>>>> In the Recovery Console, from the C:\WINDOWS prompt, enter the >>>>>>>>>>> following commands: >>>>>>>>>>> cd system32 >>>>>>>>>>> copy c:\windows\system32\dllcache\smss.exe >>>>>>>>>>> exit (your system will restart) >>>>>>>>>>> Depending on your system configuration, you may need to copy the files >>>>>>>>>>> from another location, so if they are not in the dllcache folder for >>>>>>>>>>> some reason, enter the commands like this: >>>>>>>>>>> cd system32 >>>>>>>>>>> copy c:\windows\ServicePackFiles\i386\smss.exe >>>>>>>>>>> exit (your system will restart) >>>>>>>>>>> If the problem persists, repeat the process for the other two files: >>>>>>>>>>> ntdll.dll >>>>>>>>>>> ntoskrnl.exe >>>>>>>>>>> . >>>>>>>>> Hmmm... sounds like some hardware issue. >>>>>>>>> You will not get far with the SESSION messages until you can boot on >>>>>>>>> something. >>>>>>>>> What does "my system crashed" mean exactly and what did you do after >>>>>>>>> that to try to get going again? >>>>>>>>> Was the power button, battery removal or any plug pulling involved? >>>>>>>>> Did you make that Recovery Console CD or are you using something else >>>>>>>>> and if something else is not a genuine bootable XP installation CD, >>>>>>>>> make the RC CD as directed and be sure to test it for bootability in >>>>>>>>> any other XP machine - like the machine you used to make the RC CD. >>>>>>>>> You don't need the "what CD should I be booting on or if this CD even >>>>>>>>> works at all" variable in your equation. Eliminate it. >>>>>>>>> Is that what the message says when you try to boot on the CD: >>>>>>>>> there aren't any drives installed on the system >>>>>>>>> Here come the "slave the hard disk in another machine" ideas (perhaps) >>>>>>>>> but what you describe >>>>>>>> ... >>>>>>>> >>>>>>>> read more ยป >>>>>>> John John could be right about the SATA drivers (Arg!) - they will not >>>>>>> be there to load with your RC unless you interrupt the loading of RC >>>>>>> by pressing F6 when RC is starting and then point it to where your >>>>>>> SATA drivers are. Watch for that message when you boot RC and go >>>>>>> ahead and press F6 (but you still need to come up with the SATA >>>>>>> drivers). I forgot about that part. >>>>>>> >>>>>>> Somebody had to have them to install your Windows XP - the tough part >>>>>>> may be finding the correct ones. >>>>>>> >>>>>>> They would usually be (or they used to be) on a floppy disk, but if >>>>>>> you have no floppy, no problem. >>>>>>> >>>>>>> Use this software to make yourself a "new" XP Recovery Console CD and >>>>>>> you can include all the "extra" files you want on the CD. >>>>>>> >>>>>>> http://artellos.com/arcdc-page >>>>>>> >>>>>>> Now having these "extra" files on a bootable recovery CD is very >>>>>>> convenient for troubleshooting common problems of malicious software. >>>>>>> I used that program (of course there are other ways) to make a >>>>>>> Recovery Console CD that has other things I am likely going to need to >>>>>>> fix a non booting system, such as: >>>>>>> >>>>>>> userinit.exe >>>>>>> ntldr >>>>>>> ntdetect.com >>>>>>> >>>>>>> You just make a new Recovery Console CD that has your SATA drivers in >>>>>>> some folder that will be put on the CD, boot RC, press F6, point it to >>>>>>> the folder on the CD and be on your way (maybe not the first time). >>>>>> Sorry, but that won't work. Up to and including Windows XP the drivers >>>>>> *must* be supplied on a floppy diskette, the setup program will not >>>>>> accept them from any other media source. You can use a USB floppy >>>>>> drive. The only other alternative is to slipstream them proper into the >>>>>> Windows XP CD, a search on the net will give further instructions: >>>>>> http://search.yahoo.com/search;_ylt=A0geu5HxOY1LwRoAmsGl87UF?p=slipstream+sata+drivers&fr=yfp-t-501&fr2=sfp&iscqry= >>>>>> >>>>>> John >>>>>> . >>>>>> >>>> . >>>> >> . >> |