Recover NT4 filesystem after NTOSKRNL.EXE error

Our voicemail system died after what may have been a power blip.  Black screen, “ntoskrnl.exe not found”.

clip_image001

This is a Nortel CallPilot NT4 Workstation system on a Nortel Meridian rack.  Essentially, it’s a motherboard and CPU with a parallel IDE hard drive mounted on the chassis.  Knowing this particular error from the past, I thought I could repair it with Windows NT Setup repair option.  I had three very big problems:

1. This is a Windows NT4 system, so the chance of outside help was slim to none. 

2. There is no CD drive and no way to connect one.

3. This system does not have USB either, and USB boot support in a system this old was not a hopeful proposition.  The only peripheral is a SCSI tape drive for the voicemail backups. 

We do have backups of the voicemail system on tape, but no extra parallel drives to clone this one (for a backup of the original system) and of course no time to rebuild it (system setup takes 6-8 hrs according to our fabulous Nortel tech).  I pulled the drive from the blade and connected it to my laptop with an external reader and power supply.  We found a Windows NT4 CD in the archives.  Maybe we can fix this manually?

clip_image002

Here’s what the first partition on the system looked like:

clip_image003

See anything missing?  This should be the Windows partition, but there’s no Windows directory (or Win4, or NT4, or WINNT).  Hopefully there’s a clue somewhere in that OSSetup.log file

clip_image004

… and there is!  This is the OS drive.  The WINNT folder is missing, along with all its subfolders.

Running a chkdsk on the drive resulted in a handful of the dreaded found000x.chk files which, as we all know, may or may not contain anything useful.  With an entire Windows directory missing, I’m betting there is something useful in there.

Out of an abundance of caution I’m setting up a NT4 VM to confirm the folder hierarchy is what I remember it to be.

The setup process offers some hope (the default Windows directory name is “WINNT”).

clip_image005

Enjoy some LOL at the simple CD key (remember, this is years before “Product Activation”)

clip_image006

Here’s what the WINNT folder should look like.  I’m looking for folders named Config, Profiles, system, and system32. 

clip_image007

Back to the drive.  I searched for the ntoskrnl.exe file we know is supposed to be in a \system32 folder. 

NTOSKRNL.exe is there, but hidden in a .chk folder

clip_image008

Right-click and open file location, you can browse .chk folders this way in Windows 7.

clip_image009

… and it looks like “found.000\dir0001.chk\” is actually the System32\ folder.  I made a WINNT folder on the drive and a \system32\ folder inside that.

clip_image010

found.000\dir0000.chk\Profiles is the c:\winnt\Profiles folder, so I moved that as well.

clip_image011

found.000\dir0000.chk is the remainder of the contents of the WINNT folder.  Moved it to the WINNT folder.

clip_image012

Cross my fingers and plug it all back in.  It boots!  We don’t see the ntoskrnl.exe error anymore, but we see that a rather important folder is missing.  Herp a derp, I didn’t recover the Windows registry… the Config folder is empty.

clip_image013

Back to my desk with the drive.  I searched for a file called SECURITY (or DEFAULT, or SAM).  It turns out found.000\dir0002.chk\ is the system32\config folder.  May as well replace that too.

clip_image014

I replaced the drive, plugged it into the Meridian rack and… we have Windows!  CallPilot starts up, voicemail is back.  This system will be backing up to disk from now on.

Thanks to Dylan for finding the NT4 CD and reminding me that IDE drives require power.  Thanks to Danny for finding the Administrator password and for moral support!

Hope you enjoyed the read.