“Unknown Hard Error” Pop-Up Dialogs After Crash in Windows XP
December 2nd, 2005 at 4:28 pm (General, Technology, Windows, sysadmin)
I was using Visual Studio.NET 2005 on my Windows XP box last night (don’t flame me – I also program in Java and have several Macs), when suddenly the machine just restarted itself for no apparent reason; no blue screen, nothing – just a reboot.
When it started again, i got a pop-up dialog at the login screen. The title bar said “DfrgNtfs.exe – System Error”, and the message in the box was the unbelievably helpful “Unknown Hard Error”.
I tried looking in the system Event Log to see if I could find any clues there… – oops! I got the same “Unknown Hard Error” popup dialog – this time, with “mmc.exe – System Error” in the title bar. I tried opening a command prompt – nothing happened.
In order to try to read the crash dump file (C:WINDOWSMinidumpMini120105-01.dmp), I downloaded the microsoft free Windows debugger – WinDbg – as described in this good article:
http://www.networkworld.com/news/2005/041105-windows-crash.html?page=1
However – when I try to install it, I get another “Unknown Hard Error” popup, with “msiexec.exe” in the title bar (starting to see a pattern, here…??)
I googled, and found several people saying it could be a hardware problem – notably hard disk or ram – so I did a full disk check – no improvement. I then figured that maybe the crash was caused by some other problem, but that it must have left some system files in a corrupted state, which, in turn, caused the pop-ups.
I eventually found a discussion group where someone (unfortunately, I didn’t save the link) recommended the windows command-line command: sfc /scannow – that checks all the win system files for corruption (and possibly bribery), and repairs them from your Windows XP install disk if problems are found. I ran that from the “start menu -> run” dialog, and some of the popups stopped…, well…, popping up (notably the DfrgNtfs.exe ones), but i still got them when trying to view the event log or trying to install software.
Finally, I found the answer. The files that the System, Application and Security events are written to (the ones you view from the Event Viewer) had been corrupted – so I guess whenever I tried to do something that would create an entry in one of these logs, I got an error. The solution was found on this page:
“How to Delete Corrupt Event Viewer Log Files”
http://support.microsoft.com/?kbid=172156
…which basically says – disable the event logging service in the “Services” dialog; reboot; delete the following files from C:WINDOWSsystem32config: AppEvent.Evt, SecEvent.Evt and SysEvent.Evt (or rename them as a backup); set the event logging service back to “automatic” startup; reboot
That solved all my problems…