Warning: This is a highly technical article. If you are not an IT Expert, don’t try this at home .
Thanks to Dennis J Krohn (DDK Communications) for working with Microsoft on this and emailling me and Susan Bradley who pointed me to http://sbsc.techcareteam.com/archives/325 and has been working with Microsoft to track this issue and find the culprit (application or service that makes this happen); we now have a quick fix for the KSOD we have been seeing in Windows Vista.
KSOD Defined: Where after a reboot the Windows Vista PC boots up to a black screen with a white mouse cursor and nothing else ever loads (no logon screen, etc). Safe mode does the same thing. Last Known Good configuration and System Restore do not fix it except in rare cases where performing a System Restore to 1 month ago or earlier does (thanks Mike Katz for figuring that out).
So about an hour after Dennis and Susan emailed me the resolution last night, my main workstation KSOD’d. It has already done this once before and Microsoft did not have a resolution — so my resolution last time was to reinstall Windows to a new directory and manually reinstall and reconfigure all my applications and settings. THIS time, very fortunately, I got to try these steps out and they worked like a charm. My workstation was back up and running in less than 5 minutes.
Here is how to recover from the KSOD (blacK Screen Of Death):
There apparently this a problem related to the Remote Procedure Call service (RPC) running under LocalSystem account instead of NT Authority\NetworkService account.
1. On the affected machine, boot using the Vista Media and Select “Next” and then in the bottom left you will see “Repair your Computer”; select Next and then Select Command Prompt.
2. At the command prompt, launch regedit.exe and load the SYSTEM hive, follow the below steps.
a. Select HKEY_LOCAL_MACHINE
b. On the File menu, select Load Hive.
c. Browse to %WINDIR%\System32\Config Folder and select “SYSTEM”
d. Select Open.
e. In the Load Hive dialog box, type in “MySYSTEM” box for the registry hive that you want to edit.
3. After the hive is loaded, modify the following key value per the instructions below: You will need to know what ControlSet the machine is currently running on, this can be determined by going to HKEY_LOCAL_MACHINE\MySYSTEM\Select and find the “Current” value in the Right hand side. (Example: Current value is 1 then the ControlSet will be ControlSet001)
Key: HKEY_LOCAL_MACHINE\MySYSTEM\ControlSet00X\Services\RpcSs (X is the Number from the Current Key from above)
Value Name: ObjectName
Old Value: LocalSystem
New Value: NT AUTHORITY\NetworkService
4. Unload the SYSTEM hive by selecting the key “MySYSTEM” and then select File -> Unload Hive… menu item.
5. Exit regedit.exe
6. Reboot the system normally