We have a RAID 5 setup with 3 SATA disks, #2 went down as reported on the pre-POST screen. Unfortunately, for some reasons beyond my control, the system was rebooted with a degraded RAID :-O
Windows XP (64-bit) loaded, CHKDSK ran automatically and done its recovery!
From that point onwards, the following error prompts every time even in Safe Mode:
lsass.exe - The endpoint format is invalid
I took those 3 disks to the data recovery expert and need to wait at least 2-4 days for results.
There are 2 VMs on multiple files stored in this RAID 5 array, and there's no backup!
Sorry, I just inherited the system from an ex-staff who has left the company 2 months before I joined.
How likely the data can be recovered?
One disk out of a RAID 5 is tolerable. If one disk outage took out the entire RAID 5 array, then what's the point of using RAID 5...?
The RAID array is degraded because you have a disk missing, but the volume on the array is still available. chkdsk knows nothing about the disks in the array so will run.
You should be able to put in another disk and it will repair itself, especially if it's hardware RAID 5 (which it sounds like). It will take time, but I've done it a few times.
Also, if you have doubts, now is the time to take that backup or copy to an external drive etc
As for the lsass error, it's unrelated. A bad RAID would mean no boot, of course.
MS KB 893712 and a Google search for this error
Edit:
It's software RAID with Intel if it requires a separate app to rebuild. Is there a command line version, say on a bootable CD, to rebuild the array? Like this?
However, the fact Windows boots it useful: on start up, go into the Recovery Console or boot to a Windows CD and choose recovery there. This will allow you to tweak boot.ini based on the KB article/search to see if you can get Windows to boot normally
well it kinda depends on the data recovery people, but raid sets are sorta hit and miss. I'd try to have the raid rebuild it self if this hasn't happened yet. Then use the "SFC" utility built into XP to repair/restore the system files. You can read more about this utility here:
http://support.microsoft.com/kb/310747
I suspect that you have two unrelated issues here:
1: Your RAID set was degraded.
2: You have a corrupted filesystem.
Note that 1 should not have caused 2. Sometimes 1 is detected at the same time that 2 is detected: while trying to reboot a machine.
My advice is:
1: Image each of the remotely working drives with a data recovery tool that can retry and continue on bad blocks, using a machine that knows nothing about your RAID setup and won't try to fix it and/or a forensic read-only drive adapter. I simply use ddrescue on linux for this. This way, whatever happens in the raid / filesystem recovery later, you know you can't make it worse, and can always try something else.
2: Rebuild the array with a new drive (make sure you know which one was faulty and replace it). If you have multiple bad drives, try various combinations of them, and restoring the backup images onto new drives.
3: Install Windows again using rescue/reinstall mode and/or just boot in last known good mode if you can.
I would expect your data recovery experts to be able to fix this. If not, they certainly shouldn't have made things worse for you, so hopefully the steps above will work.
Sounds like you have some crucial data on there in the VMs etc. But, as jscott says, do bear in mind what the data is worth in terms of your time and effort, and what it might be costing the company to have the machine(s) down. Don't spend too much time on it. If possible, put a new system in place, or the old machine with new drives, and recover the old drives later.
Good luck :)