Hi

A primary domain controller running Server 2012 R2 Standard keeps throwing one Event ID 5 with Source Kernel-General in the System Log periodically:

{Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SYSTEM' was corrupted and it has been recovered. Some data might have been lost.

It allways happens right after an informational event-ID 16 Source: Kernel-General saying:
The access history in hive \SystemRoot\System32\Config\RegBack\SYSTEM was cleared updating 9558 keys and creating 1059 modified pages.

This has happened for a few weeks now during the night, and it allways happens two nights in a row before it's ok for a few days and then happens again.

The server is running in a virtual environment based on Server 2012 R2 HyperV. 

Since this is in the RegBack folder - does that mean it's just the registry backup file that has problems?

What are the impacts from this and how to f

Hi ,

It is so strange , the file "system" should be a backup file in directory "%SystemRoot%\System32\Config\RegBack\" .

First , please backup that VM on host level .

After that please try to boot from cd then rename  %SystemRoot%\System32\Config\RegBack\SYSTEM and copy %SystemRoot%\System32\Config\SYSTEM  to  directory "%SystemRoot%\System32\Config\RegBack\"  .

Any further information please feel free to let us know .

Best Regards

Elton JI

Hi Elton and thank you for your reply.

I'm going on vacation today, so don't wan't to mess things up before I go.  "never fix things on a friday".. :)

Yes, this is a backup file from what i can gather, so i don't understand why this happens.  I have full image backup of the server, so I could try to do this in a test environment first and then implement this in production since this is a single DC-domain and the server also have several other functions.

Hi ,

"this is a single DC-domain"

Just only one DC ?

If yes , I would strongly recommend you to create a new VM as a secondary DC in production environment .

Best Regards

Elton JI

Hi!

Here exactly the same issue:
PDC with Windows Server 2012 R2 under HyperV Host Server with Windows Server 2012 R2
In the morning at 5:10 Event ID 5  "\SystemRoot\System32\Config\RegBack\SYSTEM" corrupted

Any suggestions to fix this?

• Edited by macindy Sunday, November 09, 2014 4:47 PM

The concept of PDC/BDC has been long gone. Best method is to stand up a new server, patch it fully, join it to existing domain, dcpromo it and finally migrate the roles over to new server.

 

 

 

Yes of course, but this doesn't change anything on this issue.

I get an Event ID 5 from time to time always at 5:10 in the morning.

Yes of course, but this doesn't change anything on this issue.

I get an Event ID 5 from time to time always at 5:10 in the morning.

Its really not worth wasting time with. I'd stand up a new server and migrate roles over, and probably the sooner the better.

 

 

 

Hello,

I have this problem too, it appears few months agos on Server 2012 R2 Standard, I haven't found any solution at this time.

Every 10 days, I have (in French):

Source: Kernel General
Event ID: 5
{Ruche du Registre rcupre} Ruche du Registre (fichier) : \SystemRoot\System32\Config\RegBack\SYSTEM a t endommage et a t rcupre. Certaines donnes peuvent avoir t perdues.

I haven't the event ID16.

I know this problem occurs during the group scheduled task "system maintenance" and there is a task called "RegIdleBackUp"

What happens on your side if you launch manually this task?

I know this error disappear with disabling this scheduled task "RegIdleBackUp" , but it's not a good solution.

Hello,

i've got the same problem, also on an single DC (2012 R2) on an Hyper-V 2012 R2 Host.
we can not just install a new DC because the DC also hosts an e-Banking program, so we want to fix it without reinstall...

has anybody a solution?

I have exactly the same problem. After migration from ESXi to Hyper-V Server 2012 R2 I have noticed that Event 5 occurs very often on all virtual machines running Server 2012 R2.