Fix to sfc /scannow (System File Checker) error “The specific code is 0x000006ba [The RPC Server is unavailable.] “

Friday, 14th December 2012

I had to fix one Windows XP computer today. The computer was in a terrible state (meak to say), the system was hanging during boot,

None of Windows recovery modes worked,  except when running it through:

Windows Safe Mode (With Command Prompt) mode (pressing F8 before Windows boot with Windows flag screen).

I followed some Usual commands to repair broken Windows XP, as the system was hanging during boot there was obviously some issues with corrupt by Viruses and Malware system binary (.exe) files or some .DLL was substituted in (C:WindowsSystem32 and C:WindowsSystem32DllCacache) with a trojanned version by some "bad ware". 

Thus the logical thing to do was to try:

sfc /scannow

from Safe Mode's cmd prompt. Instead of starting its work as usual System File Checker spitted an error:

Windows File Protection could not be initiate a scan of protected system files.  
The specific code is 0x000006ba [The RPC Server is unavailable.]

You can guess my amazement as I see this error for a first time in my life. Actually I don't remember if I run System File Checker scan from a Safe Mode With only Command Prompt ever so I'm not sure if this error was caused by some Virus activity which broke up the Win host, or it is due to the fact RCP Services are not loaded in Safe Mode – With Command Prompt Only.

As the message implies RCP Server is not running and sfc depends on it.

The reason for the error is Windows File Protection (WFP) was disabled by some of the Spyware or Viruses which infested the poor Win PC.

As the problem consisted in unworking RPC Services I tried launching RPC manually with command:

> net start rpcss  

This unfortunately did not succeeded (dunno why).

I've later seen another fix pointed on a couple of forums around, which is using Registry to enable SFC.

Re-enabling SFC is done by:

1. Launching regedit

2. Once launched go to the following reg settings (sub-values)

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

Use modify on it and change value to be "0"
3. Restart windows and launch again Safe Mode With (Command Prompt Only)

There execute:

> sfc /purgecache
> sfc /scannow

This solves it however, as you never can be sure if the Install time .DLLs are not already rootkited by the Virus-es and Spywares which "posessed" the computer. It is generally a good idea to Launch the Windows Install CD, recovery console and launch SFC using it, or even try using the Windows CD (Repair) mode. Though this is a temporary work around, this system will need a re-install in very short future, or it will most likely came in the same broken state in a very while – I don't believe such an infested computer can be "cured" except with a clean CD Windows re-install.
If this method didn't work for you but something else worked for you, whether you had to fix a Win PC please drop a comment with the solution.

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , , , , , ,

8 Responses to “Fix to sfc /scannow (System File Checker) error “The specific code is 0x000006ba [The RPC Server is unavailable.] “”

  1. admin says:
    Epiphany 2.30.6 Epiphany 2.30.6 Debian GNU/Linux x64 Debian GNU/Linux x64
    Mozilla/5.0 (X11; U; Linux x86_64; bg-bg) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6

    A sfcenable.reg file is here – http://www.pc-freak.nt/files/

    Alternative way to enable sfc is to simply run sfcenable.reg file and restart

    View CommentView Comment
    • hip0 says:
      Firefox 3.6.3 Firefox 3.6.3 Windows 7 Windows 7
      Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20100401 Firefox/3.6.3

      The same computer happened to have a small problem with hardware too. I removed memory from memory slot and reattached, because computer was sometimes booting and sometimes not. After it was booting every time. Eventually I re-installed the Windows, just few days later, because it was too slowly working for a normal use. (the machine is old), but it seems some kind of badware was again crawling, so I was tired of trying to work it around thus re-installed.

      View CommentView Comment
  2. Vikram says:
    Google Chrome 35.0.1916.153 Google Chrome 35.0.1916.153 Windows 7 x64 Edition Windows 7 x64 Edition
    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

    Hi, I have been fixing people's computers before I came into web development business. My way of approach was to just reformat the computer with a windows installation disk and run a boot time scan on other drives in most cases. If I knew a particar cure for a problem that I would have used that. Reformating is the best if the machine it fast enough it only takes an hour or so.

    View CommentView Comment
    • ConnDublin says:
      Internet Explorer 11.0 Internet Explorer 11.0 Windows 7 x64 Edition Windows 7 x64 Edition
      Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

      This will not offer the user any access to his data so I would be slow to classify this as “fixing people’s computer”. Indeed, they might have been able to do that themselves?

      View CommentView Comment
  3. Sniffa says:
    Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.104 Windows Vista Windows Vista
    Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36

    Sorry Vikram but that is not fixing someone’s computer. A wipe of the hard drive and a fresh reinstall of windows should be the last resort, not the first.

    View CommentView Comment
  4. Fanny says:
    Firefox 31.0 Firefox 31.0 Windows XP Windows XP
    Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0

    Thank you for this fix!
    However I can’t effectively act according to the instructions on that Winlogon.
    Winlogon is a folder… ‘Use modify on it and change value to be “0” ‘ –>> which of those keys should be set to “0”?
    Please see this screenshot:
    To the admin: the http://www.pc-freak.nt/files/ is not more available, unfortunately. Could you please restore it?

    View CommentView Comment
  5. Fanny says:
    Firefox 31.0 Firefox 31.0 Windows XP Windows XP
    Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0

    Thank you for the new zip. (Please note the embodied link is still wrong, but the visible text of the link is working). PC booted in safe mode, extracted from the zip and added the registry key, rebooted again in safe mode but unfortunately the sfc /scannow command still shows that RPC server is unavailable. The registry editor key to be zeroed is the SFCScan within Winlogon that is (and was) already with 0x00000000(0) in my case; so the manual instructions are not useful.
    Hope there is a solution… I have ‘your computer must be restarted. Ignore windows error recovery screen after restart’. But it’s always cycling with that message. Only way to fix it for only one boot is to enter in Safe Mode, schedule a checkdisk and at the next first restart only, Windows XP will boot. At the subsequent boot, a new ‘your computer must be restarted…’ appears. Running sfc/ scannow in Windows XP normal mode works but does not fix that message. That’s why I hope to fix this Sfc /scannow issue in Safe Mode.

    View CommentView Comment

Leave a Reply

CommentLuv badge