I am confused when helpers (especially with "Microsoft Support, Moderator" monikers) reply to a new problem in the XP forums with a
suggestion along the lines of "try running sfc /scannow" to fix problems.
I have never seen sfc /scannow fix a single problem and it does not replace any missing or corrupt files that would in any way effect system operation. I will not even suggest it as a troubleshooting step because I know how it works and what it does and does not do.
It does not replace missing or corrupt system files that are going to come into play in XP. It does replace missing or corrupt backup copies of system files, but the backup copies of files are not going to be the files that need to be fixed or might be missing. Delete them all and your system will still run just fine.
Under general conditions, to run sfc /scanow, you must also have a genuine bootable Windows XP installation CD that matches your currently installed Service Pack. It is unlikely that most people are in possession of a genuine bootable XP installation CD and it is even more unlikely that they would be in possession of a slipstreamed XP installation CD with a current Service Pack, unless you made such a CD yourself.
Those two factors alone make a suggestion of "try running sfc /scannow" a big, frustrating time waster. It "feels good" when it works and finds nothing to do, but you won't solve any problems with it. It is not a system file replacer/copier as some seem to believe.
Ideas for fixing problems should be generally applicable to the most situations that are most likely to occur in reality, not generally impossible situations that are unlikely to exist in the real world. Most folks have never even seen a genuine bootable XP installation CD.
Suggestions or references to ideas or Microsoft KB articles that start with words like "use or boot on your XP installation CD..." are not likely to go very far at all if a system has no CD drive or the poster has no genuine bootable XP installation CD.
Here is what sfc /scannow does:
Running sfc /scannow will check and populate/replace missing or corrupt files in the following folder ONLY:
%Systemroot%\system32\dllcache
That is not the folder XP uses when it is starting or running. You can empty it and XP will still run just fine.
When XP is first installed and booted for the first time, sfc /scannow runs once automatically to populate the
%Systemroot%\system32\dllcache folder with backup copies of what XP considers critical system files.
The files in the %Systemroot%\system32\dllcache folder are what XP considers "Protected Files" and there are exactly 3498 protected files,
but there be more files than that in the %Systemroot%\system32\dllcache folder. Windows File protection only looks after the list of 3498
files.
Here is what sfc /scannow does not do:
Running sfc /scannow does not replace any missing or corrupt files in the following folder:
%Systemroot%\system32
If your system is not afflicted in some way, learn how Windows File Protection and System File Checker really works, by doing this with one of the 3498 files that XP Windows File Protection monitors:
Navigate to c:\windows\system32 and rename taskmgr.exe to taskmgr.old.
Windows File Protection will quickly and silently replace the "missing" taskmgr.exe file with the backup copy from the dllcache folder
(that is what Windows File Protection does).
Look for a message like this in the Event Viewer System log:
Event Type: Information
Event Source: Windows File Protection
Event Category: None
Event ID: 64002
Description:
File replacement was attempted on the protected system file c:\windows\system32\taskmgr.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
Delete the taskmgr.old file (the copy make earlier) and verify that Task Manager still works.
Boot the system in Safe Mode so that Windows File Protection is not running.
Navigate to c:\windows\system32 and rename taskmgr.exe to taskmgr.old (taskmgr.exe is now "missing").
Since Windows File protection does not run in Safe Mode, taskmgr.exe will not automatically be replaced like it was before and Task
Manager will not launch either from CTRL-ALT-DEL or from the Taskbar.
It should also be noted that running sfc /scannow in Safe Mode will result in an error like this:
Windows File Protection could not initiate a scan of protected system files.
The specific error code is 0x000006ba [The RPC server is unavailable.].
You cannot start the RPC Server in Safe Mode either.
It is a waste of time and effort to suggest trying to run sfc /scannow in Safe Mode - it will not even launch.
Boot the system normally and verify that c:\windows\system32\taskmgr.exe is still missing and Task Manager still does not work.
You can navigate to c:\windows\system32\dllcache (where the backup files are) and still launch Task Manager from there by double
clicking the backup copy of taskmgr.exe file from there, but Task Manager will not launch in the "usual" manners.
Run sfc /scannow successfully and let it complete and it should find nothing to do. The only messages in the Event Viewer will
be from when sfc /scannow started and when sfc /scannow completed.
If you try to launch Task Manager now, Task Manager still will not work because taskmgr.exe will still be missing from the
c:\windows\system32 folder. That means running sfc /scannow did not replace the missing file.
Conclusion: Running sfc /scannow doesl not replace missing files in the c:\windows\system32 folder.
Copy some boring text file like c:\boot.ini into the c:\windows\system32 folder and call the copy taskmgr.exe. Now, the taskmgr.exe
file is no longer "missing", but taskmgr.exe is "corrupt" since it is really just a text file.
Run sfc /scannow successfully and let it complete and it should find nothing to do. The only messages in the Event Viewer will
be the one from when sfc /scannow started and when sfc /scannow completed.
If you try to launch Task Manager now, Task Manager still will not work because the taskmgr.exe is really just a copy of c:\boot.ini.
Conclusion: Running sfc /scannow does not replace "corrupted" files in the c:\windows\system32 folder.
Now learn what running sfc /scannow really does (it maintains the %Systemroot%\system32\dllcache folder).
Navigate to c:\windows\system32\dllcache and rename taskmgr.exe to taskmgr.old (now the backup copy of the file is "missing"). The backup copy of taskmgr.exe will not be automatically replaced when it is missing.
Run sfc /scannow successfully and let it complete and it will replace the missing taskmgr.exe file from the dllcache folder. The
only messages in the Event Viewer will be from when sfc /scannow started and when sfc /scannow completed.
Conclusion: Running sfc /scannow will populate the dllcache folder when Protected Files are missing in the dllcache folder. In
other words, sfc /scannow will only replace missing files from %Systemroot%\system32\dllcache.
Repeat the test by copying the c:\boot.ini file into c:\windows\system32\dllcache and replace or overwrite the taskmgr.exe file (making
the copy of taskmgr.exe "corrupted").
Run sfc /scannow successfully and let it complete and it will replace the "corrupted" taskmgr.exe file from the dllcache folder. The
only messages in the Event Viewer will be from when sfc /scannow started and when sfc /scannow completed.
Conclusion: Running sfc /scannow will populate the dllcache folder when Protected Files are corrupted in the dllcache folder.
Running sfc /scannow only replaces files in %Systemroot%\system32\dllcache and replaces no files in %Systemroot%\system32.
Do, or do not. There is no try.
I need YOUR votes and points for helpful replies and Propose as Answers. I am saving up for a pony!
