Windows 2003 ntds.dit corrupted but no good state backup

  • Thread starter Thread starter birdto
  • Start date Start date
B

birdto

The file ntds.dit corrupted and the DC can't be started in normal state. Go
to AD recovery mode and tried to run ntdsutil and still can't be recovered.
Can anyone help me to resolve this problem?

I'd read some web info and nearly all of them are having below error
message:-

lsass.exe-System Error: Security Accounts Manager initialization failed
because of the following error: Directory Service cannot start. Error
Status: 0xc00002e1. Please click OK to shutdown this system and reboot into
Directory Services Restore Mode, check the event log for more detailed
information.

However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is
there any difference?

Thx in advance

- Berthold
 
Hi
Some possible solutions:
*Solution1:
Perform restore operation to resolve the issue with your lastest Systate
BACKUP.

*Solution 2:
In case this is not the only DC in the domain, you can simply rebuild it.
At the same time, you will need to perform the steps below before
re-promoting the server:
1. Seize FSMO roles to the existing DC in the domain. For the detailed
steps, you can refer to the following Microsoft Knowledge Base article:
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/?id=255504
2. Remove remnant entries of the corrupted DC from AD database.
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/?id=216498
3. Then, you can re-promote the server

*Solution 3:
If this is the only DC, you can use ntdsutil.exe to repair AD database
ntds.dit. However it might not completely resolve the issue. In some
situation, certain configurations will be lost.
"Directory Services cannot start" error message when you start your
Windows-based or SBS-based domain controller
http://support.microsoft.com/?id=258062
How to complete a semantic database analysis for the Active Directory
database by using Ntdsutil.exe
http://support.microsoft.com/default.aspx?scid=kben-us315136
Additional Information
Exchange Server 2003 Disaster Recovery Operations Guide
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...
Disaster Recovery Tips and Tricks
http://www.petri.co.il/disaster_recovery.htm

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"birdto" <birdto@mail.hongkong.com> wrote in message
news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...
> The file ntds.dit corrupted and the DC can't be started in normal state.
> Go to AD recovery mode and tried to run ntdsutil and still can't be
> recovered. Can anyone help me to resolve this problem?
>
> I'd read some web info and nearly all of them are having below error
> message:-
>
> lsass.exe-System Error: Security Accounts Manager initialization failed
> because of the following error: Directory Service cannot start. Error
> Status: 0xc00002e1. Please click OK to shutdown this system and reboot
> into Directory Services Restore Mode, check the event log for more
> detailed information.
>
> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is
> there any difference?
>
> Thx in advance
>
> - Berthold
>
 
Thanks for your kind advise, Jorge.

There is only 1 DC and I have to use the 3rd solution. However, there is an
error after I run the utdsutil.exe to ntds.dit file. The message is :-

"Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non
database file or corrupted db) after 1.750 seconds.

Spawned Process Exit code 0xfffffb4a(-1206)

If integrity was successful, it is recommended you run semantic database
analysis to ensure semantic database consistency as well."

AND

"Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum
error on a database page) after 1.672 seconds."

Any further checking I can do?

Thanks,
Berthold




"Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl...
> Hi
> Some possible solutions:
> *Solution1:
> Perform restore operation to resolve the issue with your lastest Systate
> BACKUP.
>
> *Solution 2:
> In case this is not the only DC in the domain, you can simply rebuild it.
> At the same time, you will need to perform the steps below before
> re-promoting the server:
> 1. Seize FSMO roles to the existing DC in the domain. For the detailed
> steps, you can refer to the following Microsoft Knowledge Base article:
> Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
> http://support.microsoft.com/?id=255504
> 2. Remove remnant entries of the corrupted DC from AD database.
> How to remove data in Active Directory after an unsuccessful domain
> controller demotion
> http://support.microsoft.com/?id=216498
> 3. Then, you can re-promote the server
>
> *Solution 3:
> If this is the only DC, you can use ntdsutil.exe to repair AD database
> ntds.dit. However it might not completely resolve the issue. In some
> situation, certain configurations will be lost.
> "Directory Services cannot start" error message when you start your
> Windows-based or SBS-based domain controller
> http://support.microsoft.com/?id=258062
> How to complete a semantic database analysis for the Active Directory
> database by using Ntdsutil.exe
> http://support.microsoft.com/default.aspx?scid=kben-us315136
> Additional Information
> Exchange Server 2003 Disaster Recovery Operations Guide
> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...
> Disaster Recovery Tips and Tricks
> http://www.petri.co.il/disaster_recovery.htm
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
> "birdto" <birdto@mail.hongkong.com> wrote in message
> news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...
>> The file ntds.dit corrupted and the DC can't be started in normal state.
>> Go to AD recovery mode and tried to run ntdsutil and still can't be
>> recovered. Can anyone help me to resolve this problem?
>>
>> I'd read some web info and nearly all of them are having below error
>> message:-
>>
>> lsass.exe-System Error: Security Accounts Manager initialization failed
>> because of the following error: Directory Service cannot start. Error
>> Status: 0xc00002e1. Please click OK to shutdown this system and reboot
>> into Directory Services Restore Mode, check the event log for more
>> detailed information.
>>
>> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is
>> there any difference?
>>
>> Thx in advance
>>
>> - Berthold
>>
>
>
 
Thanks for your kind advise, Jorge.

There is only 1 DC and I have to use the 3rd solution. However, there is an
error after I run the utdsutil.exe to ntds.dit file. The message is :-

"Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non
database file or corrupted db) after 1.750 seconds.

Spawned Process Exit code 0xfffffb4a(-1206)

If integrity was successful, it is recommended you run semantic database
analysis to ensure semantic database consistency as well."

AND

"Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum
error on a database page) after 1.672 seconds."

Any further checking I can do?

Thanks,
Berthold




"Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl...
> Hi
> Some possible solutions:
> *Solution1:
> Perform restore operation to resolve the issue with your lastest Systate
> BACKUP.
>
> *Solution 2:
> In case this is not the only DC in the domain, you can simply rebuild it.
> At the same time, you will need to perform the steps below before
> re-promoting the server:
> 1. Seize FSMO roles to the existing DC in the domain. For the detailed
> steps, you can refer to the following Microsoft Knowledge Base article:
> Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
> http://support.microsoft.com/?id=255504
> 2. Remove remnant entries of the corrupted DC from AD database.
> How to remove data in Active Directory after an unsuccessful domain
> controller demotion
> http://support.microsoft.com/?id=216498
> 3. Then, you can re-promote the server
>
> *Solution 3:
> If this is the only DC, you can use ntdsutil.exe to repair AD database
> ntds.dit. However it might not completely resolve the issue. In some
> situation, certain configurations will be lost.
> "Directory Services cannot start" error message when you start your
> Windows-based or SBS-based domain controller
> http://support.microsoft.com/?id=258062
> How to complete a semantic database analysis for the Active Directory
> database by using Ntdsutil.exe
> http://support.microsoft.com/default.aspx?scid=kben-us315136
> Additional Information
> Exchange Server 2003 Disaster Recovery Operations Guide
> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...
> Disaster Recovery Tips and Tricks
> http://www.petri.co.il/disaster_recovery.htm
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MCSE, MVP Directory Services
> "birdto" <birdto@mail.hongkong.com> wrote in message
> news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...
>> The file ntds.dit corrupted and the DC can't be started in normal state.
>> Go to AD recovery mode and tried to run ntdsutil and still can't be
>> recovered. Can anyone help me to resolve this problem?
>>
>> I'd read some web info and nearly all of them are having below error
>> message:-
>>
>> lsass.exe-System Error: Security Accounts Manager initialization failed
>> because of the following error: Directory Service cannot start. Error
>> Status: 0xc00002e1. Please click OK to shutdown this system and reboot
>> into Directory Services Restore Mode, check the event log for more
>> detailed information.
>>
>> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is
>> there any difference?
>>
>> Thx in advance
>>
>> - Berthold
>>
>
>
 
Back
Top