Guest birdto Posted August 6, 2007 Posted August 6, 2007 The file ntds.dit corrupted and the DC can't be started in normal state. Go to AD recovery mode and tried to run ntdsutil and still can't be recovered. Can anyone help me to resolve this problem? I'd read some web info and nearly all of them are having below error message:- lsass.exe-System Error: Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information. However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is there any difference? Thx in advance - Berthold
Guest Jorge Silva Posted August 6, 2007 Posted August 6, 2007 Re: ntds.dit corrupted but no good state backup Hi Some possible solutions: *Solution1: Perform restore operation to resolve the issue with your lastest Systate BACKUP. *Solution 2: In case this is not the only DC in the domain, you can simply rebuild it. At the same time, you will need to perform the steps below before re-promoting the server: 1. Seize FSMO roles to the existing DC in the domain. For the detailed steps, you can refer to the following Microsoft Knowledge Base article: Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller http://support.microsoft.com/?id=255504 2. Remove remnant entries of the corrupted DC from AD database. How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/?id=216498 3. Then, you can re-promote the server *Solution 3: If this is the only DC, you can use ntdsutil.exe to repair AD database ntds.dit. However it might not completely resolve the issue. In some situation, certain configurations will be lost. "Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller http://support.microsoft.com/?id=258062 How to complete a semantic database analysis for the Active Directory database by using Ntdsutil.exe http://support.microsoft.com/default.aspx?scid=kb;en-us;315136 Additional Information Exchange Server 2003 Disaster Recovery Operations Guide http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di... Disaster Recovery Tips and Tricks http://www.petri.co.il/disaster_recovery.htm -- I hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services "birdto" <birdto@mail.hongkong.com> wrote in message news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl... > The file ntds.dit corrupted and the DC can't be started in normal state. > Go to AD recovery mode and tried to run ntdsutil and still can't be > recovered. Can anyone help me to resolve this problem? > > I'd read some web info and nearly all of them are having below error > message:- > > lsass.exe-System Error: Security Accounts Manager initialization failed > because of the following error: Directory Service cannot start. Error > Status: 0xc00002e1. Please click OK to shutdown this system and reboot > into Directory Services Restore Mode, check the event log for more > detailed information. > > However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is > there any difference? > > Thx in advance > > - Berthold >
Guest birdto Posted August 7, 2007 Posted August 7, 2007 Re: ntds.dit corrupted but no good state backup Thanks for your kind advise, Jorge. There is only 1 DC and I have to use the 3rd solution. However, there is an error after I run the utdsutil.exe to ntds.dit file. The message is :- "Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 1.750 seconds. Spawned Process Exit code 0xfffffb4a(-1206) If integrity was successful, it is recommended you run semantic database analysis to ensure semantic database consistency as well." AND "Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum error on a database page) after 1.672 seconds." Any further checking I can do? Thanks, Berthold "Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl... > Hi > Some possible solutions: > *Solution1: > Perform restore operation to resolve the issue with your lastest Systate > BACKUP. > > *Solution 2: > In case this is not the only DC in the domain, you can simply rebuild it. > At the same time, you will need to perform the steps below before > re-promoting the server: > 1. Seize FSMO roles to the existing DC in the domain. For the detailed > steps, you can refer to the following Microsoft Knowledge Base article: > Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller > http://support.microsoft.com/?id=255504 > 2. Remove remnant entries of the corrupted DC from AD database. > How to remove data in Active Directory after an unsuccessful domain > controller demotion > http://support.microsoft.com/?id=216498 > 3. Then, you can re-promote the server > > *Solution 3: > If this is the only DC, you can use ntdsutil.exe to repair AD database > ntds.dit. However it might not completely resolve the issue. In some > situation, certain configurations will be lost. > "Directory Services cannot start" error message when you start your > Windows-based or SBS-based domain controller > http://support.microsoft.com/?id=258062 > How to complete a semantic database analysis for the Active Directory > database by using Ntdsutil.exe > http://support.microsoft.com/default.aspx?scid=kb;en-us;315136 > Additional Information > Exchange Server 2003 Disaster Recovery Operations Guide > http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di... > Disaster Recovery Tips and Tricks > http://www.petri.co.il/disaster_recovery.htm > > -- > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MCSE, MVP Directory Services > "birdto" <birdto@mail.hongkong.com> wrote in message > news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl... >> The file ntds.dit corrupted and the DC can't be started in normal state. >> Go to AD recovery mode and tried to run ntdsutil and still can't be >> recovered. Can anyone help me to resolve this problem? >> >> I'd read some web info and nearly all of them are having below error >> message:- >> >> lsass.exe-System Error: Security Accounts Manager initialization failed >> because of the following error: Directory Service cannot start. Error >> Status: 0xc00002e1. Please click OK to shutdown this system and reboot >> into Directory Services Restore Mode, check the event log for more >> detailed information. >> >> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is >> there any difference? >> >> Thx in advance >> >> - Berthold >> > >
Guest birdto Posted August 7, 2007 Posted August 7, 2007 Re: ntds.dit corrupted but no good state backup Thanks for your kind advise, Jorge. There is only 1 DC and I have to use the 3rd solution. However, there is an error after I run the utdsutil.exe to ntds.dit file. The message is :- "Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non database file or corrupted db) after 1.750 seconds. Spawned Process Exit code 0xfffffb4a(-1206) If integrity was successful, it is recommended you run semantic database analysis to ensure semantic database consistency as well." AND "Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum error on a database page) after 1.672 seconds." Any further checking I can do? Thanks, Berthold "Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl... > Hi > Some possible solutions: > *Solution1: > Perform restore operation to resolve the issue with your lastest Systate > BACKUP. > > *Solution 2: > In case this is not the only DC in the domain, you can simply rebuild it. > At the same time, you will need to perform the steps below before > re-promoting the server: > 1. Seize FSMO roles to the existing DC in the domain. For the detailed > steps, you can refer to the following Microsoft Knowledge Base article: > Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller > http://support.microsoft.com/?id=255504 > 2. Remove remnant entries of the corrupted DC from AD database. > How to remove data in Active Directory after an unsuccessful domain > controller demotion > http://support.microsoft.com/?id=216498 > 3. Then, you can re-promote the server > > *Solution 3: > If this is the only DC, you can use ntdsutil.exe to repair AD database > ntds.dit. However it might not completely resolve the issue. In some > situation, certain configurations will be lost. > "Directory Services cannot start" error message when you start your > Windows-based or SBS-based domain controller > http://support.microsoft.com/?id=258062 > How to complete a semantic database analysis for the Active Directory > database by using Ntdsutil.exe > http://support.microsoft.com/default.aspx?scid=kb;en-us;315136 > Additional Information > Exchange Server 2003 Disaster Recovery Operations Guide > http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di... > Disaster Recovery Tips and Tricks > http://www.petri.co.il/disaster_recovery.htm > > -- > I hope that the information above helps you. > Have a Nice day. > > Jorge Silva > MCSE, MVP Directory Services > "birdto" <birdto@mail.hongkong.com> wrote in message > news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl... >> The file ntds.dit corrupted and the DC can't be started in normal state. >> Go to AD recovery mode and tried to run ntdsutil and still can't be >> recovered. Can anyone help me to resolve this problem? >> >> I'd read some web info and nearly all of them are having below error >> message:- >> >> lsass.exe-System Error: Security Accounts Manager initialization failed >> because of the following error: Directory Service cannot start. Error >> Status: 0xc00002e1. Please click OK to shutdown this system and reboot >> into Directory Services Restore Mode, check the event log for more >> detailed information. >> >> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is >> there any difference? >> >> Thx in advance >> >> - Berthold >> > >
Recommended Posts