Jump to content

ntds.dit corrupted but no good state backup

Guest birdto

By Guest birdto
in Windows 2003 Server

 Share

Recommended Posts

Guest birdto

Guest birdto

Posted
Posted

The file ntds.dit corrupted and the DC can't be started in normal state. Go

to AD recovery mode and tried to run ntdsutil and still can't be recovered.

Can anyone help me to resolve this problem?

 

I'd read some web info and nearly all of them are having below error

message:-

 

lsass.exe-System Error: Security Accounts Manager initialization failed

because of the following error: Directory Service cannot start. Error

Status: 0xc00002e1. Please click OK to shutdown this system and reboot into

Directory Services Restore Mode, check the event log for more detailed

information.

 

However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is

there any difference?

 

Thx in advance

 

- Berthold

  • Replies 3
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Jorge Silva

Guest Jorge Silva

Posted
Posted

Re: ntds.dit corrupted but no good state backup

 

Hi

Some possible solutions:

*Solution1:

Perform restore operation to resolve the issue with your lastest Systate

BACKUP.

 

*Solution 2:

In case this is not the only DC in the domain, you can simply rebuild it.

At the same time, you will need to perform the steps below before

re-promoting the server:

1. Seize FSMO roles to the existing DC in the domain. For the detailed

steps, you can refer to the following Microsoft Knowledge Base article:

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

http://support.microsoft.com/?id=255504

2. Remove remnant entries of the corrupted DC from AD database.

How to remove data in Active Directory after an unsuccessful domain

controller demotion

http://support.microsoft.com/?id=216498

3. Then, you can re-promote the server

 

*Solution 3:

If this is the only DC, you can use ntdsutil.exe to repair AD database

ntds.dit. However it might not completely resolve the issue. In some

situation, certain configurations will be lost.

"Directory Services cannot start" error message when you start your

Windows-based or SBS-based domain controller

http://support.microsoft.com/?id=258062

How to complete a semantic database analysis for the Active Directory

database by using Ntdsutil.exe

http://support.microsoft.com/default.aspx?scid=kb;en-us;315136

Additional Information

Exchange Server 2003 Disaster Recovery Operations Guide

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...

Disaster Recovery Tips and Tricks

http://www.petri.co.il/disaster_recovery.htm

 

--

I hope that the information above helps you.

Have a Nice day.

 

Jorge Silva

MCSE, MVP Directory Services

"birdto" <birdto@mail.hongkong.com> wrote in message

news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...

> The file ntds.dit corrupted and the DC can't be started in normal state.

> Go to AD recovery mode and tried to run ntdsutil and still can't be

> recovered. Can anyone help me to resolve this problem?

>

> I'd read some web info and nearly all of them are having below error

> message:-

>

> lsass.exe-System Error: Security Accounts Manager initialization failed

> because of the following error: Directory Service cannot start. Error

> Status: 0xc00002e1. Please click OK to shutdown this system and reboot

> into Directory Services Restore Mode, check the event log for more

> detailed information.

>

> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is

> there any difference?

>

> Thx in advance

>

> - Berthold

>

Guest birdto

Guest birdto

Posted
Posted

Re: ntds.dit corrupted but no good state backup

 

Thanks for your kind advise, Jorge.

 

There is only 1 DC and I have to use the 3rd solution. However, there is an

error after I run the utdsutil.exe to ntds.dit file. The message is :-

 

"Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non

database file or corrupted db) after 1.750 seconds.

 

Spawned Process Exit code 0xfffffb4a(-1206)

 

If integrity was successful, it is recommended you run semantic database

analysis to ensure semantic database consistency as well."

 

AND

 

"Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum

error on a database page) after 1.672 seconds."

 

Any further checking I can do?

 

Thanks,

Berthold

 

 

 

 

"Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl...

> Hi

> Some possible solutions:

> *Solution1:

> Perform restore operation to resolve the issue with your lastest Systate

> BACKUP.

>

> *Solution 2:

> In case this is not the only DC in the domain, you can simply rebuild it.

> At the same time, you will need to perform the steps below before

> re-promoting the server:

> 1. Seize FSMO roles to the existing DC in the domain. For the detailed

> steps, you can refer to the following Microsoft Knowledge Base article:

> Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

> http://support.microsoft.com/?id=255504

> 2. Remove remnant entries of the corrupted DC from AD database.

> How to remove data in Active Directory after an unsuccessful domain

> controller demotion

> http://support.microsoft.com/?id=216498

> 3. Then, you can re-promote the server

>

> *Solution 3:

> If this is the only DC, you can use ntdsutil.exe to repair AD database

> ntds.dit. However it might not completely resolve the issue. In some

> situation, certain configurations will be lost.

> "Directory Services cannot start" error message when you start your

> Windows-based or SBS-based domain controller

> http://support.microsoft.com/?id=258062

> How to complete a semantic database analysis for the Active Directory

> database by using Ntdsutil.exe

> http://support.microsoft.com/default.aspx?scid=kb;en-us;315136

> Additional Information

> Exchange Server 2003 Disaster Recovery Operations Guide

> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...

> Disaster Recovery Tips and Tricks

> http://www.petri.co.il/disaster_recovery.htm

>

> --

> I hope that the information above helps you.

> Have a Nice day.

>

> Jorge Silva

> MCSE, MVP Directory Services

> "birdto" <birdto@mail.hongkong.com> wrote in message

> news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...

>> The file ntds.dit corrupted and the DC can't be started in normal state.

>> Go to AD recovery mode and tried to run ntdsutil and still can't be

>> recovered. Can anyone help me to resolve this problem?

>>

>> I'd read some web info and nearly all of them are having below error

>> message:-

>>

>> lsass.exe-System Error: Security Accounts Manager initialization failed

>> because of the following error: Directory Service cannot start. Error

>> Status: 0xc00002e1. Please click OK to shutdown this system and reboot

>> into Directory Services Restore Mode, check the event log for more

>> detailed information.

>>

>> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is

>> there any difference?

>>

>> Thx in advance

>>

>> - Berthold

>>

>

>

Guest birdto

Guest birdto

Posted
Posted

Re: ntds.dit corrupted but no good state backup

 

Thanks for your kind advise, Jorge.

 

There is only 1 DC and I have to use the 3rd solution. However, there is an

error after I run the utdsutil.exe to ntds.dit file. The message is :-

 

"Operation terminated with error -1206 (JET_errDatabaseCorrupted, Non

database file or corrupted db) after 1.750 seconds.

 

Spawned Process Exit code 0xfffffb4a(-1206)

 

If integrity was successful, it is recommended you run semantic database

analysis to ensure semantic database consistency as well."

 

AND

 

"Operation terminated with error -1018 (JET_errReadVerifyFailure, Checksum

error on a database page) after 1.672 seconds."

 

Any further checking I can do?

 

Thanks,

Berthold

 

 

 

 

"Jorge Silva" <jorgesilva_pt@hotmail.com> ¼¶¼g©ó¶l¥ó·s»D:uKFJ16G2HHA.5796@TK2MSFTNGP05.phx.gbl...

> Hi

> Some possible solutions:

> *Solution1:

> Perform restore operation to resolve the issue with your lastest Systate

> BACKUP.

>

> *Solution 2:

> In case this is not the only DC in the domain, you can simply rebuild it.

> At the same time, you will need to perform the steps below before

> re-promoting the server:

> 1. Seize FSMO roles to the existing DC in the domain. For the detailed

> steps, you can refer to the following Microsoft Knowledge Base article:

> Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

> http://support.microsoft.com/?id=255504

> 2. Remove remnant entries of the corrupted DC from AD database.

> How to remove data in Active Directory after an unsuccessful domain

> controller demotion

> http://support.microsoft.com/?id=216498

> 3. Then, you can re-promote the server

>

> *Solution 3:

> If this is the only DC, you can use ntdsutil.exe to repair AD database

> ntds.dit. However it might not completely resolve the issue. In some

> situation, certain configurations will be lost.

> "Directory Services cannot start" error message when you start your

> Windows-based or SBS-based domain controller

> http://support.microsoft.com/?id=258062

> How to complete a semantic database analysis for the Active Directory

> database by using Ntdsutil.exe

> http://support.microsoft.com/default.aspx?scid=kb;en-us;315136

> Additional Information

> Exchange Server 2003 Disaster Recovery Operations Guide

> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/di...

> Disaster Recovery Tips and Tricks

> http://www.petri.co.il/disaster_recovery.htm

>

> --

> I hope that the information above helps you.

> Have a Nice day.

>

> Jorge Silva

> MCSE, MVP Directory Services

> "birdto" <birdto@mail.hongkong.com> wrote in message

> news:%23K2jGXE2HHA.4672@TK2MSFTNGP05.phx.gbl...

>> The file ntds.dit corrupted and the DC can't be started in normal state.

>> Go to AD recovery mode and tried to run ntdsutil and still can't be

>> recovered. Can anyone help me to resolve this problem?

>>

>> I'd read some web info and nearly all of them are having below error

>> message:-

>>

>> lsass.exe-System Error: Security Accounts Manager initialization failed

>> because of the following error: Directory Service cannot start. Error

>> Status: 0xc00002e1. Please click OK to shutdown this system and reboot

>> into Directory Services Restore Mode, check the event log for more

>> detailed information.

>>

>> However, for me, the error code is 0xc00000e5 instead of 0xc00002e1. Is

>> there any difference?

>>

>> Thx in advance

>>

>> - Berthold

>>

>

>

 Share
Go to topic listing
×
×
  • Create New...