hitechauto
asked on
AD ON SERV 2003
Hi There
AD has bombed out on my DC, the error i get is.
There is an internal error in AD, the system cannot recover from this error
Please use AD restore mode to correct the problem.
PLEASE HELP, WHAT STEPS CAN I TAKE WITH HAVING TO GO TO ANY EXTREME'S
THANKS
AD has bombed out on my DC, the error i get is.
There is an internal error in AD, the system cannot recover from this error
Please use AD restore mode to correct the problem.
PLEASE HELP, WHAT STEPS CAN I TAKE WITH HAVING TO GO TO ANY EXTREME'S
THANKS
Has the backup drive failed on the failed DC? Were AD data files stored on this drive as well?
It sounds like the cause of the problem would be drive failure if that is what you have problems accessing - and this is the first thing that needs to be sorted.
Did you create an AD restore mode disk?
It sounds like the cause of the problem would be drive failure if that is what you have problems accessing - and this is the first thing that needs to be sorted.
Did you create an AD restore mode disk?
ASKER
Put it too you this way, i dont have a system state backup.
I can runt the dc in retore mode but not able to find a valid up to date backup. so restoring from a backup is out of the question.
What steps should i take????
I can runt the dc in retore mode but not able to find a valid up to date backup. so restoring from a backup is out of the question.
What steps should i take????
Presumably the server is booting at the moment, but not starting Active Directory? Or is it not letting you in at all? If it won't let you in, can you start in Safe Mode to get access to the system?
If you have people after data that is on the system, the most important thing is to get this data off the system and onto another (e.g. another DC) so that they can access it while you go about repairing the failed DC.
If you have people after data that is on the system, the most important thing is to get this data off the system and onto another (e.g. another DC) so that they can access it while you go about repairing the failed DC.
> CAN I DO A SYSTEM STATE BACKUP ON OUR 2ND DC AND RESTORE ON OUR GOBAL CATALOG??????
If you have a second DC is it reporting the same errors?
If it's quite happy then it can take over and DC1 can (and should) be turned off.
1. Install DNS (or check it's installed) on DC2
2. Seize any FSMO roles DC2 doesn't have
3. Make it a Global Catalog
4. Run "ipconfig /flushdns" then "ipconfig /registerdns"
5. Restart the NetLogon Service
If you're running DHCP that will need reconfiguring to ensure the clients have the correct DNS Server.
These are the individual steps for each of those:
1. Installing DNS
- If the DNS Service is not currently installed go to Add / Remove Programs and add it.
- Ensure the service starts correctly
- Open DNS Manager
- Right click on Forward Lookup Zones and select "New Zone..."
If you have a second DC is it reporting the same errors?
If it's quite happy then it can take over and DC1 can (and should) be turned off.
1. Install DNS (or check it's installed) on DC2
2. Seize any FSMO roles DC2 doesn't have
3. Make it a Global Catalog
4. Run "ipconfig /flushdns" then "ipconfig /registerdns"
5. Restart the NetLogon Service
If you're running DHCP that will need reconfiguring to ensure the clients have the correct DNS Server.
These are the individual steps for each of those:
1. Installing DNS
- If the DNS Service is not currently installed go to Add / Remove Programs and add it.
- Ensure the service starts correctly
- Open DNS Manager
- Right click on Forward Lookup Zones and select "New Zone..."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Okay... now onto the less likely solutions.
If you have any DCs with a System State backup that would help a lot.
To Restore the system state you need to get Directory Service mode available. To get that..
1. Install Windows 200x on a Server
2. Install the very basics of Active Directory - don't bother configuring it, it's about to be overwritten
Then these instructions can take over:
http://support.microsoft.com/default.aspx?scid=kb;en-us;240363&sd=tech
After this the steps above should be followed to make the restored DC hold the FSMO Roles, run DNS and behave as a Global Catalog, etc.
There are a few options for attempting to repair AD... but I need to check a few things before I post them.
If you don't have a backup of the server or another working domain controller then it gets very difficult.
Next one is using the Integrity checker in NTDSUtil. Don't hold out a lot of hope for this one, it's intended that you only use it after preforming a recovery. Because of that, this one is a last resort and you should probably make a backup of the broken server before running it:
ntdsutil
files
integrity
This one might take a while to run. If none of that helps then I'll have a look around again.
Chris
ASKER
HAVING TROUBLE ACCESSING THE BACKUP DRIVE ON THE DC THAT AD HAS CRASHED ON.
IS THERE ANY SORT OF COMMAND LINE THAT I CAN USE IN DIRECTORY SERVICES RESTORE MODE TO CHECK AND REPAIR THE PROBLEM.
PLEASE GUYS THIS IS VERY URGENT, I HAVE 80 CLIENTS THAT NEED TO GET THERE DATA