Solved

Domain Controller Services not starting Event 1168.

Posted on 2006-06-15
10
1,727 Views
Last Modified: 2012-05-05
Our win2k3 sp1 Domain controller crashed over night and now it will not run on the Domain.  When you start it up all server related services fail(DNS DHCP RPC, Server, etc.).

I get an even on start up that seems to trigger it all of event id:1168

Event Type:      Error
Event Source:      NTDS General
Event Category:      Internal Processing
Event ID:      1168
Date:            6/15/2006
Time:            3:40:29 AM
User:            N/A
Computer:      JMPSERVER1
Description:
Internal error: An Active Directory error has occurred.
 
Additional Data
Error value (decimal):
1053
Error value (hex):
41d
Internal ID:
30004df

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I have ran an integrity check on ntds.dit using ntdsutil which was successful.

I cant get this thing working should i do a ntdsutil recover?

0
Comment
Question by:JMPENG
  • 6
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16914013
is there an event 1003, The Windows Directory Service database could not be initialized and returned error <error code>. Unrecoverable error, the directory can't continue.

if so then the AD database could be corrupt.
do you have any other Dc's in the dopmain.
if so then you could run esentutl tool, to repair the database. semantic database analysis in ntdsutil would run clean and report no errors.

0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16914018
by any chance do you happen to have a good / recent system state backup ?

0
 

Author Comment

by:JMPENG
ID: 16914079
I don't get 1003.
I seem to get these errors on start up.

1168, 2088, 1824, then 1473.

I do ahve another DC, I have ran semantic database analysis, it was successful

And do to some other problems we were having I have no good recent backup.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16914335
lets check whether the Ldap can bind.
from the other Dc or any comp where the support tools are installed, can you run a dcdiag /v /s:name of the problem dc >dcdiag.txt.
its bound to fail on Ldap bind, can you give me the Ldap bind error (is it 55)
0
 

Author Comment

by:JMPENG
ID: 16914788
Domain Controller Diagnosis

Performing initial setup:
   * Connecting to directory service on server jmpserver1.
   ["Problem dc"] LDAP search failed with error 58,
   The specified server cannot perform the requested operation..
   ***Error: The machine, "problem dc" could not be contacted, because of a bad

   net  response.  Check to make sure that this machine is a Domain Controller.

0
 

Author Comment

by:JMPENG
ID: 16914803
I think I have given up on this thing.  It was the master of all roles, so should I do a role seize with ntdsutil?  
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
ID: 16915007
yes you can seize all the roles to the other Dc, make sure that its a GC as well.
after that do a metadata cleanup on the other DC.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498 so that  any traces of the old Dc  remove them from the DNS as well.
once thats done you can join this machine to the domain.

if a Dc does not boot in the normal mode due to any reason, and you want to demote it, you need not reinstall the OS, what you can do is in the registry go to the registry.

HKLM\system\ccs\control\productoptions under that there is a reg string value called product type
for DC its LanmanNT
member server its ServerNT and for normal w/s its WinNT.
so to demote the DC, change it to ServerNT and reboot, then you need to promote it into a new forest/new domain to remove the AD traces from it, basically promote it in a dummy forest and then demote it using DCpromo which will be a graceful demotion, it helps because it does not leave any traces of the original domain. once thats done reboot again, add it to the correct domain and then promote it as a DC.


The LDAP error could be either due to winsock corruption or some other driver is overriding the default, if thats the case then you might come across the same problem again , in which case you would have to recreate winsock. (i got this info from a buddy who is a PSS engineer at MS)
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16920992
if its a winsock corruption then netdiag should let you know about it.

run netdiag /v /s: server

0
 

Author Comment

by:JMPENG
ID: 16923629
Alright I have seized the roles and moved the services.  Everything seems to be stable for now.  Thanks for all the help kprad.
0
 
LVL 13

Expert Comment

by:Kini pradeep
ID: 16923643
no problem, you are welcome.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question