0xc0000227 booting 2003 DC; will only boot in Directory Services Restore; System State Restore doesn't help

This has happened before on this server; last time a System Restore off tape backup fixed it.

The server is a DC with GC. Fortunately it's not the most important server in the organisation.

Error this morning:
Security account manager initialization failed because of the following error.  Directory service cannot start.  Error Status Oxc00002e1.  Please click OK to shutdown this system and reboot into directory service restore mode.  check the event log for more details information."

Error after restore of System State from tape:
Directory Services could not start because of the following error: A transaction recover failed.
Error Status: 0xc0000227. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.

I have tried going back a few days with tape restores but to no avail -- same error.

The restore from tape gives the following errors in the Directory Services Log:
Source NTDS Backup, ID 2055
The database restore operation failed.
 Additional Data
Error value:
-573 (0xfffffdc3)
JET_errLogCorruptDuringHardRestore, corruption was detected in a backup set during hard restore

Source NTDS Backup, ID 1198
Internal error: Active Directory failed to restore from backup media.
Additional Data
Error value:
3355443773 (0xc800023d)

On reboot the Application Log gives the following error:
Source ESENT, ID 463
lsass (396) Restore0001: Corruption was detected while restoring from backup logfile C:\WINDOWS\NTDS\edb0003B.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 2304 (0x00000900). This logfile has been damaged and is unusable.

Running ntdsutil files integrity gives the following error in the Application log:
Source ESENT, ID 455
NTDS (1124) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

Running ntdsutil files recover gives the following error in the Application log:
esentutl (2804) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

I cannot boot the server into normal mode.
So I cannot run dcpromo to demote it and then re-promote it.

http://support.microsoft.com/kb/311502 appears to be the worst written article I have ever seen! I can't make head nor tail of it. It doesn't appear to be the precise error I have anyway.

http://support.microsoft.com/kb/258062 is better but again isn't a perfect match by any standards.

I could do with getting the server up and running again. The domain itself matters a great deal, but this is one of 4 DC/GC on this domain, thankfully...

Any help would be most appreciated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chkdsk /r in ERC ??
seworbyAuthor Commented:
One of the problems I face (not uncommon, I suspect) is that the server is remote. I can boot into Recovery Mode only once remotely, becuase I cannot hit F8 unless I am there! I had previously run chkdsk c: /f a couple of times, to no avail.

I have now, from the Recovery Mode, run chkdsk c: /r and and am in the process of rebooting (to perform the chkdsk).

I will advise; to be honest as I've already done with /f I don't hold out much hope...

Thanks, Simon
seworbyAuthor Commented:
I'm sorry to report that chkdsk /r hasn't helped. It has rebooted but with the same error as before.
Thanks, Simon
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

Whats the output from:

ntdsutil files info

Then we need to check the permissions on those file stuctures as well.
seworbyAuthor Commented:
ntdsutil files info
ntdsutil: files
file maintenance: info

Drive Information:

        C:\ NTFS (Fixed Drive  ) free(4.8 Gb) total(11.9 Gb)
        D:\ NTFS (Fixed Drive  ) free(220.4 Gb) total(397.8 Gb)

DS Path Information:

        Database   : C:\WINDOWS\NTDS\ntds.dit - 28.2 Mb
        Backup dir : C:\WINDOWS\NTDS\dsadata.bak
        Working dir: C:\WINDOWS\NTDS
        Log dir    : C:\WINDOWS\NTDS - 30.2 Mb total
                        res2.log - 10.0 Mb
                        res1.log - 10.0 Mb
                        ntds.INTEG.RAW - 29.2 Kb
                        edb00037.log - 10.0 Mb
file maintenance:

The c:\windows\ntds directory has the permissions as per KB258062...

Thanks, Simon
seworbyAuthor Commented:
Bit of a breakthrough... I have the server up and running again, at least for now...

esentutl /g c:\windows\ntds\ntds.dit" /8 /o

esentutl /p c:\windows\ntds\ntds.dit" /8 /o
seemed to repair it, then

esentutl /g c:\windows\ntds\ntds.dit" /8 /o

I'm not sure of the implications of repairing/rebuilding this, but the server is up and running now.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.