0xc0000227 booting 2003 DC; will only boot in Directory Services Restore; System State Restore doesn't help

Posted on 2008-11-10
Last Modified: 2012-08-13
This has happened before on this server; last time a System Restore off tape backup fixed it.

The server is a DC with GC. Fortunately it's not the most important server in the organisation.

Error this morning:
Security account manager initialization failed because of the following error.  Directory service cannot start.  Error Status Oxc00002e1.  Please click OK to shutdown this system and reboot into directory service restore mode.  check the event log for more details information."

Error after restore of System State from tape:
Directory Services could not start because of the following error: A transaction recover failed.
Error Status: 0xc0000227. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.

I have tried going back a few days with tape restores but to no avail -- same error.

The restore from tape gives the following errors in the Directory Services Log:
Source NTDS Backup, ID 2055
The database restore operation failed.
 Additional Data
Error value:
-573 (0xfffffdc3)
JET_errLogCorruptDuringHardRestore, corruption was detected in a backup set during hard restore

Source NTDS Backup, ID 1198
Internal error: Active Directory failed to restore from backup media.
Additional Data
Error value:
3355443773 (0xc800023d)

On reboot the Application Log gives the following error:
Source ESENT, ID 463
lsass (396) Restore0001: Corruption was detected while restoring from backup logfile C:\WINDOWS\NTDS\edb0003B.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 2304 (0x00000900). This logfile has been damaged and is unusable.

Running ntdsutil files integrity gives the following error in the Application log:
Source ESENT, ID 455
NTDS (1124) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

Running ntdsutil files recover gives the following error in the Application log:
esentutl (2804) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

I cannot boot the server into normal mode.
So I cannot run dcpromo to demote it and then re-promote it. appears to be the worst written article I have ever seen! I can't make head nor tail of it. It doesn't appear to be the precise error I have anyway. is better but again isn't a perfect match by any standards.

I could do with getting the server up and running again. The domain itself matters a great deal, but this is one of 4 DC/GC on this domain, thankfully...

Any help would be most appreciated.
Question by:seworby
    LVL 7

    Expert Comment

    chkdsk /r in ERC ??

    Author Comment

    One of the problems I face (not uncommon, I suspect) is that the server is remote. I can boot into Recovery Mode only once remotely, becuase I cannot hit F8 unless I am there! I had previously run chkdsk c: /f a couple of times, to no avail.

    I have now, from the Recovery Mode, run chkdsk c: /r and and am in the process of rebooting (to perform the chkdsk).

    I will advise; to be honest as I've already done with /f I don't hold out much hope...

    Thanks, Simon

    Author Comment

    I'm sorry to report that chkdsk /r hasn't helped. It has rebooted but with the same error as before.
    Thanks, Simon
    LVL 7

    Expert Comment

    Whats the output from:

    ntdsutil files info

    Then we need to check the permissions on those file stuctures as well.

    Author Comment

    ntdsutil files info
    ntdsutil: files
    file maintenance: info

    Drive Information:

            C:\ NTFS (Fixed Drive  ) free(4.8 Gb) total(11.9 Gb)
            D:\ NTFS (Fixed Drive  ) free(220.4 Gb) total(397.8 Gb)

    DS Path Information:

            Database   : C:\WINDOWS\NTDS\ntds.dit - 28.2 Mb
            Backup dir : C:\WINDOWS\NTDS\dsadata.bak
            Working dir: C:\WINDOWS\NTDS
            Log dir    : C:\WINDOWS\NTDS - 30.2 Mb total
                            res2.log - 10.0 Mb
                            res1.log - 10.0 Mb
                            ntds.INTEG.RAW - 29.2 Kb
                            edb00037.log - 10.0 Mb
    file maintenance:

    The c:\windows\ntds directory has the permissions as per KB258062...

    Thanks, Simon

    Accepted Solution

    Bit of a breakthrough... I have the server up and running again, at least for now...

    esentutl /g c:\windows\ntds\ntds.dit" /8 /o

    esentutl /p c:\windows\ntds\ntds.dit" /8 /o
    seemed to repair it, then

    esentutl /g c:\windows\ntds\ntds.dit" /8 /o

    I'm not sure of the implications of repairing/rebuilding this, but the server is up and running now.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    First I will try to share a design of a Veeam Backup Infrastructure without Direct NFS Access backup.  ( Note: Direct NFS Access backup …
    In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now