• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2895
  • Last Modified:

0xc0000227 booting 2003 DC; will only boot in Directory Services Restore; System State Restore doesn't help

This has happened before on this server; last time a System Restore off tape backup fixed it.

The server is a DC with GC. Fortunately it's not the most important server in the organisation.

Error this morning:
Security account manager initialization failed because of the following error.  Directory service cannot start.  Error Status Oxc00002e1.  Please click OK to shutdown this system and reboot into directory service restore mode.  check the event log for more details information."

Error after restore of System State from tape:
Directory Services could not start because of the following error: A transaction recover failed.
Error Status: 0xc0000227. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.

I have tried going back a few days with tape restores but to no avail -- same error.

The restore from tape gives the following errors in the Directory Services Log:
Source NTDS Backup, ID 2055
The database restore operation failed.
 Additional Data
Error value:
-573 (0xfffffdc3)
JET_errLogCorruptDuringHardRestore, corruption was detected in a backup set during hard restore

Source NTDS Backup, ID 1198
Internal error: Active Directory failed to restore from backup media.
Additional Data
Error value:
3355443773 (0xc800023d)

On reboot the Application Log gives the following error:
Source ESENT, ID 463
lsass (396) Restore0001: Corruption was detected while restoring from backup logfile C:\WINDOWS\NTDS\edb0003B.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 2304 (0x00000900). This logfile has been damaged and is unusable.

Running ntdsutil files integrity gives the following error in the Application log:
Source ESENT, ID 455
NTDS (1124) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

Running ntdsutil files recover gives the following error in the Application log:
esentutl (2804) Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\NTDS\edb.log.

I cannot boot the server into normal mode.
So I cannot run dcpromo to demote it and then re-promote it.

http://support.microsoft.com/kb/311502 appears to be the worst written article I have ever seen! I can't make head nor tail of it. It doesn't appear to be the precise error I have anyway.

http://support.microsoft.com/kb/258062 is better but again isn't a perfect match by any standards.

I could do with getting the server up and running again. The domain itself matters a great deal, but this is one of 4 DC/GC on this domain, thankfully...

Any help would be most appreciated.
  • 4
  • 2
1 Solution
chkdsk /r in ERC ??
seworbyAuthor Commented:
One of the problems I face (not uncommon, I suspect) is that the server is remote. I can boot into Recovery Mode only once remotely, becuase I cannot hit F8 unless I am there! I had previously run chkdsk c: /f a couple of times, to no avail.

I have now, from the Recovery Mode, run chkdsk c: /r and and am in the process of rebooting (to perform the chkdsk).

I will advise; to be honest as I've already done with /f I don't hold out much hope...

Thanks, Simon
seworbyAuthor Commented:
I'm sorry to report that chkdsk /r hasn't helped. It has rebooted but with the same error as before.
Thanks, Simon
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Whats the output from:

ntdsutil files info

Then we need to check the permissions on those file stuctures as well.
seworbyAuthor Commented:
ntdsutil files info
ntdsutil: files
file maintenance: info

Drive Information:

        C:\ NTFS (Fixed Drive  ) free(4.8 Gb) total(11.9 Gb)
        D:\ NTFS (Fixed Drive  ) free(220.4 Gb) total(397.8 Gb)

DS Path Information:

        Database   : C:\WINDOWS\NTDS\ntds.dit - 28.2 Mb
        Backup dir : C:\WINDOWS\NTDS\dsadata.bak
        Working dir: C:\WINDOWS\NTDS
        Log dir    : C:\WINDOWS\NTDS - 30.2 Mb total
                        res2.log - 10.0 Mb
                        res1.log - 10.0 Mb
                        ntds.INTEG.RAW - 29.2 Kb
                        edb00037.log - 10.0 Mb
file maintenance:

The c:\windows\ntds directory has the permissions as per KB258062...

Thanks, Simon
seworbyAuthor Commented:
Bit of a breakthrough... I have the server up and running again, at least for now...

esentutl /g c:\windows\ntds\ntds.dit" /8 /o

esentutl /p c:\windows\ntds\ntds.dit" /8 /o
seemed to repair it, then

esentutl /g c:\windows\ntds\ntds.dit" /8 /o

I'm not sure of the implications of repairing/rebuilding this, but the server is up and running now.


Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now