?
Solved

Windows Server 2003 R2 "Directory Service cannot start" problem

Posted on 2009-04-07
8
Medium Priority
?
5,553 Views
Last Modified: 2012-05-06
I use a Windows 2003 Server as a file server, Domain Controller and Exchange 2003 server. The config stays pretty much the same all the time - I never add or delete users or change the AD settings. So I've been lazy about backups and don't have any recent backups (all well over 90 days old). This morning, it fails during bootup with "Directory Service cannot start - click ok to shutdown and restart in Directory Services Restore Mode". It would not be a disaster if I had to rebuild it from scratch except that it has a lot of stored emails in the Exchange server.

I'm able to log in under Directory Services Restore Mode, but cannot run exmerge.exe to extract the emails from Exchange because it appears to need the Directory Services. If I restore the System State using one of my old backups, there is a risk that it will trash everything because the backup is too old (more than the "tombstone" date). Is there a solution?
0
Comment
Question by:feptias
  • 4
  • 2
  • 2
8 Comments
 
LVL 15

Expert Comment

by:zelron22
ID: 24087248
Any error messages in the logs, or pop-ups?
0
 
LVL 19

Author Comment

by:feptias
ID: 24087469
Pop-up during boot says roughly what I quoted above "Directory Service cannot start - click ok to shutdown and restart in Directory Services Restore Mode". Once logged in, the event log for Directory Service has the following errors:
NTDS ISAM, Event ID 454, NTDS (464) NTDSA: Database recovery/restore failed with unexpected error -501.
NTDS General, Event ID 1168, Internal error: An Active Directory error has occurred, additional data: Error value (decimal) -501,  hex fffffe0b, Internal ID 40749
NTDS General, Event ID 1003, Active Directory could not be initialised. The operating system cannot recover from this error. User Action: Restore the local domain controller from backup media.

It doesn't sound good, does it!
(I'll be out for about 1 hour now - got to see the dentist. Not my lucky day!!)
0
 
LVL 15

Assisted Solution

by:zelron22
zelron22 earned 1000 total points
ID: 24087670
Woof.  It doesn't look good.  You might try this thread http://www.winserverhelp.com/ftopic39017.html

Otherwise, I'd recommend calling Microsoft's PSS and see if they can help.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Accepted Solution

by:
feptias earned 0 total points
ID: 24121673
I'm posting an update in case some of the suggestions or links may be useful to others with the same problem.

Zelron22, your link led me to this article, but the suggestions there did not fix my problem:
http://support.microsoft.com/kb/258062/en-us
So I raised a "break-fix" issue with Microsoft and they suggested various remedies summarised here:

1. Check NTDS folder permission under C:\Windows:
Account Permissions;  System Full Control;  Administrators Full Control;  Creator Owner Full Control
Local Service Create Folders / Append Data

2. Boot the server in Directory Services Restore Mode, then run the following:
Ntdsutil-> Files -> Recover  (Wait for the soft recovery to be finished)
If the soft recovery succeeds, you will be back to the "file maintenance:" prompt;
Type in "quit" -> "Semantic database analysis" -> "Go fixup".
If that fails, try:
esentutl /g "c:\windows\ntds\ntds.dit"  
esentutl /p "c:\windows\ntds\ntds.dit"
(Caution: I read somewhere that certain directory repair options may be potentially harmful to the directory database in the long term and so should only be tried as a last resort)

Microsoft directed me to some other Technical KB articles as follows:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;232122
http://support.microsoft.com/default.aspx?scid=KB;EN-US;315131

However, what finally fixed it was that I renamed all the *.log files in Windows\NTDS to a name that did not end with ".log", then rebooted in normal mode and it was ok again. Windows re-created the log files.

With hindsight, the problem appears to have been with the NTDS log files and there were a couple of events in the Windows system log that pointed to that possibility (sorry should have included them in my earlier response). They were:
NTDS ISAM, Event 477, NTDS (464) NTDSA: The log range read from the file
"C:\WINDOWS\NTDS\edb.log" at offset 4319232 (0x000000000041e800) for 512
(0x00000200) bytes failed verification due to a range checksum mismatch.  The
read operation will fail with error -501 (0xfffffe0b).  If this condition
persists then please restore the logfile from a previous backup.

NTDS ISAM, Event 465, NTDS (464) NTDSA: Corruption was detected during soft
recovery in logfile C:\WINDOWS\NTDS\edb.log. The failing checksum record is
located at position END. Data not matching the log-file fill pattern first
appeared in sector 8437 (0x000020F5). This logfile has been damaged and is
unusable.

I did not have to resort to restoring anything from my old backup, but only time will tell if the system is now stable. By the way, Microsoft also recommended excluding C:\Windows\NTDS folder from any AV scanning.
0
 
LVL 6

Assisted Solution

by:bdesmond
bdesmond earned 500 total points
ID: 24123628
In addition to the antivirus exclusions you need to test the I/O subsystem on this box. It has problems. Update the drivers for the controller as well while you're at it. Firmware, etc.


Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 19

Author Comment

by:feptias
ID: 24125758
Hi Brian. Your contribution is much appreciated, but can you point me in the right direction as to how I set about "testing the I/O subsystem" please?

For info: The server has a pair of mirrored Western Digital SATA hard disks using the onboard Intel 82801FR RAID controller on an ASUS P5GD1 motherboard. RAID management software is Intel Matrix and it reports the status of both disks as normal. It has 2GB of memory.

I suspect that one of the contributory factors to the problems I see on this server (this is not the first problem it has had) is the fact that I shut it down every evening and restart it again the next morning. It seems to me that Windows Server is much happier when left running 24x7. The fact that it is a DC and has Exchange 2003 installed on it may also not help, but it does not get heavily used for anything.
0
 
LVL 6

Expert Comment

by:bdesmond
ID: 24126523
Gracefully shutting down a server should not cause physical corruption of a file. If you're just pulling the plug then yes this probably will happen. The box should be fine being shut down everyday although for an email server that seems kind of odd.

Typically the manufacturer provides hardware diagnostics tools.

Thanks,
Brian Desmond
Active Directory MVP
0
 
LVL 19

Author Comment

by:feptias
ID: 24128460
Brian, the server is always shut down gracefully.

That installation of Exchange is not my main email server - I use it only as a test machine and also as a local store for a couple of email accounts that get downloaded from POP3 mail boxes on the Internet. It was useful to store the downloaded mails on Exchange because then they were accessible from any PC on my LAN (via Outlook). The more usual POP3 download - direct to the workstation - means you can only look at old emails if you are sat in front of the same workstation that downloaded them.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question