Windows Server 2003 R2 "Directory Service cannot start" problem

I use a Windows 2003 Server as a file server, Domain Controller and Exchange 2003 server. The config stays pretty much the same all the time - I never add or delete users or change the AD settings. So I've been lazy about backups and don't have any recent backups (all well over 90 days old). This morning, it fails during bootup with "Directory Service cannot start - click ok to shutdown and restart in Directory Services Restore Mode". It would not be a disaster if I had to rebuild it from scratch except that it has a lot of stored emails in the Exchange server.

I'm able to log in under Directory Services Restore Mode, but cannot run exmerge.exe to extract the emails from Exchange because it appears to need the Directory Services. If I restore the System State using one of my old backups, there is a risk that it will trash everything because the backup is too old (more than the "tombstone" date). Is there a solution?
LVL 19
feptiasAsked:
Who is Participating?
 
feptiasAuthor Commented:
I'm posting an update in case some of the suggestions or links may be useful to others with the same problem.

Zelron22, your link led me to this article, but the suggestions there did not fix my problem:
http://support.microsoft.com/kb/258062/en-us
So I raised a "break-fix" issue with Microsoft and they suggested various remedies summarised here:

1. Check NTDS folder permission under C:\Windows:
Account Permissions;  System Full Control;  Administrators Full Control;  Creator Owner Full Control
Local Service Create Folders / Append Data

2. Boot the server in Directory Services Restore Mode, then run the following:
Ntdsutil-> Files -> Recover  (Wait for the soft recovery to be finished)
If the soft recovery succeeds, you will be back to the "file maintenance:" prompt;
Type in "quit" -> "Semantic database analysis" -> "Go fixup".
If that fails, try:
esentutl /g "c:\windows\ntds\ntds.dit"  
esentutl /p "c:\windows\ntds\ntds.dit"
(Caution: I read somewhere that certain directory repair options may be potentially harmful to the directory database in the long term and so should only be tried as a last resort)

Microsoft directed me to some other Technical KB articles as follows:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;232122
http://support.microsoft.com/default.aspx?scid=KB;EN-US;315131

However, what finally fixed it was that I renamed all the *.log files in Windows\NTDS to a name that did not end with ".log", then rebooted in normal mode and it was ok again. Windows re-created the log files.

With hindsight, the problem appears to have been with the NTDS log files and there were a couple of events in the Windows system log that pointed to that possibility (sorry should have included them in my earlier response). They were:
NTDS ISAM, Event 477, NTDS (464) NTDSA: The log range read from the file
"C:\WINDOWS\NTDS\edb.log" at offset 4319232 (0x000000000041e800) for 512
(0x00000200) bytes failed verification due to a range checksum mismatch.  The
read operation will fail with error -501 (0xfffffe0b).  If this condition
persists then please restore the logfile from a previous backup.

NTDS ISAM, Event 465, NTDS (464) NTDSA: Corruption was detected during soft
recovery in logfile C:\WINDOWS\NTDS\edb.log. The failing checksum record is
located at position END. Data not matching the log-file fill pattern first
appeared in sector 8437 (0x000020F5). This logfile has been damaged and is
unusable.

I did not have to resort to restoring anything from my old backup, but only time will tell if the system is now stable. By the way, Microsoft also recommended excluding C:\Windows\NTDS folder from any AV scanning.
0
 
zelron22Commented:
Any error messages in the logs, or pop-ups?
0
 
feptiasAuthor Commented:
Pop-up during boot says roughly what I quoted above "Directory Service cannot start - click ok to shutdown and restart in Directory Services Restore Mode". Once logged in, the event log for Directory Service has the following errors:
NTDS ISAM, Event ID 454, NTDS (464) NTDSA: Database recovery/restore failed with unexpected error -501.
NTDS General, Event ID 1168, Internal error: An Active Directory error has occurred, additional data: Error value (decimal) -501,  hex fffffe0b, Internal ID 40749
NTDS General, Event ID 1003, Active Directory could not be initialised. The operating system cannot recover from this error. User Action: Restore the local domain controller from backup media.

It doesn't sound good, does it!
(I'll be out for about 1 hour now - got to see the dentist. Not my lucky day!!)
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
zelron22Commented:
Woof.  It doesn't look good.  You might try this thread http://www.winserverhelp.com/ftopic39017.html

Otherwise, I'd recommend calling Microsoft's PSS and see if they can help.
0
 
bdesmondCommented:
In addition to the antivirus exclusions you need to test the I/O subsystem on this box. It has problems. Update the drivers for the controller as well while you're at it. Firmware, etc.


Thanks,
Brian Desmond
Active Directory MVP
0
 
feptiasAuthor Commented:
Hi Brian. Your contribution is much appreciated, but can you point me in the right direction as to how I set about "testing the I/O subsystem" please?

For info: The server has a pair of mirrored Western Digital SATA hard disks using the onboard Intel 82801FR RAID controller on an ASUS P5GD1 motherboard. RAID management software is Intel Matrix and it reports the status of both disks as normal. It has 2GB of memory.

I suspect that one of the contributory factors to the problems I see on this server (this is not the first problem it has had) is the fact that I shut it down every evening and restart it again the next morning. It seems to me that Windows Server is much happier when left running 24x7. The fact that it is a DC and has Exchange 2003 installed on it may also not help, but it does not get heavily used for anything.
0
 
bdesmondCommented:
Gracefully shutting down a server should not cause physical corruption of a file. If you're just pulling the plug then yes this probably will happen. The box should be fine being shut down everyday although for an email server that seems kind of odd.

Typically the manufacturer provides hardware diagnostics tools.

Thanks,
Brian Desmond
Active Directory MVP
0
 
feptiasAuthor Commented:
Brian, the server is always shut down gracefully.

That installation of Exchange is not my main email server - I use it only as a test machine and also as a local store for a couple of email accounts that get downloaded from POP3 mail boxes on the Internet. It was useful to store the downloaded mails on Exchange because then they were accessible from any PC on my LAN (via Outlook). The more usual POP3 download - direct to the workstation - means you can only look at old emails if you are sat in front of the same workstation that downloaded them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.