lsass.exe - System Error : Directory Services could not start because of the The specific network password is not correct. Error status 0xc000006a

Posted on 2009-12-23
Medium Priority
Last Modified: 2016-10-27
Hi everybody,

I re-installed a new sbs 2003 server on the same computer as before, i updated it to service pack 2 & all the most recent security patches with an active directory configured.

After that, I reboot the server and Pressed F8 to boot into directory services restore mode, restored the server from the last known backup (I have a acronis image from my server and a systate backup from ntbackup)

I  restore the ntds folder from acronis and place it on the server to replace the files and set the permission on the folder, when i do this, i got the error mentionned below, and use ntdsutil to check integrity, and everything was ok.

All seem to go ok till I came to log on to the restored server, I get the error

Error description:
"lsass.exe system error" Directory services could not start because of the following error: The specified network password is not correct error status 0x000006A Please click OK to shutdown this system & reboot into Directory Services Restore Mode & check the event log for more detailed information.

When i try Ntbackup with restore the systate, i got so many many errors. And the AD did not start. i don't know where to begin for that ...

By the way, did somebody know a good free application to transfert the AD from a sbs 2003 server to a fresh new install of it and works simple?

  • 3
  • 2

Expert Comment

ID: 26117849
Hi, questions
do you have another Dc? if yes then yust run dcpromo and add this dc to your existing domain
did you use the same computer name of on your restored  dc?
did you Seize the FMSO  role to another domain controller?
follow this guide from microsoft


Author Comment

ID: 26119717
Hi Jose.

Question #1 :I don't have any other DC.
Question #2: Yes i have the same computer name.
Question #3: No

Do you think, if i restore the sbs 2003 image from acronis to a virtual session (vmware), i can join the other fresh install of sbs2003 and run dcpromo if they are on the same network?

If yes,

on my fresh install of sbs2003 (it's already a domaine controller AD)
first: i will run dcpromo to remove the AD.
second : i will rename the computer name
third : join the server to the domain on the virtual machine.
fourth : run the dcpromo.
five : when the dcpromo will be done, did i will need to change the computer name to the one it's supposed to be. how can i roolback to the usual computer name after the server will be promoted?

To you think that will work like this.

Question : it is possible to join a server with sbs2003 and have two domain controller on the same network (after running dcpromo on the fesh install)?

It's just because i know that, you can't permit to use trust relashionship with sbs2003 for different domain. I know is not the same thing, but i don't whant to make all the procedure if i'm not able to doing this...

Thanks a lot


Expert Comment

ID: 26119825

did you have a complete image of your Dc server with  acronis? if yes then you don't need to use directory services restore mode,because this server is  the only Dc, dns server etc, then just restore the image using acronis and your domain will be back(probably losses some accounts or groups created unless you image is very recently)
about your question :Question : it is possible to join a server with sbs2003 and have two domain controller on the same network (after running dcpromo on the fresh install)? yes you can  have several dcs on your domain

Author Comment

ID: 26120062
The problem is that my sbs 2003 installation (full acronis image) have many problem when operate.


That why a made a new fresh sbs2003 install, and want to restore only the AD on and restart as a clean install.

Accepted Solution

jgpd earned 2000 total points
ID: 26120231
this is my recommendations
recommendation 1-  restore the acronis image on your server,
add another DC (run dcrpomo,virtual if you don't have another physical box)  seize all the roles to this new Dc
here is the guide to do the job
once the secondary Dcs have all the roles and the replication work good,then demote the Original Dc(run dcpromo to remove this server)  install windows OS  from scratch  on this server and join as secondary domain controller on   to your AD domain(dcpromo), seize all the roles from the virtual to your new Dcs(as last step if you want you can then remove the virtual Dc, I recommends to keep it juts in case if you needed in the future)

extracted from here http://technet.microsoft.com/en-us/library/bb727062.aspx#E0YB0AA

Recommendation 2.-  Install win OS from the scratch (same computer name,same partitons)
To prepare a domain controller for non-authoritative SYSVOL restore

   1.In the Run dialog box, type regedit and then click OK.
   2.Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters
   3.Expand Parameters.
   4.Modify one of the BurFlags entries as follows:

      To modify the global BurFlags entry:
          *Expand Backup/Restore and then click Process at Startup.

            To modify the replica-set-specific BurFlags entry:
          *Expand both Cumulative Replica Sets and Replica Sets.
          *Match the GUID under Replica Sets to the identical GUID under Cumulative Replica Sets, and click the matching GUID under Cumulative Replica Sets.

   1.In the details pane, double-click BurFlags.
   2.In the Value data box, type D2 hexadecimal or 210 decimal, and then click OK.
 Restore from backup media  
In Directory Services Restore Mode, start the Windows 2000 Server Backup utility. Click Start, point to Programs, then point to Accessories, then point to System Tools, and then click Backup.
Click the Restore Wizard button, and then click Next.
Select the appropriate backup location and ensure that at least the System disk and SystemState containers are selected.
Click the Advanced button. If you do not go through the advanced menu, the restore process will not be successful.
Select Original Location in the Restore Files to list, and then click Next.
In the Advanced Restore Options window, check the boxes for:  
Restore security.
  • Restore junction points, and restore file and folder data under junction points to the original location.
  • Preserve existing volume mount points.
  • For a primary restore of SYSVOL, also check the following box. A primary restore is only required if the domain controller you are restoring is the only domain controller in the domain.
  • When restoring replicated data sets, mark the restored data as the primary data for all replicas.
  • Click Finish.
  • When the restore is complete, click Close, and then click Yes to restart the computer.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Learn how to use the free Acronis True Image app to easily transfer data between iPhones and Android phones.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Screencast - Getting to Know the Pipeline

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question