NTDSA.DLL: Corrupt and Unreadable
Posted on 2011-04-28
After applying Windows Updates this last Saturday to a Windows Server 2003 box (which is a domain controller, Exchange 2003 server, and backup server running Symantec Backup Exec 12.5), our backups have been failing. After placing Backup Exec in debug mode, I determined that one file is corrupt or unreadable: C:\Windows\System32\dllcache\ntdsa.dll. NTBackup can backup that file just fine.
I am able to perform operations on every other file within the dllcache folder, but I cannot rename, delete, or copy ntdsa.dll.
chkdsk does refer to ntdsa.dll:
The type of the file system is NTFS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
386416 file records processed.
File verification completed.
216 large file records processed.
0 bad file records processed.
0 EA records processed.
4 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
46 percent complete. (814147 of 1425650 index entries processed)
Deleting index entry ntdsa.dll in index $I30 of file 4630.
1425650 index entries processed.
Index verification completed.
Errors found. CHKDSK cannot continue in read-only mode.
Also, anytime that file is touched, there are several events logged in the system log of ID 55, with a source of NTFS that read as follows:
"The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume1."
When it is a backup job that attempts to backup that file (via the System State), the volume is listed as \Device\HarddiskVolumeShadowCopyX, where 'X' is a number that increments by one each time the backup runs.
Any ideas on how I can replace that file, ideally without rebuilding the entire server? Do I need to run chkdsk with the /f switch? This server is running on a hardware RAID-5 array, by the way.