AD Crashed
Yesterday I installed Sophos Enterprise Manager on my 2003 R2 server it rebooted about 4 different times and everything seemed fine. After I came back from lunch the server started rebooting itself. I finally got it to boot up but it had an error:
"Security Accounts Manager initilization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown the system and reboot into Directory Services Restore Mode, check the event log for more detailed information."
So I rebooted into Directory Service Restore Mode and ran ntdsutil files integrity. - result was CORRUPTED!
So per a MS article I tried ntdsutil "sem d a go" it said it had a DBIniitialization soemthing could not open Jet database.
Well I read an article that said if I had a secondary domain controller to seize the master with it so on my secondary controlloer I went to ntdsutil and connected to the domaon controlloer and did the "seize rid master" that is all I typed so not sure if it did anything or not.
So later my cousin showed up and suggested I reboot to last known configuration. So I did and it booted up and Sophos is gone. Now I cant access any of the folder shares and when I try to go to Active Directory Computers and Users it tells me the mmc is missing. I can get to Active Directory Domains and Trusts and both ADs are listed.
When I pull up Active Directory Users and Computers on the secondary it lists everyone just fine.
ANything I can do to get the AD running smooth again?
"Security Accounts Manager initilization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown the system and reboot into Directory Services Restore Mode, check the event log for more detailed information."
So I rebooted into Directory Service Restore Mode and ran ntdsutil files integrity. - result was CORRUPTED!
So per a MS article I tried ntdsutil "sem d a go" it said it had a DBIniitialization soemthing could not open Jet database.
Well I read an article that said if I had a secondary domain controller to seize the master with it so on my secondary controlloer I went to ntdsutil and connected to the domaon controlloer and did the "seize rid master" that is all I typed so not sure if it did anything or not.
So later my cousin showed up and suggested I reboot to last known configuration. So I did and it booted up and Sophos is gone. Now I cant access any of the folder shares and when I try to go to Active Directory Computers and Users it tells me the mmc is missing. I can get to Active Directory Domains and Trusts and both ADs are listed.
When I pull up Active Directory Users and Computers on the secondary it lists everyone just fine.
ANything I can do to get the AD running smooth again?
Do you have a copy of your System State?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Too late to use your system state backup.
Follow what MKline72 is suggesting to the letter, except seize the two remaining roles first.
Follow what MKline72 is suggesting to the letter, except seize the two remaining roles first.
ASKER
When I try to connect to the server following the meta data cleanup it tells me
"DsBind error 0x6d9<There are no more endpoints available from the endpoint mapper.>
"DsBind error 0x6d9<There are no more endpoints available from the endpoint mapper.>
Which server you are trying to connect and what did you cean in your matadata?
ASKER
From cmd I typed
Ntdsutil
Metadata cleanup
Connections
Connect to server PlazaFS2 (failed ad)
Do I need to connec to e working one?
Ntdsutil
Metadata cleanup
Connections
Connect to server PlazaFS2 (failed ad)
Do I need to connec to e working one?
Yes connect to working DC, post W2k3 sp1 that should not be needed but for now go forward with that
Thanks
Mike
Thanks
Mike
ASKER
When I do connect to server PlazaWest (working dc) it tells me
DsBindW error 0x6ba<The RPC server is unavailable.>
DsBindW error 0x6ba<The RPC server is unavailable.>
ASKER
Ok I was trying it from the old server, working on good dc
ASKER
This server is also a dc do I need to remove that role or can Ito head and re add ad services?
ASKER
Will this also make the shared folders reappear on the network?
When you add the server back and promote it AD will be installed again. You may have to share out the folders again for the file server.
Thanks
Mike
Thanks
Mike
ASKER
Thanks again all the folder shares are back. I have to use tapes to get the files more current but what I needed is back.
Great work!! ...and tell your cousin he owes you lunch :)