AD Crashed

dpickard
dpickard used Ask the Experts™
on
Yesterday I installed Sophos Enterprise Manager on my 2003 R2 server it rebooted about 4 different times and everything seemed fine. After I came back from lunch the server started rebooting itself. I finally got it to boot up but it had an error:

 "Security Accounts Manager initilization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown the system and reboot into Directory Services Restore Mode, check the event log for more detailed information."

So I rebooted into Directory Service Restore Mode and ran ntdsutil files integrity. - result was CORRUPTED!

So per a MS article I tried ntdsutil "sem d a go" it said it had a DBIniitialization soemthing could not open Jet database.

Well I read an article that said if I had a secondary domain controller to seize the master with it so on my secondary controlloer I went to ntdsutil and connected to the domaon controlloer and did the "seize rid master" that is all I typed so not sure if it did anything or not.

So later my cousin showed up and suggested I reboot to last known configuration. So I did and it booted up and Sophos is gone. Now I cant access any of the folder shares and when I try to go to Active Directory Computers and Users it tells me the mmc is missing. I can get to Active Directory Domains and Trusts and both ADs are listed.

When I pull up Active Directory Users and Computers on the secondary it lists everyone just fine.

ANything I can do to get the AD running smooth again?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Do you have a copy of your System State?
Top Expert 2013
Commented:
Did that DC hold any other FSMO roles?  Did you seize them.   Now that you have seized that RID master that original DC should not be restored or brought backup.

What you can do is demote it (forecfully)  dcpromo /forceremoval

Seize the rest of the roles if there were any

Metadata cleanup of that DC in AD   http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Then add it back to the domain and promote.

Thanks

Mike

Commented:
Too late to use your system state backup.
Follow what MKline72 is suggesting to the letter, except seize the two remaining roles first.

Author

Commented:
When I try to connect to the server following the meta data cleanup it tells me
"DsBind error 0x6d9<There are no more endpoints available from the endpoint mapper.>

Commented:
Which server you are trying to connect and what did you cean in your matadata?

Author

Commented:
From cmd I typed
Ntdsutil
Metadata cleanup
Connections
Connect to server PlazaFS2 (failed ad)

Do I need to connec to e working one?
Top Expert 2013

Commented:
Yes connect to working DC,  post W2k3 sp1 that should not be needed but for now go forward with that


Thanks

Mike

Author

Commented:
When I do connect to server PlazaWest (working dc) it tells me
DsBindW error 0x6ba<The RPC server is unavailable.>

Author

Commented:
Ok I was trying it from the old server, working on good dc

Author

Commented:
This server is also a dc do I need to remove that role or can Ito head and re add ad services?

Author

Commented:
Will this also make the shared folders reappear on the network?
Top Expert 2013

Commented:
When you add the server back and promote it AD will be installed again.  You may have to share out the folders again for the file server.

Thanks

Mike

Author

Commented:
Thanks again all the folder shares are back. I have to use tapes to get the files more current but what I needed is back.
Top Expert 2013

Commented:
Great work!! ...and tell your cousin he owes you lunch :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial