Link to home
Create AccountLog in
Avatar of jzaniewski
jzaniewskiFlag for United States of America

asked on

Active Directory Domain Services starts then stops.

I have a client that lost power during the freak snow storm here in the NE. The system did not shutdown cleanly. Now DNS server service and AD DS service will not start.  As a note, this is the only DC in the environment and the client does not have a backup or an AD emergency restore disk.

The DNS service claims that a dependency service failed to start and the AD DS service starts and stops.

I have been able to login locally using the local administrator account, but when I launch the Server Manager and click on the Active Directory Domain Services Role, it states that "This server is not yet running as a domain controller. Run DCPROMO.exe"

Event Logs have no errors. they only state the following:

Active Directory Domain Services
Event ID 1004
Active Directory Domain Services was shut down successfully.

DNS Server
Event ID 3
The DNS server has shut down

DCDIAG states:
Trying to find home server...
***Error: SERVER is not a Directory Server. Must specify /s:<Directory Server> or /n:<Name Context> or nothing to use the local machine
ERROR: Could not find home server.

Any other tests I've tried through DCDIAG result in similar messages.

I tried running "Last Known Good Config" but that didn't seem to change anything.
I did verify that the NTDS.DIT file does exist but other than what is stated above, I have not made any other changes.

How do I recover this Domain Controller?
Avatar of dave_it
dave_it
Flag of United States of America image

You may need to increase the logging level to get some clues as to what's going on.  DNS and AD DS aren't going to fail to run without some sort of log entry.

Have you tried running DCPromo.exe and seeing what happens?  Is the server still a member of your domain?  Can you run a DCDiag.exe /v /c /e on another AD DS box and post the results?
Avatar of jzaniewski

ASKER

I haven't tried running dcpromo.exe.  I thought that if I did, I could possibly make things worse.
The server is still joined to the domain but this server is the only DC on the network.  The only other server is a member server running Remote Desktop Host Services.
Yes, I did run dcdiag /v /c /e and it came up the "Trying to find the home server..." message stated above.
ASKER CERTIFIED SOLUTION
Avatar of abhijitwaikar
abhijitwaikar
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
I do have the DSRM password but do not have a system state backup.
Also one think I want to suggest you, check the DNS pointing in TCP/IP property of server's NIC.

As its a only DC it should point its private IP (not loopback 127.0.0.1) address as primary DNS.
The NIC was pointed to the localhost.  I changed it to the NIC's IP. Unfortunately, this didn't change the issue. The services still won't start.
That was just best practice.

YOu said the system did not shutdown cleanly so you may login into DSRM mode or its 2008 so normal mode fine just make sure he AD DS is stopped and check the AD database consistancy.

If its corrupted, you will need to repair and defrag the AD database.
http://support.microsoft.com/kb/258062
I was able to logon to DSRM.  When I try to execute the command "ntdsutil files info" I get Active Instance not set. To set an active instance use "Activate Instance".
When I type that in I get "Invalid Syntax"  Googling the error indicates that I need to enter "Activate Instance NTDS".  This set the instance to "NTDS".
Whe I type "files info", I get another "Invalid Syntax" error.  I can type "files" without a problem.  This brings me to a "files maintenance:" prompt. Trying "Info" I get the proper information. I also ran an Integrity check on the DB and it was successful. I tried to run a semantic database analysis, but I get another "Invalid Syntax".  I'm currently Googling that for the correct syntax.
To get into the semantic database analysis, I needed to type "semantic database analysis" at the ntdsutil prompt. Checking the quota indicated no errors.  I ran an analysis by typing "go".

This was the result:
Summary:
Active Objects 3492
Phantoms 2
Deleted 47
Security Descriptor summary:
SD count 96
Total SD size before single-instance: 1139 kb
Total SD size after single-instance: 99 kb

Use esentutl command.

ESENTUTL /d "database path"

ESENTUTL /p "database path"

http://ramannanda.blogspot.com/2009/04/esentutl-utility-repairdefragmentbackup.html
First check integrity using ESENTUTL /g "database path", if error found then go for repair- ESENTUTL /p "database path"
 next Defrag-  ESENTUTL /d "database path"

Something I just realized... I looks like the NetBIOS name on the server has changed.  It no longer matches the "Computer Name".  Is there a way to change it back? It's greyed out in "Computer Name / More button"
I executed the command ESENTUTL /g "c:\windows\ntds\ntds.dit" and was completed successfully, as was the command ESENTUTL /d "c:\windows\ntds\ntds.dit".

I'm going to try a reboot and see what happens.
Did you repair the database? or it was clean in ESENTUTL /g?
The DB was clean.
No go. Same problem.  
Avatar of Sandesh Dubey
It seems that the event log service is also not sarting you can check the below link it will be helpful.

http://forums.whirlpool.net.au/archive/1533833
http://support.microsoft.com/kb/971256
http://www.tomshardware.com/forum/192894-46-error-1717-interface-unknown

jzaniewski - Are there any other services that are not starting at boot?
I didn't have a choice but to completely rebuild the domain. A real pain, but luckily it was only a 20 user environment with very little in the way of network printers, folder shares and policies.

It would have been great to figure out what the problem actually was without having to go though all that but the client needed their server back up and running asap.

Thanks everyone for the help.



Although the Expert helping me was knowledgable, the issue was unique.  I issue a "B" grade because the issue was never rectified and the conversation died out.