[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can't restore Domain Controller, Shadow Copy expired

Posted on 2013-02-05
7
Medium Priority
?
2,771 Views
Last Modified: 2013-03-28
Hi,

I'm trying to restore a Win Svr 2003 standard SP1 system using Symantec BE 12.5. The server is a Domain Controller. I'm restoring all HD partitions + Shadow copy components and the System State. I am performing the restore in Windows Directory service restore mode as recommended. The restore completes successfully, but when I reboot the system I get:

 "lsass.exe - Security accounts manager initialization failed. Directory service cannot start. Error status 0xc0000Ze1. Reboot into directory service restore mode"

I am able to boot into Directory service restore mode ok, and in Event Viewer I think I've found the source of the problem:

Event Type: Error
Event Source: NTDS Replication
Event Category: Backup
Event ID: 1918
Description: The shadow copy service cannot restore Active Directory because the shadow copy used is too old.   Shadow copy expiration date: 2012-09-02 18:23:48

It's not vital that this server is recovered at this stage because it's a Disaster Recovery machine, but I need to find a way of preventing this happening at the restore point by extending the Shadow copy expiration date.. or any other means! Any help much appreciated.
0
Comment
Question by:fred2k3
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 38854630
Can you check the tombstone lifetime period of your forest?

http://technet.microsoft.com/en-us/library/cc784932(v=ws.10).aspx

You may have gone over that.  Is this an old DC.

Often times in times like these it is easier to rebuild (i.e. delete object/metadata cleanup/promote again)

The DS team had a good blurb on it   http://blogs.technet.com/b/askds/archive/2012/08/24/friday-i-mean-saturday-mail-sack-very-wordy-edition.aspx#rebuildrestore

Thanks

Mike
0
 

Author Comment

by:fred2k3
ID: 38856150
Thank you for the reply Mike.

The Tombstone Lifetime for the forest is set at 180. I'm struggling to make a connection as to why this would cause a problem restoring though.. objects must get deleted all the time and 180 days isn't much considering how many years this server has been running (DR tests in the past haven't exhibited this problem). I will look into the other suggestion.. thanks again.

Does anyone know anything about this Shadow Copy expiration? Google searches haven't proved fruitful for me so far.
0
 
LVL 10

Expert Comment

by:ZenVenky
ID: 38858252
You gave us wrong error code it is not 0xc0000Ze1 it is 0xc00002e1. Check the following links  to work on the issue. I believe that is why Mike didn't gave correct resolution. However check these links.

http://support.microsoft.com/kb/830574

http://support.microsoft.com/kb/258062

Note:-  KB258062 works on 2003STD aswell.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:fred2k3
ID: 38860616
Ah, apologies for the confusion with that error code.

Zenvenky - thanks for the links.. I have tried that hotfix but it says my Service Pack is already more upto date. Neither article relates to Event ID: 1918 which I'm now positive is the cause of the issue.

Event ID: 1918
Description: The shadow copy service cannot restore Active Directory because the shadow copy used is too old.   Shadow copy expiration date: 2012-09-02 18:23:48

If I boot into Directory service restore mode and change the system clock to before this date I don't get the lsass.exe error (I do get a Windows activation problem but that's a seperate issue) so it's definitely this shadow copy expiry causing the problem.
0
 

Expert Comment

by:TeamLogicIT-MissionViejo
ID: 39029939
Did you ever find a solution to your issue? I amhaving the same problem
0
 

Author Comment

by:fred2k3
ID: 39030190
Hi TeamLogicIT, the problem was that the backup tape was too old and therefore did not restore. Using a more recent tape solved the problem. Hope it helps.
0
 

Author Comment

by:fred2k3
ID: 39030194
I've requested that this question be closed as follows:

Accepted answer: 0 points for fred2k3's comment #a39030190

for the following reason:

No other answers were suitable.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question