Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Isass.exe - System Error -DC, Server 2003

Posted on 2014-01-13
Last Modified: 2014-01-28
I have a 2003 server which is a DC.

One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5

Once the server boots, just before the login screen the following appears -

Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1

I tried last know good configuration but this did not work.

I have another working DC.

Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.

Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
Question by:APC_40
  • 5
  • 4

Accepted Solution

Ratnesh Mishra earned 500 total points
ID: 39777109
The above mentioned article will help you a lot ,doesnot matter much if its not SBS 2003 .
The issue happens due to ntds.dit [AD database] corruption.
Best is to boot it in DSRM mode and run AD database repair and defrag and then boot in normal mode.

Note: command to repair
esentutl /p “C:\windows\ntds\ntds.dit”


This will be helpfull in case you forget DSRM password.

Author Comment

ID: 39777668
Hi thanks for the tips, very good. The instructions you have quoted relate to the offline defrag but not the repair. At what stage would I enter ;esentutl /p “C:\windows\ntds\ntds.dit” - before or after the defrag. i take it this will not affect my other working domain controller?

Expert Comment

by:Ratnesh Mishra
ID: 39777699
Defrag is always after repair  in both AD database as well as Exchange Database. So will suggest you to go and perform defrag after repair once you get the hold of AD database file. Apart from this I will always suggest you to take a backup copy of existing database in separate folder.
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 39777765
Thanks, have you got a link to a walkthrough regarding the repair? You mean backup the system state on my other good DC before doing this? Good advice by the way - very helpful

Expert Comment

by:Ratnesh Mishra
ID: 39777805
When you received the error , 1st step the valid one to go with Last known good configuration [LKGC] . If it failed with the mentioned error then try booting in DSRM mode, since your AD database is corrupt , you will be able to boot in DSRM mode as in this mode AD services are not running and AD database is not required at the boot time.

Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS

Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2.  Check the integrity of Database integrity, it should give you corrupted error
esentutl /g c:\windows\ntds\ntds.dit
Step 3. REpair the Active Directory database by running the command in the same place on command prompt
esentutl /p “C:\windows\ntds\ntds.dit”
Step 4. Move the existing AD logs file to the backup file , means Move all files except ntds.dit file to the ADBDbackup folder

After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.

Author Comment

ID: 39777900
Excellent, that's just what I was looking for regarding the repair.This will not affect the other DC's database, right?

Expert Comment

by:Ratnesh Mishra
ID: 39777932
yes , this will not effect any other database. Even if you think, you may lose any data you can take system state backup of the latest working of another DC machine and in case [which is not possible] you think you have lost data you can restore it authoritatively.

If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.

Author Comment

ID: 39777974
Excellent. I try this out tomorrow and fingers crossed I'll have my DC recovered - thanks again

Author Closing Comment

ID: 39816244
Excellent answer - many thanks. In the end i had to rebuild from scratch as the RAID had wiped out the AD logs.

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
LPT Port to USB Printer Windows 7 23 733
robocopy for file server migration 11 50
Installing OS on Poweredge 2800 Raid 1 97 64
GPO not applied 4 79
This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question