Isass.exe - System Error -DC, Server 2003

Posted on 2014-01-13
Last Modified: 2014-01-28
I have a 2003 server which is a DC.

One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5

Once the server boots, just before the login screen the following appears -

Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1

I tried last know good configuration but this did not work.

I have another working DC.

Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.

Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
Question by:APC_40
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Accepted Solution

Ratnesh Mishra earned 500 total points
ID: 39777109
The above mentioned article will help you a lot ,doesnot matter much if its not SBS 2003 .
The issue happens due to ntds.dit [AD database] corruption.
Best is to boot it in DSRM mode and run AD database repair and defrag and then boot in normal mode.

Note: command to repair
esentutl /p “C:\windows\ntds\ntds.dit”

This will be helpfull in case you forget DSRM password.

Author Comment

ID: 39777668
Hi thanks for the tips, very good. The instructions you have quoted relate to the offline defrag but not the repair. At what stage would I enter ;esentutl /p “C:\windows\ntds\ntds.dit” - before or after the defrag. i take it this will not affect my other working domain controller?

Expert Comment

by:Ratnesh Mishra
ID: 39777699
Defrag is always after repair  in both AD database as well as Exchange Database. So will suggest you to go and perform defrag after repair once you get the hold of AD database file. Apart from this I will always suggest you to take a backup copy of existing database in separate folder.
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.


Author Comment

ID: 39777765
Thanks, have you got a link to a walkthrough regarding the repair? You mean backup the system state on my other good DC before doing this? Good advice by the way - very helpful

Expert Comment

by:Ratnesh Mishra
ID: 39777805
When you received the error , 1st step the valid one to go with Last known good configuration [LKGC] . If it failed with the mentioned error then try booting in DSRM mode, since your AD database is corrupt , you will be able to boot in DSRM mode as in this mode AD services are not running and AD database is not required at the boot time.

Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS

Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2.  Check the integrity of Database integrity, it should give you corrupted error
esentutl /g c:\windows\ntds\ntds.dit
Step 3. REpair the Active Directory database by running the command in the same place on command prompt
esentutl /p “C:\windows\ntds\ntds.dit”
Step 4. Move the existing AD logs file to the backup file , means Move all files except ntds.dit file to the ADBDbackup folder

After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.

Author Comment

ID: 39777900
Excellent, that's just what I was looking for regarding the repair.This will not affect the other DC's database, right?

Expert Comment

by:Ratnesh Mishra
ID: 39777932
yes , this will not effect any other database. Even if you think, you may lose any data you can take system state backup of the latest working of another DC machine and in case [which is not possible] you think you have lost data you can restore it authoritatively.

If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.

Author Comment

ID: 39777974
Excellent. I try this out tomorrow and fingers crossed I'll have my DC recovered - thanks again

Author Closing Comment

ID: 39816244
Excellent answer - many thanks. In the end i had to rebuild from scratch as the RAID had wiped out the AD logs.

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question