Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 324
  • Last Modified:

Isass.exe - System Error -DC, Server 2003

I have a 2003 server which is a DC.

One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5

Once the server boots, just before the login screen the following appears -

Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1

I tried last know good configuration but this did not work.

I have another working DC.

Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.

Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
0
APC_40
Asked:
APC_40
  • 5
  • 4
1 Solution
 
Ratnesh MishraCommented:
http://support.microsoft.com/kb/258062
The above mentioned article will help you a lot ,doesnot matter much if its not SBS 2003 .
The issue happens due to ntds.dit [AD database] corruption.
Best is to boot it in DSRM mode and run AD database repair and defrag and then boot in normal mode.

Note: command to repair
esentutl /p “C:\windows\ntds\ntds.dit”

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26392951.html

This will be helpfull in case you forget DSRM password.
0
 
APC_40Author Commented:
Hi thanks for the tips, very good. The instructions you have quoted relate to the offline defrag but not the repair. At what stage would I enter ;esentutl /p “C:\windows\ntds\ntds.dit” - before or after the defrag. i take it this will not affect my other working domain controller?
0
 
Ratnesh MishraCommented:
Defrag is always after repair  in both AD database as well as Exchange Database. So will suggest you to go and perform defrag after repair once you get the hold of AD database file. Apart from this I will always suggest you to take a backup copy of existing database in separate folder.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
APC_40Author Commented:
Thanks, have you got a link to a walkthrough regarding the repair? You mean backup the system state on my other good DC before doing this? Good advice by the way - very helpful
0
 
Ratnesh MishraCommented:
When you received the error , 1st step the valid one to go with Last known good configuration [LKGC] . If it failed with the mentioned error then try booting in DSRM mode, since your AD database is corrupt , you will be able to boot in DSRM mode as in this mode AD services are not running and AD database is not required at the boot time.

Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS

Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2.  Check the integrity of Database integrity, it should give you corrupted error
esentutl /g c:\windows\ntds\ntds.dit
Step 3. REpair the Active Directory database by running the command in the same place on command prompt
esentutl /p “C:\windows\ntds\ntds.dit”
Step 4. Move the existing AD logs file to the backup file , means Move all files except ntds.dit file to the ADBDbackup folder

After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.
0
 
APC_40Author Commented:
Excellent, that's just what I was looking for regarding the repair.This will not affect the other DC's database, right?
0
 
Ratnesh MishraCommented:
yes , this will not effect any other database. Even if you think, you may lose any data you can take system state backup of the latest working of another DC machine and in case [which is not possible] you think you have lost data you can restore it authoritatively.

If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.
0
 
APC_40Author Commented:
Excellent. I try this out tomorrow and fingers crossed I'll have my DC recovered - thanks again
0
 
APC_40Author Commented:
Excellent answer - many thanks. In the end i had to rebuild from scratch as the RAID had wiped out the AD logs.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now