asked on
Isass.exe - System Error -DC, Server 2003
I have a 2003 server which is a DC.
One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5
Once the server boots, just before the login screen the following appears -
Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1
I tried last know good configuration but this did not work.
I have another working DC.
Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.
Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5
Once the server boots, just before the login screen the following appears -
Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1
I tried last know good configuration but this did not work.
I have another working DC.
Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.
Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
Microsoft Legacy OS
Last Comment
APC_40
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi thanks for the tips, very good. The instructions you have quoted relate to the offline defrag but not the repair. At what stage would I enter ;esentutl /p “C:\windows\ntds\ntds.dit”
Defrag is always after repair in both AD database as well as Exchange Database. So will suggest you to go and perform defrag after repair once you get the hold of AD database file. Apart from this I will always suggest you to take a backup copy of existing database in separate folder.
ASKER
Thanks, have you got a link to a walkthrough regarding the repair? You mean backup the system state on my other good DC before doing this? Good advice by the way - very helpful
When you received the error , 1st step the valid one to go with Last known good configuration [LKGC] . If it failed with the mentioned error then try booting in DSRM mode, since your AD database is corrupt , you will be able to boot in DSRM mode as in this mode AD services are not running and AD database is not required at the boot time.
Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS
Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2. Check the integrity of Database integrity, it should give you corrupted error
After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.
Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS
Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2. Check the integrity of Database integrity, it should give you corrupted error
esentutl /g c:\windows\ntds\ntds.ditStep 3. REpair the Active Directory database by running the command in the same place on command prompt
esentutl /p “C:\windows\ntds\ntds.dit”Step 4. Move the existing AD logs file to the backup file , means Move all files except ntds.dit file to the ADBDbackup folder
After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.
ASKER
Excellent, that's just what I was looking for regarding the repair.This will not affect the other DC's database, right?
yes , this will not effect any other database. Even if you think, you may lose any data you can take system state backup of the latest working of another DC machine and in case [which is not possible] you think you have lost data you can restore it authoritatively.
If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.
If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.
ASKER
Excellent. I try this out tomorrow and fingers crossed I'll have my DC recovered - thanks again
ASKER
Excellent answer - many thanks. In the end i had to rebuild from scratch as the RAID had wiped out the AD logs.