Isass.exe - System Error -DC, Server 2003

Posted on 2014-01-13
Last Modified: 2014-01-28
I have a 2003 server which is a DC.

One of the disks has appeared to have failed. There are 7 disks. Two mirrored for the C drive and the other 5 in RAID 5

Once the server boots, just before the login screen the following appears -

Isass.exe - System Error
Security Accounts Manager initialization failed because of the following
error: Directory Services cannot start. Error status: 0xc00002e1

I tried last know good configuration but this did not work.

I have another working DC.

Firstly, only one disk has appeared to fail on the first logical volume (C drive). The volume is mirrored so I can not work out why AD looks to be screwed? I have a backup of the data but not the servers system state. At least I suspect the system state was not being backed up. i would only know this after installing a tape drive and looking at the tape backup.

Secondly, Apart from removing the DC and then rebuilding it, can anyone offer any words of advice?
Question by:APC_40
  • 5
  • 4

Accepted Solution

Ratnesh Mishra earned 500 total points
ID: 39777109
The above mentioned article will help you a lot ,doesnot matter much if its not SBS 2003 .
The issue happens due to ntds.dit [AD database] corruption.
Best is to boot it in DSRM mode and run AD database repair and defrag and then boot in normal mode.

Note: command to repair
esentutl /p “C:\windows\ntds\ntds.dit”

This will be helpfull in case you forget DSRM password.

Author Comment

ID: 39777668
Hi thanks for the tips, very good. The instructions you have quoted relate to the offline defrag but not the repair. At what stage would I enter ;esentutl /p “C:\windows\ntds\ntds.dit” - before or after the defrag. i take it this will not affect my other working domain controller?

Expert Comment

by:Ratnesh Mishra
ID: 39777699
Defrag is always after repair  in both AD database as well as Exchange Database. So will suggest you to go and perform defrag after repair once you get the hold of AD database file. Apart from this I will always suggest you to take a backup copy of existing database in separate folder.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 39777765
Thanks, have you got a link to a walkthrough regarding the repair? You mean backup the system state on my other good DC before doing this? Good advice by the way - very helpful

Expert Comment

by:Ratnesh Mishra
ID: 39777805
When you received the error , 1st step the valid one to go with Last known good configuration [LKGC] . If it failed with the mentioned error then try booting in DSRM mode, since your AD database is corrupt , you will be able to boot in DSRM mode as in this mode AD services are not running and AD database is not required at the boot time.

Once you are on desktop in DSRM mode , please open a command prompt .
Navigate to the ntds.dit file which is by default in <boot Directory>:\Windows\NTDS

Step 1 : Create a folder named ADDBbackup and copy the ntds.dit file to the folder created.
Step 2.  Check the integrity of Database integrity, it should give you corrupted error
esentutl /g c:\windows\ntds\ntds.dit
Step 3. REpair the Active Directory database by running the command in the same place on command prompt
esentutl /p “C:\windows\ntds\ntds.dit”
Step 4. Move the existing AD logs file to the backup file , means Move all files except ntds.dit file to the ADBDbackup folder

After performing the mentioned task you may re-run the STEP 2 command to verify the integrity of the database however would suggest to reboot the machine in normal mode to verify if it resolves the issue or not.

Author Comment

ID: 39777900
Excellent, that's just what I was looking for regarding the repair.This will not affect the other DC's database, right?

Expert Comment

by:Ratnesh Mishra
ID: 39777932
yes , this will not effect any other database. Even if you think, you may lose any data you can take system state backup of the latest working of another DC machine and in case [which is not possible] you think you have lost data you can restore it authoritatively.

If you want to check before putting the DC back in production , you can simply unplug the network cable from the trouble-facing DC and when you find that everything is working fine and data is up-to-date. You can plug the network cable.

Author Comment

ID: 39777974
Excellent. I try this out tomorrow and fingers crossed I'll have my DC recovered - thanks again

Author Closing Comment

ID: 39816244
Excellent answer - many thanks. In the end i had to rebuild from scratch as the RAID had wiped out the AD logs.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question