Full restore to Windows 2003 with Active Directory

M

Maida Dunn

I have Netbackup and did a full restore to my DC from a tape backup.
Everything was restored including the System State. Now when I boot up I get
the following message

Lsass.exe System Error
Directory Service could not start because of the following error. A
transaction recover failed.

I went into Directory service restore mode and ran the following

ntdsutil
files
recover
quit

I'm still getting the same error. How can I fix this and what is the proper
procedure for a restore.

Thanks for all you help!!!!!
 
D

David Brandt [MSFT]

What error was associated with the lsass, was it 0xc0000227, 2E1, etc.
In ntdsutil in dsrestore mode go into files/info and verify that the path
you see for ntds.dit, logs, etc matches up with the same path/s you see when
you view those in the registry under
hklm\system\ccs\services\ntds\parameters.
Also verify that the ntds folder has at least admins and system with FC.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
M

Maida Dunn

The folder permissions our correct also. Thanks

David Brandt said:
What error was associated with the lsass, was it 0xc0000227, 2E1, etc.
In ntdsutil in dsrestore mode go into files/info and verify that the path
you see for ntds.dit, logs, etc matches up with the same path/s you see when
you view those in the registry under
hklm\system\ccs\services\ntds\parameters.
Also verify that the ntds folder has at least admins and system with FC.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
Click to expand...
 
D

David Brandt [MSFT]

I don't know if this is an IBM box running Tivoli, but if so, then you may
want to contact IBM. Aside from that, it appears that the ntds.dit may be
corrupted. Bad backup, bad restore, etc but hard to tell at this point.
You can run the "repair" in ntdsutil to see if that will get it going, but a
lot of cases that I saw with this ended up with the dc either being
reinstalled, or preferably, demoted and then re-promoted back to dc which
appears to have resolved a lot of them. If it holds fsmo roles and will
demote gracefull, good, but if not then they will need to be seized to
another dc and then force demoted and a metadata cleanup done before
re-introducing it back in. If the other dc is not already a gc, then it
will need to be made one as well.

255504 Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain
Controller
http://support.microsoft.com/?id=255504

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498

332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
M

Maida Dunn

It's a Dell box no Tivoli should a restore from a tape back using a third
party call Veritas NetBackup DataCenter work. (Thanks for your help)
 
M

Maida Dunn

One more thing please - the online help states you need:
a.. To restore the System State data on a domain controller, you must first
start your computer in Directory Services Restore Mode. This will allow you
to restore the SYSVOL directory and the Active Directory.

Then a full restore from Veritas Nebackup wouldn't work because it has to be
connected to the network. Is this correct?

Confused - sorry
 
D

David Brandt [MSFT]

You do Have to be in ds restore mode to restore the system state. If
veritas nees to be on the box in order to do the restore, then you may need
to install it on that machine while in safe/ds restoer mode.

--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
M

Maida Dunn

Hi David,
If you unable to bring the machine up what would be the correct recovery
process?
The DC has Active Directory, WINS, DHCP and DNS
My NT 4.0 restore was pretty easy. re-installed NT4.0 installed Netbackup
and did a full restore.
 
M

Maida Dunn

One more question:
If I have AD installed should I install it on another machine to act as a
backup AD?
I've been reading how to uninstall AD but you'll loose all your information
correct?

Thanks again!
 
J

Jeromy Statia [MSFT]

Its always a good idea to have at least 2 Domain Controllers just for this
purpose and failover.

tx

--
Jeromy Statia [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

procedure required for complete active directory restore to aprevious state 9
Directory Services cannot start 4
AD Authoritative Restore Failed 3
ntdsutil.exe problem 3
Directory service cannot start 9
Active Directory Corruption . . 7
authoritative restore of OU -help 1
HELP!!! Can't get past Login screen on DC 1

Top