ntdsutil.exe problem

Y

Yves Gourlé

Hi,

On a DC win2000 sp2, after rebooting the server (reboot made via Terminal
Services) I get this error message :

lsass.exe system error, security accounts manager initialization failed
because of the following error : Directory services cannot start. Error
status 0xc00002e1
Please clicl ok to shutdown and reboot into directory services restore mode
[...]

I have then no other choice than rebooting.

I have searched in the Microsoft KB and found some articles to resolve this,
but all say to use ntdsutil.exe in directory services restore mode to
recover or repair the file ntds.dit
But each time I use ntdsutil I get this message : DBInitializeJetDatabase
has failed [unable to access to the file]
The file exists (if I delete it the error message changes) and everyone has
total control on it. I also has given total control for everyone to c:\winnt
and d:\winnt\ntds (active directory is in that folder)

I have no backup of the system state (problem occured some houres after the
dcpromo) but there is another DC working fine.

Is there something to do to repair, or, at least, to erase active directory
from this server (into directory services restore mode - I cann't use
dcpromo) before to reinstall (the problem is that there are applications on
the server)

Thanks for your help (and I apologize for the poor quality of my English)

Yves G.
 
T

Tim Springston [MS]

Hi Yves-

If the file is irreparable then you can remove this server from your AD per
the steps int he KB article below:

216498 How to remove data in Active Directory after an unsuccessful domain
http://support.microsoft.com/?id=216498

You also want to make sure that ll FSMO roles are on the remaining domain
controller, and that it has DNS installed on it and that the domain clients
are configured to look to that DNS server for name resolution.

255504 Using Ntdsutil.exe to seize or transfer FSMO roles to a domain
controller
http://support.microsoft.com/?id=255504

As far as the problem server, you can format and reinstall it, then
repromote it it once the steps in the first article above are complte
(216498). You can alternatively do the steps in the article below:

332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199

Please repost if you have any additional questions or concerns.
 
J

Joe Richards [MVP]

It would appear your DIT is corrupt beyond use. The DC is toast, remove it from
AD via the KB articles for failed demotions, rebuild the server and repromote.
Note I would look very closely for disk subsystem issues.

joe
 
G

Gautam Anand

And make sure you take a complete and a SystemState Backup soon as you
got everything running right.

And a backup plan for the following days to come as well.

Your AD backup is good for only 60 Days (tombstone period).

--
Gautam Anand
e: gautam at hotpop dot com
---------------------------------
| Hi,
|
| On a DC win2000 sp2, after rebooting the server (reboot made via
Terminal
| Services) I get this error message :
|
| lsass.exe system error, security accounts manager initialization
failed
| because of the following error : Directory services cannot start.
Error
| status 0xc00002e1
| Please clicl ok to shutdown and reboot into directory services
restore mode
| [...]
|
| I have then no other choice than rebooting.
|
| I have searched in the Microsoft KB and found some articles to
resolve this,
| but all say to use ntdsutil.exe in directory services restore mode
to
| recover or repair the file ntds.dit
| But each time I use ntdsutil I get this message :
DBInitializeJetDatabase
| has failed [unable to access to the file]
| The file exists (if I delete it the error message changes) and
everyone has
| total control on it. I also has given total control for everyone to
c:\winnt
| and d:\winnt\ntds (active directory is in that folder)
|
| I have no backup of the system state (problem occured some houres
after the
| dcpromo) but there is another DC working fine.
|
| Is there something to do to repair, or, at least, to erase active
directory
| from this server (into directory services restore mode - I cann't
use
| dcpromo) before to reinstall (the problem is that there are
applications on
| the server)
|
| Thanks for your help (and I apologize for the poor quality of my
English)
|
| Yves G.
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Directory Services cannot start 4
ntdsutil.exe 1
Problems with NTDS.DIT and lsass.exe errors 11
Security Accounts manager init failed 2
removing active directory when "directory services cannot start" 2
Active Directory Corruption . . 7
nsdsutil can't find database? 9
Cannot Login to private configuration server 9

Top