Problem with a backup root domain controller

T

tony.coleman

Can anyone help?

Server has just stopped working - Haven't done a restore
or anything with it but the server is having problems.
I am getting the error:
LSASS.exe - System error

Security accounts manager initialization failed because of
the following error: Directory service cannot start error
status: 0xc00002e1. please click Ok to shutdown this
system and reboot into directory services restore mode,
check the event log for more detailed information.

Event logs:

Event ID 1003 - the windows directory service database
could not be initialized and returned error -550.
Unrecoverable error, the directory can't continue.

Event id 1168 - -550 (fffffdda) has occured (Internal ID
404e0.

I do not have a backup - is there any other solutions - I
have consulted Tech net article 295932 but to no avail.

Thanks in advance for your assistance.

Regards

Tony.
 
J

Jimmy Harper [MSFT]

Hi Tony. It sounds like the AD database (ntds.dit) is probably corrupt
here. However, you should first go through the following articles to make
sure the files are present in the correct location and Admins and SYSTEM
have full control on the files and on every folder in the path:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;258007

http://support.microsoft.com/default.aspx?scid=KB;EN-US;258062

If everything is correct there, the next step is to try a soft recovery of
the database by booting into DS Restore mode and running NTDSUTIL - Files -
Recover. This is outlined in the "How to Recover the Database" section of
the following article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;315131

If AD still fails to load after this, the next step would be to do metadata
clean to remove the server from active directory; then format, reinstall,
and dcpromo it back into the domain - this is assuming that you have at
least one other domain controller in the domain. The process for metadata
cleanup is in the following article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;216498

If this is the only domain controller in the domain, and none of the above
steps work, then the VERY last resort would be to use NTDSUTIL to repair the
database. This process is described in the "How to Repair the Database"
section of the following article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;315131

Note that repairing the database can cause data loss and is only recommended
as a last resort.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SAM initialization failed 2
Active directory will only start in save mode 1
Security Accounts manager init failed 2
nsdsutil can't find database? 9
Active Directory Corruption . . 7
DCPROMO fails from one domain controller 5
Directory Services cannot start 4
Directory services eror message 2

Top