0xc00002e1 Nightmare -- AKA the incorrect Drive Mapping that would not Die.

Discussion in 'Active Directory' started by MarkS, May 18, 2004.

  1. MarkS

    MarkS Guest

    Thank you in advance.

    I received the 0xc00002e1 SAM error on one of my two DCs (Server C). It is
    the first DC, and I believe that it may have configuaration settings that I
    do not want to lose (both have the GCS, but I believe that only Server C has
    certain "Operations Master" settings).

    When I attempted to go into DS restore mode, I received a no paging file
    error. So I attempted recovery console, then repair under windows setup
    using the Win2k CD. The only change was to receive the 0xc00002e1 error in
    DS restore mode instead of the paging file error.

    I would normally just restore the system state from backup, but the win2k
    schema was updated with forest prep and domain prep to allow a second
    Windows 2003 server to act as a DC. Since we are still running Veritas 8.5
    (which does not recognize 2003), I am not sure that I even trust the system
    state backups that I have. I could just restore the files on the C drive
    and hope for the best.

    NOW, getting to the question. A combination of 0xc00002e1 and paging file
    led me to believe that it was a problem with drive mappings. I placed an
    alternate stand alone OS on the C drive, and used ntdsutil and hive loading
    from the original system to check out the
    LM\SYSTEM\ControlSet001\Services\NTDS\Parameters settings. Server C ought
    to have only C:\ (for OS) and E:\ (for home and public shares). The NTDS
    parameter settings showed pathes to an F:\ that should not exist. AH HAH!

    But after changing the settings, unloading the hive, and rebooting, I still
    received the 0xc00002e1 error. Going back into the old system (via
    regedt32), I found that the NTDS parameters were changed back to F:\. After
    further investigation, I found the DosDevices setting that was causing a
    mapping to an F:\ device. At this point I suspected that during reboot when
    no C:\ device was found, it simply remapped the parameters to F:\. I then
    changed both the NTDS parameters and DosDevices key, unloaded the hive, and
    rebooted.

    Unbelievable! I received the 0xc00002e1 error again. I checked the hive
    keys again from the alternate OS, and the NTDS parameters were back to F:\
    and so was the \MountedDevices\DOSDevices\F: key. I then browsed to Panda
    to perform an online virus scan. It detected nothing. NOW THE QUESTION.
    What else could be causing this drive mapping error?

    Does anyone have a wooden stake?

    I guess I could just give up and attempt the restore with a questionable
    system state backup.
     
    MarkS, May 18, 2004
    #1
    1. Advertisements

  2. MarkS

    MarkS Guest

    I now went into to regedit and found instance of F: or F:\ in the old OS
    hives of System, Software, SAM, and every ntuser.dat that I could find. I
    then changed them to C:\. They all changed back to F:\.

    What could be causing this?????

    Thanks,

    Mark
     
    MarkS, May 18, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.