AD Error : Directory Service cannot start. Error Status:0xC00002e1

Discussion in 'Active Directory' started by Gislain R., Apr 19, 2004.

  1. Gislain R.

    Gislain R. Guest

    Hello,

    On 2003 test server, it display this error msg :

    "Security Accounts Manager initialisation failed because of the following
    error : Directory Service cannot start. Error Status:0xC00002e1. Please
    click OK to shutdown this system and reboot into Directory Services Restore
    Mode, check the event log for more detailed information"

    I haven't any "System Status" backup...

    What is the solution, before i re-install the server.


    Thank's by advance.

    Gislain
     
    Gislain R., Apr 19, 2004
    #1
    1. Advertisements

  2. Boot into DS Restore mode. What do you see in the DS event log?

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Apr 19, 2004
    #2
    1. Advertisements

  3. Gislain R.

    Gislain R. Guest

    Hello,
    A french guy, said that without backup, i could not restore my DC. So, like
    it's a test server, i re-install it.
    Should it's possible to have a different solution ?

    Gislain
     
    Gislain R., Apr 19, 2004
    #3
  4. DS may not start for a variety of reasons. Some can be recovered from, other
    can not. It usually logs the reason for the failure in the DS log.

    Scrapping the DC always works.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Apr 20, 2004
    #4
  5. Hi Gislain,

    Thanks for your posting here.

    First please check if you find any event error in the Directory Restore
    mode.

    In general, the problem can occur if the permissions on the NTDS and Sysvol
    folder are incorrect. You can try these steps to check.

    1. Reboot the server and press F8. Choose Directory Services Restore Mode
    from the Menu.
    2. Check the physical location of the Winnt\NTDS\ folder.
    3. Check the permissions on the \Winnt\NTDS folder. The default
    permissions are:

    Administrators - Full Control
    System - Full Control

    4. Check the permissions on the Winnt\Sysvol\Sysvol share. The default
    permissions are:

    NTFS Permissions:
    Administrators - Full Control
    Authenticated Users - Read & Execute, List Folder Contents, Read
    Creator Owner - none
    Server Operators - Read & Execute, List Folder Contents, Read
    System - Full Control

    Note: You may not be able to change the permissions on these folders if he
    Active Directory database is unavailable because it is damaged, however it
    is best to know if the permissions are set correctly before you start the
    recovery process, as it may not be the database that is the problem.

    5. Check the permissions on the root of the C:\ drive or the drive where
    the NTDS folder is located. Default NTFS permissions are:

    Everyone = full control

    Note: In some cases it may be necessary to add the Administrator and
    System accounts with Full Control.

    6. Make sure there is a folder in the Sysvol share labeled with the
    correct name for the domain.

    In addition, you can also refer to the following article for more
    information.

    258007 Error Message: Lsass.exe - System Error : Security Accounts Manager
    http://support.microsoft.com/?id=258007

    Wish it helps.

    Regards,
    Bob Qin
    Product Support Services
    Microsoft Corporation

    Get Secure! - www.microsoft.com/security

    ====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    ====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Bob Qin [MSFT], Apr 20, 2004
    #5
  6. Just to add to Bob's steps
    if all else fails

    Boot into DS Restore Mode and from the command prompt run the following

    ESENTUTL /g "<path>\NTDS.dit" /!10240 /8 /v /x /o <enter>
    (Note: Type the path without the quotes).

    Then delete all the .log files from the NTDS folder and reboot

    Hope this helps,
    Richard
     
    Richard Sweetnam, Apr 23, 2004
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.