ebd.log corrupted

Discussion in 'Active Directory' started by Minimbah Administrator, Feb 6, 2009.

  1. Hi all,
    I manage the single SBS 2003 server at a small charity on a pro bono basis.
    We have had a serious problem with Active Directory. When the system starts
    up the following error message appears:
    LSASS.EXE - System Error, security accounts manager initialization failed
    because of the following error: Directory Services cannot start. Error
    status 0xc00002e1

    I have followed the troubleshooting steps in the Knowledge Base article
    258062 and the good news appears to be that the NTDSUTIL reports that
    directory database is consistent. The bad news is that it seems that the
    edb.log file is corrupt.

    I tried to perform an offline defragmentation using NTDSUTIL and it failed
    with a Jet error -501. The error messages lin the event viewer look similar
    to the following:
    Event Type: Error

    Event Source: NTDS ISAM

    Event Category: Logging/Recovery

    Event ID: 465

    User: N/A



    NTDS (532) NTDSA: Corruption was detected during soft recovery in logfile

    E:\WINDOWS\NTDS\edb.log. The failing checksum record is located at position

    END. Data not matching the log-file fill pattern first appeared in sector
    xxxx. This logfile has been damaged and is unusable.

    For more information, see Help and Support Center

    There is not another domain controller in the domain and there is not a
    recent system state backup. (The donated server we were using for backups
    across the network fell over a few months ago. These are the challenges of
    trying to keep a network running on a near-zero budget).

    So my questions are simple -
    1) Should I proceed with a lossy recovery of Active Directory as suggested
    in KB 258062?
    2) Given the error messages above, is a lossy recovery even likely to work?
    3) If the lossy recovery option does not work, do I have any other option
    apart from a total rebuild ?

    Any help or suggestions would be greatly appreciated.

    Minimbah Administrator, Feb 6, 2009
    1. Advertisements

  2. I'd try so.
    You could try to fix the log file with eseutil as far as I know. Chances
    are you get it working.
    As long as the DC doesn't boot correctly, you don't have any.

    This is why MSFT recommends having two DCs per domain. Even if the
    second DC is a virtual machine on some other server - corruptions and
    failures like these can be recovered easier. I don' understand why you
    just didn't backup the directory somewhere else. The server has ntbackup
    loaded - you could simply have backed up the systemstate to disk and
    burn it on CD. Ten minutes of work, a blank DVD (worth $2) and way less

    Florian Frommherz [MVP], Feb 7, 2009
    1. Advertisements

  3. Hello Minimbah,

    The article is in the moment the best/only solution, i can see.

    If you do not have a backup from system state and can repair the machine
    to start i think you have to rebuild. I do not see another option.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Feb 7, 2009
  4. Hello friends,

    Just download good edb file recovery software to come-out with this critical situation successfully.
    getbackdatatool, Jul 24, 2013
  5. Hi,

    I want to share my knowledge that to perform a simplified and quick repair of corrupt EDB's, I have tried a utility tool which has the ability to do such tasks effectively. Moreover the tool also does an efficient conversion of the emails from the EDB to PST, RTF, HTML, TXT, Office 365 or Live Exchange Server environment.
    tarun777.pant, Jul 29, 2013
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.