RE: AD Error : Directory Service cannot start. Error Status:0xC00002e1
From: Bob Qin [MSFT] (bobqin_at_online.microsoft.com)
Date: 04/20/04
- Next message: Dmitri Gavrilov [MSFT]: "Re: ADAM password"
- Previous message: ron: "PDC in the lab"
- In reply to: Gislain R.: "AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Next in thread: Richard Sweetnam: "Re: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Reply: Richard Sweetnam: "Re: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 20 Apr 2004 05:56:22 GMT
Hi Gislain,
Thanks for your posting here.
First please check if you find any event error in the Directory Restore
mode.
In general, the problem can occur if the permissions on the NTDS and Sysvol
folder are incorrect. You can try these steps to check.
1. Reboot the server and press F8. Choose Directory Services Restore Mode
from the Menu.
2. Check the physical location of the Winnt\NTDS\ folder.
3. Check the permissions on the \Winnt\NTDS folder. The default
permissions are:
Administrators - Full Control
System - Full Control
4. Check the permissions on the Winnt\Sysvol\Sysvol share. The default
permissions are:
NTFS Permissions:
Administrators - Full Control
Authenticated Users - Read & Execute, List Folder Contents, Read
Creator Owner - none
Server Operators - Read & Execute, List Folder Contents, Read
System - Full Control
Note: You may not be able to change the permissions on these folders if he
Active Directory database is unavailable because it is damaged, however it
is best to know if the permissions are set correctly before you start the
recovery process, as it may not be the database that is the problem.
5. Check the permissions on the root of the C:\ drive or the drive where
the NTDS folder is located. Default NTFS permissions are:
Everyone = full control
Note: In some cases it may be necessary to add the Administrator and
System accounts with Full Control.
6. Make sure there is a folder in the Sysvol share labeled with the
correct name for the domain.
In addition, you can also refer to the following article for more
information.
258007 Error Message: Lsass.exe - System Error : Security Accounts Manager
http://support.microsoft.com/?id=258007
Wish it helps.
Regards,
Bob Qin
Product Support Services
Microsoft Corporation
Get Secure! - www.microsoft.com/security
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
- Next message: Dmitri Gavrilov [MSFT]: "Re: ADAM password"
- Previous message: ron: "PDC in the lab"
- In reply to: Gislain R.: "AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Next in thread: Richard Sweetnam: "Re: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Reply: Richard Sweetnam: "Re: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
