Re: AD Error : Directory Service cannot start. Error Status:0xC00002e1
From: Richard Sweetnam (rsweetnam_at_ms.nospam.cs.co.za)
Date: 04/23/04
- Next message: Richard Sweetnam: "Re: anonymous LDAP access with 2003 server"
- Previous message: Simon Geary: "Re: Software installation policy to admins also?"
- In reply to: Bob Qin [MSFT]: "RE: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 23 Apr 2004 19:40:32 +0200
Just to add to Bob's steps
if all else fails
Boot into DS Restore Mode and from the command prompt run the following
ESENTUTL /g "<path>\NTDS.dit" /!10240 /8 /v /x /o <enter>
(Note: Type the path without the quotes).
Then delete all the .log files from the NTDS folder and reboot
Hope this helps,
Richard
"Bob Qin [MSFT]" <bobqin@online.microsoft.com> wrote in message
news:9VS0ywpJEHA.308@cpmsftngxa10.phx.gbl...
> Hi Gislain,
>
> Thanks for your posting here.
>
> First please check if you find any event error in the Directory Restore
> mode.
>
> In general, the problem can occur if the permissions on the NTDS and
Sysvol
> folder are incorrect. You can try these steps to check.
>
> 1. Reboot the server and press F8. Choose Directory Services Restore
Mode
> from the Menu.
> 2. Check the physical location of the Winnt\NTDS\ folder.
> 3. Check the permissions on the \Winnt\NTDS folder. The default
> permissions are:
>
> Administrators - Full Control
> System - Full Control
>
> 4. Check the permissions on the Winnt\Sysvol\Sysvol share. The default
> permissions are:
>
> NTFS Permissions:
> Administrators - Full Control
> Authenticated Users - Read & Execute, List Folder Contents, Read
> Creator Owner - none
> Server Operators - Read & Execute, List Folder Contents, Read
> System - Full Control
>
> Note: You may not be able to change the permissions on these folders if
he
> Active Directory database is unavailable because it is damaged, however
it
> is best to know if the permissions are set correctly before you start the
> recovery process, as it may not be the database that is the problem.
>
> 5. Check the permissions on the root of the C:\ drive or the drive where
> the NTDS folder is located. Default NTFS permissions are:
>
> Everyone = full control
>
> Note: In some cases it may be necessary to add the Administrator and
> System accounts with Full Control.
>
> 6. Make sure there is a folder in the Sysvol share labeled with the
> correct name for the domain.
>
> In addition, you can also refer to the following article for more
> information.
>
> 258007 Error Message: Lsass.exe - System Error : Security Accounts Manager
> http://support.microsoft.com/?id=258007
>
> Wish it helps.
>
> Regards,
> Bob Qin
> Product Support Services
> Microsoft Corporation
>
> Get Secure! - www.microsoft.com/security
>
> ====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> ====================================================
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
- Next message: Richard Sweetnam: "Re: anonymous LDAP access with 2003 server"
- Previous message: Simon Geary: "Re: Software installation policy to admins also?"
- In reply to: Bob Qin [MSFT]: "RE: AD Error : Directory Service cannot start. Error Status:0xC00002e1"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
