Recovering the Active Directory database in Windows Server 2012 R2


Recovering the Active Directory database in Windows Server 2012 R2



Article Summary: This article provides information about recovering the Active Directory database when the error Your PC Ran Into a Problem and Needs to Restart Error: 0xc00002e2" occurs


Issue:

Error: Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for you (0% complete) If you'd like to know more, you can search online later for this error: 0xc00002e2." occurs when rebooting a server running Windows Server 2012 or Windows Server 2012 R2. Refer to the Additional Information section of this article for reasons why this error occurs.

Solution:

1. Boot into Directory Services Restore Mode (DSRM) and perform a System State restore to restore the Active Directory (AD) database.

2. Perform a metadata cleanup of the server exhibiting the error on another domain controller (DC) if there are other domain controllers in the environment. If the DC exhibiting the error has any Flexible Single Master Operations (FSMO) roles transfer them a working DC. Re-install the operating system on the server exhibiting the error and promote it to a DC.

3. Boot the server to DSRM.

a. Windows Server 2012 (R2) will automatically boot to DSRM when the error occurs. Click Troubleshoot at Choose and option.

b. Click Command Prompt at Advanced Options.

c. Click Administrator at Command Prompt.

d. Type the DSRM Administrator password and press Enter to open the Command Prompt.


4. Ensure the AD database resides in the correct location while in DSRM using ntdsutil.exe to determine the path of ntds.dit. The default path for ntds.dit is C:\Windows\NTDS when promoting a server to a DC.

a: Change to the C:\Windows\System32 folder.

b. Type ntdsutil.exe and press Enter to open the ntdsutil.exe command interface.

c. Type activate instance ntds to activate the ntds instance.

d. Type files to display the path to ntds.dit.

e. Ensure ntds.dit resides in the path displayed in step d.

5. Ensure the folder permissions are correct for ntds.dit.

a. Navigate to the folder listed in step 4d.

b. Type cacls ntds.dit and press Enter.

c. Check the permissions and correct if necessary.

NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F

d. Type cacls ntds.dit /s and press Enter.

e. Check the SDDL and correct if necessary.

D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)

6. Ensure the other file permissions are correct. All of the files in the folder have the same permissions.

b. Type cacls edb.chk and press Enter.

c. Check the permissions and correct if necessary.

NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F

d. Type cacls edb.chk /s and press Enter.

e. Check the SDDL and correct if necessary.

D:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)

c. Check the remaining files in the folder to ensure the permissions are correct and adjust if necessary.

Note: If ntds.dit errors are found and corrected a lossy repair has been performed resulting in data loss. Once the repair has been completed Microsoft no longer supports the environment according to Microsoft KB 258062 which can be found here. The AD environment must be rebuilt.

7. Check the integrity of ntds.dit.

a a. In the same Command Prompt opened in step 3 type integrity and press Enter to check the database integrity. Review the output for errors.

b. Type quit and press Enter to exit files. If errors occur proceed to step 8 below.

8. Perform a semantic database analysis and repair if necessary.

a. In the same Command Prompt opened in step 4 type semantic database analysis and press Enter.

b. Type go and press Enter for perform the check. Review the output for errors and perform step c below if necessary.

c. Type go fixup and press Enter for perform the check fixing errors during the consistency check.

f. Type c:\windows\system32\shutdown.exe -r -t 0 and press Enter to reboot the server.

Additional Information:

This information applies to Windows Server 2012 and Windows Server 2012 R2.

Event ID 1001 is logged in the System event log.

Log Name: System
Source: Microsoft-Windows-WER-SystemErrorReporting
Date: 4/9/2014 9:18:42 AM
Event ID: 1001
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: ComputerName
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0xc00002e2 (0xffffc000063d1520, 0xffffffffc000000f, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 040914-23875-01.

Event ID 1168 may be logged in the Directory Service event log.

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 4/9/2014 9:18:48 AM
Event ID: 1168
Task Category: Internal Processing
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: ComputerName.DOMAIN.LOCAL
Description:
Internal error: An Active Directory Domain Services error has occurred.
Additional Data
Error value (decimal):
1053
Error value (hex):
41d
Internal ID:
3000764

Event ID 1003 may be logged in the Directory Service event log.

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 4/9/2014 9:10:05 AM
Event ID: 1003
Task Category: Internal Processing
Level: Error
Keywords: Classic
User: N/A
Computer: VDC1.VDOMAIN.LOCAL
Description:
Active Directory Domain Services could not be initialized.
The directory service cannot recover from this error.
User Action
Restore the local directory service from backup media.
Additional Data
Error value:
-1811 JET_errFileNotFound, File not found

Event ID 2167 may be logged in the Directory Service event log

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 4/8/2014 10:46:28 AM
Event ID: 2167
Task Category: Internal Configuration
Level: Error
Keywords: Classic
User: ANONYMOUS LOGON
Computer: ComputerName.VDOMAIN.LOCAL
Description:
Active Directory Domain Services could not initialize virtual domain controller knowledge. See previous event log entry for details.
Additional Data
Failure code:
87

The error in this article can occur for many reasons.

1. The AD database, ntds.dit, is corrupt.

2. ntfds.dit is missing or has been moved.

3. The drive letter where Ntds.dit resides has changed.

4. The permissions for the folder Ntds.dit resides in have been changed.

5. The folder Ntds.dit resides in has been compressed.







Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN290986

Last Date Modified: 09/20/2019 10:32 PM

Rate this article

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\
characters left.