Windows Server: Domain Controller Fails to Boot with Stopcode 0xC00002E2

An affected DC is unable to boot into Windows in normal mode, and stopcode 0xC00002E2 is displayed. The DC can boot into Directory Services Repair Mode (DSRM).

There are several possible causes of this error:

• The volume that contains the AD database has insufficient free space.
• The ADDS role has been removed without the DC being properly demoted first.
• There is corruption within the AD database. This article does not address AD database corruption.

Cause 1: The volume that contains the AD database has insufficient free space.

This is the simplest and least destructive cause of the issue. The solution is to locate the AD database and free up space on the volume that contains it. The database file (ntds.dit) is located in C:\Windows\NTDS by default, but it may be elsewhere. To locate the database while in DSRM, run these commands in order:

ntdsutil
activate instance ntds
files
info

The output shows the location of the database file and other information, including the amount of space available on the volume:

Drive Information:

         C:\ NTFS (Fixed Drive  ) free(110.5 Gb) total(126.2 Gb)

DS Path Information:

         Database   : C:\WINDOWS\NTDS\ntds.dit - 40.0 Mb
         Backup dir : C:\WINDOWS\NTDS\dsadata.bak
         Working dir: C:\WINDOWS\NTDS
         Log dir    : C:\WINDOWS\NTDS - 50.0 Mb total
                         edbtmp.log - 10.0 Mb
                         edbres00002.jrs - 10.0 Mb
                         edbres00001.jrs - 10.0 Mb
                         edb00001.log - 10.0 Mb
                         edb.log - 10.0 Mb

Type quit twice to exit the Ntdsutil utility. If the volume is low on free space, determine whether other files stored on the same volume can be deleted or moved to another volume. 

Cause 2: The ADDS role has been removed without the DC being properly demoted first.

A DC should always be properly demoted before the ADDS role is removed from it. Server Manager and PowerShell prevent the role from being removed if the DC has not been demoted. However, dism and other commands may remove roles or features without first performing prerequisite checks. To confirm whether this has occurred, boot into DSRM and launch the Services console. If Active Directory Domain Services is not listed, some vital components of Active Directory have been removed.

If the affected DC is the only one in the domain, normal functionality can be restored only by restoring a system state backup of the DC. If no system state backup is available, the DC must be forcibly demoted. This deletes the domain, which must then be re-created. See PowerEdge: How to Force Demotion of an Active Directory Domain Controller for the steps involved in forcing a demotion.
 

Important: If the demotion fails with the error "The specified service does not exist as an installed service," run this command:

dism /online /enable-feature /featurename:DirectoryServices-DomainController

Reboot the server into DSRM and start the forced demotion again. After the server has been demoted, reboot into normal mode. The domain can then be re-created.
 

If there are other DCs in the domain, perform a forced demotion of the affected DC (see the note above). After demoting it, delete its metadata from Active Directory. The server can then be promoted back to a DC.

Cause 3: There is corruption within the AD database.

In rare instances, corruption within the AD database can cause this stopcode. (The nearly identical 0xC00002E1 stopcode is more common.) Troubleshooting AD database corruption is outside the scope of this article, though there are other resources online that address this.