Server – Directory Service

10 pts.
Active Directory
Lotus Domino
Microsoft Windows
Networking services
SQL Server
We have 2 servers on our network. The one is a Windows 2003 Server, which is the primary domain controller. The other is a Windows 2000 Server, which is the ?other,? or secondary, domain controller. The Windows 2003 server pretty much handles everything for the most part, like DNS, DHCP, etc. The Windows 2000 server is our old server that we just left to be used as the Print Server. Anyways, the thing that happened yesterday was the Windows 2000 server had to be rebooted. Then, while it was starting up, I got a dialog box with the following error message: ?lsass.exe-System Error: Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.? Once you click OK, the server reboots again. I cannot even get to a login prompt. I tried to even start in Safe Mode but got to the same point. Now, there is another startup option when you hit F8 that you can go into. It is called Directory Services Restore Mode. This is a Safe Mode type of thing, but you can use it to troubleshoot your problem. Directory Services Restore Mode (DSRM) is a special boot mode. It is used to log on to the computer when Active Directory has failed or needs to be restored. I clicked this and actually got to a login prompt. The problem is you need a password, and I don?t have it. The Directory Services Restore Mode password is different from the (domain) local administrator's password and is used to logon to a Windows Server Domain Controller in an offline state (Directory Services Restore Mode or Safe mode). I think somehow the Active Directory database (Ntds.dit) on this machine got corrupted, or something happened with replication from the other server, but if I can?t even get into that Restore mode, I cannot even look at it. I tried booting from the Server 2000 disc, but it won?t boot, or even run through it. I created Windows 2000 Server boot up floppies, but I keep getting the same error. I can?t even get to a command prompt to try anything. What should I do next, any suggestions? What is causing this problem and how do I fix it. I don?t want to take down the network. Thanks very much for your help.

Answer Wiki

Thanks. We'll let you know when a new response is added.

One suggestion that I have seend happen is have you tried logging into the Directory Services Restore Mode with the domain administrator account and password? (i.e. and password?) See if that lets you into the directory restore mode.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Dwiebesick
    Do you need to recover any data of this computer? If the answer is no, then I suggest that you reload the server and rejoin the domain. As for using the Directory Services Restore Mode; you are logging in against the local SAM data base and NO domain account will work. This is by design as you have to have physical access to the server to use DSRM. If you need to recover data, look at using Bart's Boot CD or some other such resource. Just in the past two weeks, I have had two customers in two different cities experience the same thing with W2k. It happened after Microsoft update/upgrade Tuesday but I have NO other evidence that it is related; maybe just a coinidence. dmw
    2,235 pointsBadges:
  • Spadasoe
    When you install active directory, you are prompted to create a password for AD restore mode. Without this you may me sunk. As far as rebuilding, remember that this is a domain controller. You should check the other server and see that it holds all the FSMO roles. If not, you will have to seize the roles so you domain can still function. I suggest you check MS for information on tombstoning the domain controller that has gone away for information on how to best proceed.
    5,130 pointsBadges:
  • Davemd
    I should mention one more thing, which I?m not sure if it?ll be a help or not. I am able to see all the drives and directories for that Win 2000 Server (broken box) by going into Computer Management/Shares from the W2K3 server. I?m not sure if I can do anything with this or not. I can look at all the folders and files on that broken Win 2000 machine. From the W2K3 server or any other machine, I am also able to get into the registry for the Win 2000 Server. If you know of something I can easily do with this to fix the problem that would be great. Can I just maybe copy the NTDS.DIT file from the working W2K3 server and replace the one that?s on the Win 2000 Server, since it sounds like the AD database is corrupted on that machine? Thanks again.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: