Drive failure

[arno]

I have two DC's in a domain. Both machines use
d:\winnt\ntds as a location to store AD data.

On one of the machines this d: drive failed. It's running
again after a drive change but insists I boot up in "AD
restoration mode" When I do this using F8 it reboots in
what appears safe mode with network support. I cannot
login using domain usernames and password but I can login
with 'administrator' and the password used during the
original setup.

After login it appears there is data in d:\winnt\ntds. I
left the machine on overnight and can access it from other
machines using administrator/password.

But I can still not reboot and run the server normally.
Nor will it accept my usernames and passwords used
elsewhere in the domain.

How can I force the working DC to replicate it's AD data
to the one that had a drive failure and get on with work
around here?

Of course I have no backup disks, having everything on two
machines was going to fix that backup thing I thought...

 

[Allen Jenkins]

In order to recover a failed DC (which this server sounds to be, if he lost
the drive where his ad database was), you have two options...restore from
tape or re-dcpromo, so ad replication will push the ad database back. There
are several steps you need to take to make sure that you don't get into any
naming issues. Check out this link...it goes over it all in detail.

http://www.microsoft.com/technet/tr...rodtechnol/ad/windows2000/support/adrecov.asp

Good luck,
Allen J

 

[Tim Hines [MSFT]]

You cannot force this DC to replicate with the other until the problems that
it has have been corrected. What is the error message that you receive when
the server boots? I'm assuming that it is an lsass.exe error. If that is
the case then you should try the following articles.

300425 HOWTO: How to troubleshoot LSASS.EXE errors on Domain Controller Boot
http://support.microsoft.com/?id=300425
258062 "Directory Services Cannot Start" Error Message When You Start
Computer http://support.microsoft.com/?id=258062
258007 Error Message: Lsass.exe - System Error : Security Accounts Manager
http://support.microsoft.com/?id=258007


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Allen Jenkins]

Good call on Tim's part. I missed the boat on the boot up problem. I am
wondering if you might not want to look at this link, which references the
fact that your server doesn't want to boot up properly, because the ntds.dit
file is missing - and hpw to fix it. Hopefully, one of these is gonna help.
Good luck.

http://support.microsoft.com/default.aspx?scid=kb;en-us;240362

 

[Arno]

The second server boots with a "Security Accounts Manager
failed because of the following error: Directory Service
cannot start. Error Status: 0xc00002e1. Please click OK to
shutdown this system and reboot into Directory Services
Restore Mode, check the event log for more detailed
information."

When I go to the sites and services snapin on the other DC
I can see both servers. When checking 'replication
topology' I get a check ok on server #1 but a "there are
no more endpoints available from the endpoint mapper.'

Alos found 258007, ntdsutil output looks good, and I
added administrators and system to the permissions
settings...

Now what??

(Oh, I thought about DCPROMO'ing the thing before, but of
course I can't do that in 'safe mode' and it doesn't want
to start up in any other way...)

 

[Arno K]

Say Allen, thanks for the help... I never included any of
those files in a backup scheme. In my innocent mind I
thought it would be more than enough to have it on 2
machines..

Think I could get a copy of the NTDS.DIT file from the
other DC and copy it to the one that doesn't want to boot??