Corrupt AD database 2

[MarkDym]

Hello

I have posted this elsewhere but have not had a response so far so would like to ask the good folks over here if you can help:

My Domain Controller running Win 2003 Server (Standard Edition) is reporting a corrupt ntds.dit file.

I discovered it when our backup software (Arcserve) was unable to complete a backup of the System State, and the system event log reported that the checksums for the file did not match. I tried using NTBackup to backup the System State but received the same error.

After researching this I have discovered that it is advisable to exclude the file from anti-virus scanning (and others according to MS KB 822158), which I have now done.

However, I know nothing about the dynamics of this file. The most recent backup of the file I have is from last week, and I do not know if restoring the file (the system state) from a backup would actually do any good as it is 'out of date'.

I have also read MS KB 816120 which describes how to use Ntdsutil to recover the file after booting to Directory Services Restore Mode. What I would like to know is, if the process fails, and the subsequent Esentutl recovery attempt should also fail, would I still be able to boot the Domain Controller?

If anyone has attempted this before, I would be grateful if they could share their experiences.

Thank you

 

[FloDiggs]

Using directory services restore mode isn't for the faint of heart. You should be able to restore to when you had a good backup, but make sure you look into the different types of restores, such as authoritative and non-authoritative do whichever would be best for your environment. My advice, however, is to call Microsoft. The advice you get in a forum is good for general administration, but if I were in your situation, I wouldn't mess around with recommendations that have no guarentee of accuracy. Especially if this is your production AD database.

 

[MarkDym]

Hello FloDiggs

Many thanks for your advice. I have never used Directory Services Restore Mode, and although I have read snippets about authoritative and non-authoritative restores I have no idea what the difference is. I shall do more research on this. Thanks again!

If anyone else has tried this and has any advice to offer I would be pleased to hear it.

Thank you

 

[pagy]

I would echo FloDiggs recommendation of contact Microsoft support for this or look for a microsoft partner in your area who may be able to assist, if you have no experience of AD restores you could make things worse for yourself.

Is this your only domain controller? If so you are looking at a primary restore of the AD database and if your last GOOD backup of AD is one week old you will lose any changes you made to AD in that week.

You can read more about AD backup and restores here;

http://technet2.microsoft.com/Windo...80ee-4b50-9a1f-698cada42ccc1033.mspx?mfr=true

Or look here to find a MS Partner

http://directory.microsoft.com/mprd/

Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[pagy]

What size network are we talking about here? Number of PCs and servers?


Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[MarkDym]

Hello pagy, thanks for your advice!

Our network comprises 1 Domain Controller running Win2k3 server Standard Ed. SP1, one NAS server (joined to the domain as a normal computer) running Win2k3 Server Appliance Ed SP1, and 27 PC's running: Win XP Pro SP2, Win2k Pro SP4 (3), 1 Win98 SE and 1 WFW 3.11 (15 years old and still running - gasp!).

The AD is rarely changed - we have a fairly static number of users (between 40-50), and shares are distributed between the DC and the NAS machine. The DC is therefore used for limited file-sharing and also hosts Arcserve 11.1 which runs a GFS schedule (daily incrementals, and full weekly and monthly backups).

 

[MarkDym]

Here is a typical entry from the Application Log:

Event Type: Error
Event Source: ESENT
Event Category: Logging/Recovery
Event ID: 474
Date: 22/01/2007
Time: 22:29:21
User: N/A
Computer: HTL-NEWSERVER
Description:
lsass (716) The database page read from the file "C:\WINDOWS\NTDS\ntds.dit" at offset 4005888 (0x00000000003d2000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 803700293 (0x2fe77e45) and the actual checksum was 2664004712 (0x9ec97c68). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

And the Directory Service Log:

Event Type: Error
Event Source: NTDS ISAM
Event Category: Database Page Cache
Event ID: 474
Date: 23/01/2007
Time: 09:33:26
User: N/A
Computer: HTL-NEWSERVER
Description:
NTDS (716) NTDSA: The database page read from the file "C:\WINDOWS\NTDS\ntds.dit" at offset 4005888 (0x00000000003d2000) for 8192 (0x00002000) bytes failed verification due to a page checksum mismatch. The expected checksum was 803700293 (0x2fe77e45) and the actual checksum was 2664004712 (0x9ec97c68). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

[pagy]

Just to check the obvious, the drives/raid array, whatever it is you have, are all functioning correctly, no failed drives in the array??


Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[pagy]

This thread talks about this 474 event in some detail

http://www.eggheadcafe.com/aspnet_answers/Windows2000active_directory/Apr2006/post26547425.asp

Everything I can see about that 474 indicates some form of hardware problem


Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[MarkDym]

The server is a PowerEdge 2400 and is 6 years old. There is a warning light on the front saying there is a hardware fault, but we have been unable to trace it. We have run Dell's 32 bit diagnostics program and a memory checker. I have also had the server apart and have cleaned everything up and checked all the fans, connections etc. All the SCSI drives on the RAID array are in optimal condition. I have also spoken to Dell's Server Support who have not been able to shed any more light on what the problem may be.

I have seen that this can be caused by a hardware error, but wanted to try restoring the file first.

The links you provided are very helpful, I am presently reading through them.

 

[reynolwi]

If there is a hardware fault then restoring the file is most likely going to be a waste of time. Either a disk drive in the array is failing or it may be something with the array controller.

Wm. Reynolds
RRWDS | TxPSS

http://www.rrwds.com

http://www.txpubsafety.com

- - - - - - - - - - - - -
Network Error:
Hit any user to continue

 

[MarkDym]

Hello Reynolwi

Thanks for your advice. I will run the tests again and see if they identify any errors.

 

[pagy]

Could you build another server and make it a DC? AD will then obviously replicate to the new DC, you could then power down the old DC and see if you still get AD errors on the new DC.

That will at least tell you whether it really is hardware on the other box, if AD really is busted then the corrupt AD will replicate to the new DC and you should see errors on the new DC as well.

Hope that makes sense, I got a little confused when writing it :->


Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[MarkDym]

Hi Pagy

Thanks again for your advice. Building a new server requires cash, which is something we are woefully short of at the moment

I have just been on Dell's site and have downloaded the latest versions of their management and diagnostics software/firmware which I will use when I re-check the server's hardware.

 

[pagy]

Ok, I would be tempted to use a decent desktop and put 2003 on it but I fully understand about money, or lack of!!!!

How much say do you have with regards to spending money?? As you are probably aware you should have 2 DCs for redundancy anyway so you could make a business case and say unless we spend some money our AD infrastructure may go splat and then no one can log in or do any work!!!!

That's just food for thought, I'm not trying to tell you how to run your IT or business :-D


Paul

MCSE 2003

"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."
Albert Einstein

 

[MarkDym]

Hi pagy

Our organisation generally has a good outlook on IT, and has spent a relatively reasonable amount upgrading the network over the last 3-4 years (5 years ago it was a peer to peer network connected with BNC cabling... - no central servers, backup etc etc). There is still a lot of work to do though, and getting a BDC is one one of the many things we think are essential, but which have not yet been implemented. However, this is next on our To-Do list!

Thanks again for taking the time to provide some advice - it is appreciated.