Friday, January 14, 2011

lsass.exe error, Windows cannot boot.

This is apocalypse. The server threw me an "lsass.exe" error this morning, saying that it cannot boot, with the following error.

LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1.

I don't get to boot screen.

I can successfully boot in active directory restore mode.

I'm beyond horror and panic at the moment. The system told me the user hive was corrupted, but recuperation worked out okay, or so said the messagebox.

As far as I know, there is no disaster recovery plan at all. The boss said that there MIGHT be a ghost somewhere. If I don't find any, there isn't.

The question is simple. I have to improvise the best plan ever or we're all dead. What should I do, apart from trying not to panic?

The system is a Windows 2003 with SiS onboard RAID support, plugged with two scsi drives in RAID 0+1.
The drivers and system are up to date.
There is seemingly no virus in there, though I wouldn't rule out that possibility.
Security is a mess to start with.

This is a follow-up to my epic odyssey of tragic death:
http://serverfault.com/questions/52312/write-read-errors-raid1-recovery
http://serverfault.com/questions/49424/0x00000077-error-on-the-corporate-server
http://serverfault.com/questions/53349/windows-server-2003-sisraid-error-device-scsi-sisraid1

From serverfault MrZombie

  • Here is a Microsoft KB reference to start with,
    "Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller.

    Have not looked deeply in your other questions, and, i do not see a reference here suggesting you have done a Microsoft KB lookup.

    MrZombie : OKay, so my Active Directory database is corrupted. This is bad?
    nik : @MrZombie, did you look at the `Resolution` steps on that link? Do you have any thing to add here so that people can try helping you? Or, are you just waiting for a decision to restart with fresh data (and forget all old data).
    MrZombie : This was selected as a good answer, because it SHOULD have led me to the right recovery. But, all those steps failed and in the end, my boss decided that it was a good idea to review everything IT-based. Thanks, folks!
    From nik

  • I have never experienced that particular error before, but I dont think its panic time. Is the Event Viewer available in restore mode? If so check it out, maybe it will give you some idea where to start.

    If not, I have used the ERD Commander boot disk many times on our Win2000 AD Server. It will allow you to boot from the ERD CD and 'attach' a Windows installation.

    Once booted, you have a windows-like desktop and can do many helpful tasks, such as view event viewer, browse the drives, anything really.

    Good luck. EDIT...from: http://windows.ittoolbox.com/groups/technical-functional/windows2000-l/lsassexe-system-error-directory-services-649051

    'This issue can occur if the path to the NTDS folder that holds theActive Directory database files and log files does not exist or the NTFS permissions on this folder and database files are too restrictive, and Active Directory cannot start. See Q258007 and Q295932 for more details. Also check Event id 26 from source Program Popup.'

    From cop1152

  • I had a very similar error on a winXP machine with a dying drive. There were bad blocks randomly appearing here and there, destroying important system files... What did I do? I used SpinRite to recover the bad blocks, then I booted from SystemRescue CD to restore the missing dll from another machine.

    Then I changed the hard drive for a better one :)

    MrZombie : I like the solution, but SpinRite isn't free, there is no other machine to restore dlls from. Oh, and no spare parts. -_-
    wazoox : Well SpinRite isn't free but it's cheap enough. For a professional setup it's a life saver and while there are completely free alternatives to ghost, partition magic, etc. I know no free alternative to spinrite.
    From wazoox

  • http://support.microsoft.com/kb/830574

    You receive a "lsass.exe-system error: Security Accounts Manager initialization failed" error message and event ID 1168 is logged when you restart a Windows Server 2003 domain controller

    From Kev
Posted by Mu Cat at 7:00 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)