7 Jun 2015

Security Accounts Manager Failed

This morning we received errors from a remote site 2003 based Domain Controller which was sharing the hardware with a File Server, with the following message being logged in the Directory Services Log.
NTDS (460) NTDSA: Corruption was detected during soft recovery in logfile C:\WINDOWS\NTDS\edb.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 14418 (0x00003852). This logfile has been damaged and is unusable.
 When restarting the server, the following message was appearing and when clicking 'OK', the DC would then reboot.


By entering Directory Services Restore Mode, several checks were preformed using NTDSUTIL from the Command Prompt.

NTDSUTIL > FILES > INFO showed that all files were present and the correct size.

NTDSUTIL > FILES > INTEGRITY showed that the Database was corrupt.

NTDSUTIL > FILES > RECOVER would not recover the database.

Finally I tried,

esentutl /p “C:\Windows\NTDS\ntds.dit” /!10240 /8 /o

Deleted all log files present in the NTDS folder, in this case C:\Windows\NTDS

Then a DB analysis which completed successfully.

NTDSUTIL > Semantic Database Analysis > Go

Upon rebooting the server, no more error messages and I was now in a point where I could gracefully Demote the server and replace it with a dedicated Domain Controller.