The 0xc00002e2 error on an Active Directory domain controller indicates corruption in the Active Directory database, stored in the NTDS.DIT file. This issue often occurs after an abrupt server shutdown, preventing Windows Server from booting. This article outlines how to restore a domain controller’s functionality using Windows Server 2016 as an example.
Description of Error 0xc00002e2 During Domain Controller Startup
The error may manifest as a Blue Screen of Death (BSOD) with the code STOP 0xc00002e2 and the following message:
STOP c000002e2 Directory Services could not start because of the following error: A device attached to the system is not functioning. Error Status: 0xc0000001 Please shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.
This message indicates that the Active Directory Directory Services cannot start, and you need to boot into Directory Services Restore Mode (DSRM) for further recovery.
Step 1: Booting into Directory Services Restore Mode (DSRM)
After three failed reboots, the server will enter the Windows Recovery Environment (WinRE), or you can press F8 during startup. To resolve the issue, boot the server into Directory Services Restore Mode.
1. Select Startup Settings and click Restart.
2. After rebooting, select Directory Services Restore Mode from the advanced boot options menu.
When booting into DSRM, you can log in using the DSRM administrator account. The password for this account was set during the domain controller role installation. If you’ve forgotten the password, it can be reset using utilities from a bootable disk (e.g., MsDART).
Step 2: Checking and Restoring the Active Directory Database
1. After logging in, open a command prompt and verify that all Directory Services files are present. Run the following commands:
NTDSUTIL
activate instance ntds
Files
Info
2. Ensure the Active Directory database directory (by default C:\Windows\NTDS) and the ntds.dit file are present.
3. Check the database integrity with the command:
integrity
If the database is corrupted, you’ll receive an error message:
Could not initialize the Jet engine: database is inconsistent. Failed to open DIT for AD DS/LDS instance NTDS. Error -2147418113
Step 3: Restoring the Active Directory Database with esentutl
Use the esentutl utility to repair the database.
1. Create a backup of the NTDS directory:
mkdir c:\ntds_bak
xcopy c:\Windows\NTDS\*.* c:\ntds_bak
2. Check the integrity of the ntds.dit file:
esentutl /g c:\windows\ntds\ntds.dit
If the database is corrupted, the utility will report:
Integrity check completed. Database is CORRUPTED.
3. Repair the database with the command:
esentutl /p c:\windows\ntds\ntds.dit
Upon successful repair, you’ll see the message:
Operation completed successfully in xx seconds.
4. Reverify the database integrity:
esentutl /g c:\windows\ntds\ntds.dit
Step 4: Semantic Analysis of the Active Directory Database
After repairing the database, perform a semantic analysis using ntdsutil:
1. Open a command prompt and run:
ntdsutil
activate instance ntds
semantic database analysis
go
2. If semantic errors are found, fix them with the command:
go fixup
Step 5: Compressing and Restoring the Active Directory Database File
1. Compact the database:
activate instance ntds
files
compact to C:\Windows\NTDS\TEMP
2. Replace the original ntds.dit file:
copy C:\Windows\NTDS\TEMP\ntds.dit C:\Windows\NTDS\ntds.dit
3. Delete all log files from the NTDS directory:
Del C:\Windows\NTDS\*.log
Step 6: Rebooting the Server
Reboot the server in normal mode. Verify that the AD DS services have started and the domain controller is accessible over the network. Ensure Active Directory replication is functioning correctly and there are no issues with database integrity.
Step 7: Restoring from a Backup (if Necessary)
If the database repair fails, you’ll need to restore the domain controller from a backup. Follow these steps:
1. Restore the server using a previous backup.
2. If no backup is available, remove the AD DS role in DSRM mode and manually delete all references to this controller in Active Directory.
3. After that, run sysprep and set up a new domain controller.
The 0xc00002e2 error indicates corruption in the Active Directory database, requiring booting into Directory Services Restore Mode for repair. We’ve outlined the process of restoring the database using the esentutl utility and verifying its integrity. If repair fails, it’s critical to have a domain controller backup for quick restoration.
