Host is Server 2012 with single Hyper-V guest which is a Domain Controller. When booting the DC it gives a Blue Stop Error: 0xc00002e2 and then reboots. After third reboot it shows a recovery console with options for
*Continue
*Troubleshoot
*Turn off your PC
I choose troublehsoot and open a command prompt and when I tried to run
SFC /scannow
But receive the error: Windows Resource Protection could not start the repair service.
I tried to run chkdsk /r
And receive the error: Windows cannot run disk checking on this volume because it is write protected.
I can boot into DSRM but I'm not sure how to proceed. I try to demote the DC, but receive this error when supplying credentials:
Error verifying credentials: verification of user credential permissions failed. Failed to examine the Active Directory forest. The error was: The operation cannot continue because LDAP connect/bind operation failed: error 58. Ther specificied server cannot perform the requested operation.)
The error code is "Directory Services cannot start."
This article has all the ntdsutil tricks you need to check your AD database.
Disregard that the article talks about Small Business Server - the principles are the same.
But here's the thing. You really should read the whole article, because therein are a lot of useful bits of information, such as:
So what you should be focusing on is restoring the domain controller from a system state backup. You have a backup, right? Well, if you don't, then you should just blow away the VM and build a new domain. I'll assume you didn't have anything important on that domain controller anyway if you didn't have a backup. :)
I'm going to go out on a limb and assume that this is not your only domain controller.
Delete the DC's computer object from Active Directory Users and Computers using a version of RSAT for Vista/2008 or later. Then, go into the AD Sites & Services snap-in and delete any reference to it in there. Then, reinstall the OS and promote the server again.
If directory services won't start, you can't do a clean demotion, so this is the best way to clean up a DC that's being taken out of service without a proper demotion. This is also why you can't demote in DSRM.
If this is your only DC, then do what Ryan says and pray for a miracle.
My situation involved a physical server which was also an only server, so demotion/promotion would have been painful since all AD accounts would be lost in the process.
Fortunately, I found a better/simpler solution that usually works, or at least did for me.
C:\Windows\NTDS\*.log.And reboot normally.
However, you may also want to defrag the database while in DSRM:
NTDSUTILand press Enter.activate instance ntdsand press Enter.Filesand press Enter.Infoand press Enter. Verify the folder is actuallyC:\Windows\NTDS.Compact to <path>and press Enter. I createdC:\Windows\NTDS\Tempand used that.Reboot normally.
References: