Windows 2000 Domain Controllers Restored with System State Backups Made Prior to SP2 May Not Boot

Hotfix Download Available
View and request hotfix downloads

View products that this article applies to.

This article was previously published under Q295932

SYMPTOMS

This article discusses the following issues:

A condition in which Windows 2000-based domain controllers are unable to boot into Active Directory mode after you restore system state backups that were created prior to the installation of Windows 2000 Service Pack 2 (SP2).
Events and error messages that may be logged during various phases of the restore and boot process following the system state restore if the database header contains incorrect data in builds of Esentutl prior to SP2.

Back to the top

To resolve this problem, obtain the latest service pack for Windows 2000 or contact Microsoft to obtain the hotfix below. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 (http://support.microsoft.com/kb/260910/EN-US/ ) How to Obtain the Latest Windows 2000 Service Pack

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)

Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this fix should have the following file attributes or later:

   Date        Time    Version      Size       File name
   --------------------------------------------------------
   04/10/2001  06:25p  6.0.3940.13  1,135,376  Esent.dll
   11/22/2000  01:06a  6.0.3940.9      55,568  Esentutl.exe

Back to the top

WORKAROUND

You can avoid the problems that are described in this article by installing SP2 or the individual hotfix and then making new backups of the system state. The fix is preventative in nature only; it does not resolve errors that occur if you restore system state backups that containing incorrect header information.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 2.

Back to the top

MORE INFORMATION

You prepare for Active Directory disaster recovery by making system state backups from the console of Windows 2000-based domain controllers at regular intervals. The elements of Active Directory that are captured in a system state backup include the Active Directory database (Ntds.dit), transaction logs (Edb*.log), and a patch file (Edb.pat). You restore by booting Windows 2000-based domain controllers into directory service repair mode and restoring the system state by using Ntbackup.exe or a third-party equivalent. You can optionally use Ntdsutil.exe after performing the restore operation to mark specified domain name (DN) paths as authoritative when the domain controller next boots into Active Directory mode.

In specific situations, Windows 2000-based domain controllers may not boot into Active Directory mode after you restore the system state if the backup was made prior to the installation of SP2 and the right conditions existed when the backup was made.

The following conditions contribute to this problem:

An initial backup of the system state is made on a Windows 2000-based domain controller. While the backup is in progress, local or replicated changes to objects in Active Directory generate new transaction logs, advancing the Jet database checkpoint. (Bulk object creation utilities can be used to simulate this.)
A second backup is made on a "quiet" system such that the Jet checkpoint file does not advance after the increase in step 1.
A restore of the second system state backup is performed.

The Jet checkpoint maintains a list of unflushed data in the database. Two copies of the checkpoint data are stored: one in the database header of the Ntds.dit file, and a second in-memory copy that is written to the backup media.

The requirement for this problem is that sufficient changes take place in the directory to generate new transaction logs and advance the Jet checkpoint during the first backup, but not until after the second backup is finished. Domain controllers in busy production environments are unlikely to experience this condition during typical activity (creations, deletions, and modifications to objects) because these activities in Active Directory result in a steady advance of the Jet checkpoint.

The problem is more likely to occur in large backups (or if the backup media does not have a fast backup rate) because, in these cases, the backup process takes longer and there is more opportunity for the checkpoint file to advance. The essential part of the problem is that a second backup is made before the checkpoint file advances, which is then restored.

As a result of this problem, incremental backups of the system state when the Jet checkpoint has not advanced since the previous backup write an outdated record of required transaction log files and checkpoint data to the backup media. When it is restored, the header in the restored database lists logs that are not required for the recovery. Some log files that are referenced in the database header are not included in the system state. The phrase "Log files missing from system state" that is associated with this problem is in fact misleading because all the required log files are present. However, the number of logs that are referenced in the database header is incorrect.

Back to the top

Recommended Course of Action

Customers who are concerned about backup media integrity and who use backups as a method of recovery for Windows 2000-based domain controllers may want to consider the following items:

Inventory and then clearly label existing backup media that was made prior to the installation of SP2 or the hotfix. Place pre-SP2 backup media in locked storage. Also consider backup media that is stored on the local drives of computers in your organization.
Consistent with good change management practices, install SP2 or the hotfix on domain controllers in a lab environment that is representative of your production configuration. Make multiple backups, and then initiate restore tests.
Install SP2 or the hotfix on production domain controllers. Create new system state backups, clearly labeling them as post-SP1 backups.
Destroy pre-SP2 backups.

Backup media for Active Directory has a limited lifespan, so existing backups will eventually become obsolete. For more information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:

216993 (http://support.microsoft.com/kb/216993/ ) Useful shelf life of a system-state backup of Active Directory

Back to the top

Events Logged during Authoritative Restore and Boot

Three different errors are returned by Jet during the various phases of the restore and boot process.

After you physically restore files from the backup media, the JetExternalRestore function stops working and generates error -543 ("JET_errRequiredLogFilesMissing").
If you try to start the directory service after receiving the above error message, the JetInit function stops working and generates error -528 ("JET_errMissingLogFile").
If you try to start something that bypasses Jet recovery (such as Defrag.exe or an integrity check), error -550 ("JET_errDatabaseInconsistent") occurs.

These errors are in their native context, starting with the "authoritative restore" command in Ntdsutil.exe on a sample domain controller in the Example.com domain.

c:\>ntdsutil
ntdsutil: auth restore
authoritative restore: restore subtree "cn=users,dc=<example>,dc=com" verinc 2000

Opening DIT database...
Could not initialize the Jet engine: database is inconsistent.

Authoritative Restore failed.

Error 8000ffff parsing input - illegal syntax?
authoritative restore: _

As a result of an authoritative restore attempt that opens the database and attempts to perform a Jet database restore, the following error message is logged:

If the computer is booted into normal directory service mode after this, you receive an Lsass message with the text that is listed in this event ID 26 message:

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: MM/DD/YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
Application popup: lsass.exe - System Error : Security Accounts Manager initialization failed because of the following error:

Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.

Booting the computer back to directory service repair mode to check the event log shows the following two events in the Directory Service Log folder:

Restore attempt 2: Restoring the backup with Ntbackup and then rebooting to "normal" mode displays an Lsass event (ID 26 in the System log):

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: MM/DD /YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
Application popup: lsass.exe - System Error : Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0xc00002e1. Please click OK to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.

When you reboot to directory service repair mode to check the event log, the following message are listed in the Directory Service log. These logs indicate the essence of the problem as Jet tried to restore itself during DBinit during the boot to normal mode:

Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1168
Date: MM/DD/YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
Error -528(fffffdf0) has occurred (Internal ID 4042b). Please contact Microsoft Product Support Services for assistance.

Event Type: Information
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 204
Date: MM/DD /YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
NTDS (260) The database engine is restoring from backup directory C:\WINNT\NTDS\.

Event Type: Error
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 452
Date: MM/DD/YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
NTDS (260) Database C:\WINNT\NTDS\ntds.dit require log files 25-27, current redoing log file for this database is 26.

Event Type: Information
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 301
Date: MM/DD /YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
NTDS (260) The database engine is replaying log file C:\WINNT\NTDS\\edb0001A.log.

Event Type: Information
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 301
Date: MM/DD /YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
NTDS (260) The database engine is replaying log file C:\WINNT\NTDS\\edb0001B.log.

Event Type: Information
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 301
Date: MM/DD /YY
Time: HH:MM:SS AM|PM
User: N/A
Computer: computername
Description:
NTDS (260) The database engine is replaying log file C:\WINNT\NTDS\\edb0001C.log.

Event Type: Error
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 422
Date: MM/DD /YY
Time: 11:13:26 AM
User: N/A
Computer: computername
Description:
NTDS (260) The database C:\WINNT\NTDS\ntds.dit created at 10/21/1999 9:20:57 was not recovered.

Event Type: Information
Event Source: NTDS ISAM
Event Category: Logging/Recovery
Event ID: 205
Date: MM/DD /YY
Time: 11:13:26 AM
User: N/A
Computer: computername
Description:
NTDS (260) The database engine has stopped restoring.

Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1168
Date: MM/DD /YY
Time: 11:13:29 AM
User: N/A
Computer: computername
Description:
Error -550(fffffdda) has occurred (Internal ID 404e0). Please contact Microsoft Product Support Services for assistance.

Event Type: Error
Event Source: NTDS General
Event Category: Internal Processing
Event ID: 1003
Date: 6/8/2001
Time: 11:13:29 AM
User: N/A
Computer: computername
Description:
The Windows Directory Service database could not be initialized and returned error -550. Unrecoverable error, the directory can't continue.

Back to the top