Fixing A Corrupt Domain Controller – Stop Code 0x00002e2
Yesterday morning I discovered that my Synology NAS had an unexpected shutdown in the middle of the night while my homelab VMs/workloads were still running. This caused both of my Domain Controllers databases to become corrupt resulting in being unable to boot those machines. When attempting to boot them, they would get stuck in a BSOD boot-loop and would display a Stop Error Code of 0x00002e2.
After some research I was able to figure out how to recover my VMs and get them to boot up again. This had happened to me once before sometime earlier this year and luckily I remembered that I had taken some notes on how to fix it so I figured this time I would put together a formal “How To:” guide to have it documented for myself and hopefully to help others facing this issue as well. So without further adieu…let’s get to it!
To start, you will need to power-on the machine and then keep pressing the F8 key to bring up the “Advanced Boot Options” boot menu. Navigate down to Directory Services Repair Mode enter press Enter to boot you into Safe Mode.
When you reach the login screen, log in with the Local Administrator account since Active Directory Domain Services are obviously unavailable.
Once at the Desktop, open an elevated Command Prompt window.
As a best practice, I feel it is always wise and important to make a backup of the files before doing any modifications. Since we will be backing up the NTDS directory, create a directory at your preferred location to store the backup files. I chose to make a backup folder on the root of “C:\” and a sub-directory with the name/date of the directory I am backing up.
Then copy everything from the “C:\Windows\NTDS” directory to this new location using xcopy.
xcopy C:\Windows\NTDS\* C:\Backup\NTDS_11122017 /E /Y /V /C /I
Once done, let’s rename any .log file extensions in the NTDS directory to .log.old
cd C:\Windows\NTDS ren *.log *.log.old
Now, this is where we get to the good stuff!
First, run the following command to repair the database.
esentutl /p "C:\Windows\NTDS\ntds.dit"
This will display the following warning message, click “OK“
Let it do its thing and you will see the following once complete.
Now we need to use the NTDS Utility (ntdsutil.exe) to activate the NTDS instance and compact the DB to a new file which will then be used to overwrite the original. I will be compacting it to a new TEMP directory within the NTDS directory. The command will automatically create the new directory if it’s not already present. Enter the following commands.
ntdsutil activate instance ntds files compact to C:\Windows\NTDS\TEMP
If successful, you will be presented with instructions to copy the newly compacted file to the NTDS directory, overwriting the original, and also to delete any .log files in the NTDS directory. Before we can do that we need to exit out of the ntdsutil. Type quit twice to exit.
Let’s follow those instructions and also delete the *.log.old files we renamed earlier.
copy "C:\Windows\NTDS\TEMP\ntds.dit" "C:\Windows\NTDS\ntds.dit" Yes
Ensure you are still in the NTDS directory before entering the following delete commands.
del *.log del *.log.old
The hard part is now over! Let’s go ahead and reboot the machine normally.
If all goes well and as expected, your machine will boot successfully and you can log in again with an Active Directory Domain Admin account.
Awesome! Well, I hope you’ve found this guide useful. Please feel free to share this and provide me some feedback/comments below. Thanks for reading!