После аварийного отключения физического сервера с ролью контроллера домена Active Directory при загрузке сервера столкнулись с BSOD ошибкой stop code 0x00002e2. Данная ошибка указывает на то, что база Active Directory (файл NTDS.DIT) повреждена. В этой статье мы разберемся, как исправить файл ntds.dit и запустить контроллер домена (в нашем примере это сервер с Windows Server 2016).
В предыдущих версиях Windows Server эта же ошибка выглядит так:
STOP c000002e2 Directory Services could not start because of the following error: A device attached to the system is not functioning. Error Status: 0xc0000001 Please shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.
Итак, Windows Server на контроллере домена не загружается с ошибкой 0xc00002e2. После трех перезагрузок сервера он автоматически перейдет в режим восстановления WinRE (или нажмите F8 при загрузке). Вам нужно запустить Windows в режиме восстановления службы каталогов (DSRM).
Выберите Startup Settings -> Restart.
Затем после загрузки выберите Directory Services Restore Mode в меню расширенных опций загрузки.
При загрузке сервера в режиме DSRM вы сможете войти на него под локальным администратором. На контроллере домена единственная локальная учетная запись — администратор DSRM. Вы задаете его пароль при установке роли контроллера домена ADDS на сервере (SafeModeAdministratorPassword).
Если вы не знаете пароль администратора DSRM, можно сбросить его с помощью любой утилиты с загрузочного диска или загрузочного диска MsDART.
После входа на рабочий стол DC запустите командную строку. На этом этапе нужно убедиться, на месте ли все каталоги и файлы службы каталога.
Выполните команды:
NTDSUTIL
activate instance ntds
Files
Info
Убедитесь, что каталог с файлом NTDS (по умолчанию C:\Windows\NTDS) и сам файл ntds.dit находятся по указанным путям и не удалены.
Попробуем проверить целостность базы данных AD:
integrity
В моем случае команда вернула, что база повреждена:
Could not initialize the Jet engine: database is inconsistent. Failed to open DIT for AD DS/LDS instance NTDS. Error -2147418113
Нам придется исправить файл с базой AD с помощью утилиты esentutl. Утилита должна быть хорошо знакома администраторам Exchange. Также мы показывали, как использовать esentutl, чтобы уменьшить размер индексного файла службы поиска Windows.edb. Но сначала сделайте резервную копию содержимого каталога NTDS:
mkdir c:\ntds_bak
xcopy c:\Windows\NTDS\*.* c:\ntds_bak
Проверим целостность файла ntds.dit:
esentutl /g c:\windows\ntds\ntds.dit
Утилита определила, что база AD повреждена:
The database is not up-to-date. This operation may find that this database is corrupted because data from the log files has not yet to be placed in the database. To ensure the database is up-to-date please use the Recovery operation. Integrity check completed. Database is CORRUPTED.
Попробуйте исправить ошибки в базе данных с помощью команды:
esentutl /p c:\windows\ntds\ntds.dit
Если ошибки исправлены, должно появится сообщение:
Operation completed successfully in xx seconds.
Еще раз проверьте целостность с помощью
esentutl /g
.
Integrity test successful. It is recommended you to run semantic database analysis to ensure semantic database consistence as well.
Выполните анализ семантики базы с помощью ntdsutil:
ntdsutil
activate instance ntds
semantic database analysis
go
Если семантические ошибки найдены, чтобы исправить их выполните:
go fixup
Теперь можно сжать файл ntds.dit:
activate instance ntds
files
compact to C:\Windows\NTDS\TEMP
Замените оригинальный файл ntds.dit:
copy C:\Windows\NTDS\TEMP\ntds.dit C:\Windows\NTDS\ntds.dit
Удалите все лог файлы из каталога NTDS:
Del C:\Windows\NTDS\*.log
Перезагрузите сервер в обычном режиме. Убедитесь, что службы ADDS стартовали и контроллер домена доступен по сети. Проверьте здоровье контроллера домена и состояние репликации Active Directory.
Ошибка 0xc00002e2 на контроллере домена Active Directory указывает на повреждение базы данных Active Directory, которая хранится в файле NTDS.DIT. Такая проблема часто возникает после аварийного отключения сервера, и, как следствие, Windows Server не может загрузиться. В этой статье мы рассмотрим, как восстановить работу контроллера домена на примере Windows Server 2016.
Описание ошибки 0xc00002e2 при загрузке контроллера домена
Ошибка может проявляться на BSOD с кодом STOP 0xc00002e2 и следующим сообщением:
STOP c000002e2 Directory Services could not start because of the following error:
A device attached to the system is not functioning.
Error Status: 0xc0000001
Please shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.
Это сообщение указывает, что служба каталогов Active Directory не может стартовать, и для дальнейшего восстановления необходимо загрузиться в Directory Services Restore Mode (DSRM).
Шаг 1. Загрузка в Directory Services Restore Mode (DSRM)
После трех неудачных перезагрузок сервер перейдет в режим восстановления WinRE (или вы можете нажать F8 при загрузке). Для устранения проблемы необходимо загрузить сервер в режиме восстановления службы каталогов.
1. Выберите Startup Settings и нажмите Restart.
2. После перезагрузки выберите Directory Services Restore Mode из меню дополнительных параметров загрузки.
При загрузке сервера в DSRM вы сможете войти под учетной записью администратора DSRM. Пароль для этой учетной записи был задан во время установки роли контроллера домена. Если вы не помните этот пароль, его можно сбросить с помощью утилит с загрузочного диска (например, MsDART).
Шаг 2. Проверка и восстановление базы данных Active Directory
1. После входа в систему откройте командную строку и убедитесь, что все файлы службы каталогов на месте. Выполните команды:
NTDSUTIL
activate instance ntds
Files
Info
2. Убедитесь, что каталог с базой данных AD (по умолчанию C:\Windows\NTDS) и файл ntds.dit присутствуют.
3. Проверьте целостность базы данных командой:
integrity
Если база данных повреждена, вы получите сообщение об ошибке:
Could not initialize the Jet engine: database is inconsistent.
Failed to open DIT for AD DS/LDS instance NTDS. Error -2147418113
Шаг 3. Восстановление базы данных AD с помощью утилиты esentutl
Для восстановления базы данных используйте утилиту esentutl.
1. Сделайте резервную копию каталога NTDS:
mkdir c:\ntds_bak
xcopy c:\Windows\NTDS\*.* c:\ntds_bak
2. Проверьте целостность файла ntds.dit:
esentutl /g c:\windows\ntds\ntds.dit
Если база повреждена, утилита сообщит:
Integrity check completed. Database is CORRUPTED.
3. Восстановите базу данных командой:
esentutl /p c:\windows\ntds\ntds.dit
После успешного восстановления вы увидите сообщение:
Operation completed successfully in xx seconds.
4. Повторно проверьте целостность базы данных:
esentutl /g c:\windows\ntds\ntds.dit
Шаг 4. Семантический анализ базы данных AD
После восстановления базы данных выполните анализ семантики с помощью ntdsutil:
1. Откройте командную строку и выполните:
ntdsutil
activate instance ntds
semantic database analysis
go
2. Если будут найдены семантические ошибки, исправьте их командой:
go fixup
Шаг 5. Сжатие и восстановление файла базы данных AD
1. Сожмите базу данных:
activate instance ntds
files
compact to C:\Windows\NTDS\TEMP
2. Замените оригинальный файл ntds.dit:
copy C:\Windows\NTDS\TEMP\ntds.dit C:\Windows\NTDS\ntds.dit
3. Удалите все лог-файлы из каталога NTDS:
Del C:\Windows\NTDS\*.log
Шаг 6. Перезагрузка сервера
Перезагрузите сервер в обычном режиме. Проверьте, что службы AD DS стартовали и контроллер домена доступен по сети. Убедитесь, что репликация Active Directory работает корректно и нет проблем с целостностью базы данных.
Шаг 7. Восстановление из резервной копии (при необходимости)
Если восстановить базу данных не удалось, вам придется восстановить контроллер домена из резервной копии. Для этого выполните следующие действия:
1. Восстановите сервер с помощью предыдущей резервной копии.
2. Если резервной копии нет, придется удалить роль AD DS в режиме DSRM и вручную удалить все записи о данном контроллере в Active Directory.
3. После этого выполните sysprep и установите новый контроллер домена.
Заключение:
Ошибка 0xc00002e2 указывает на повреждение базы данных Active Directory, и ее исправление требует загрузки в режим восстановления службы каталогов. Мы рассмотрели процесс восстановления с помощью утилиты esentutl, а также показали, как проверить и восстановить целостность базы данных AD. Если восстановление не удалось, всегда рекомендуется иметь резервную копию контроллера домена для быстрого восстановления.
Readers help support Windows Report. We may get a commission if you buy through our links.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Depending on your operating system version, you may run into the error code 0xc00002e2 in Windows Server when the Domain controller fails to restart or does not display the login screen.
This issue causes a BSoD crash which displays an error message- Your PC ran into a problem and needs to restart. We’re just collecting some error info, and then we’ll restart for you. (0% complete). If you’d like to know more, you can search online later for this error: 0xc00002e2).
Why do I get the 0xc00002e2 boot error in Windows Server?
The 0xc00002e2 code is an indication that the Active Directory Domain Services role was removed from a domain controller without first demoting it. There are multiple reasons why you encounter this boot error which also include the following:
- File deletion – The directoryServices-DomainController role was deleted using the Dism.exe, Pkgmgr.exe, or Ocsetup.exe tool.
- Old restore point – The restoration point is older than 30 days (Tombstone) which may create problems with the restoration process.
- Incomplete system restauration – The Active Directory Domain Services (AD DS) data is spread across multiple drives, and only the system drive was restored successfully.
- Unusable device – The domain controller (DC) is linked to a specific hardware driver and is unable to use that device during the boot process.
- Data corruption – The ADS database suffers data corruption or data loss due to power failure.
Now that we know about the possible causes for the 0xc00002e2 boot error, let’s check out the solution to fix the problem.
How do I fix the Windows Server 0xc00002e2 boot error?
1. Validate the Active Directory Domain Services role
1.1 In Windows Server 2008 R2 or Windows Server 2008
- Restart your Windows PC and hold the Shift+F8 key until the boot menu appears on the screen.
- Use the arrow keys to select Directory Services Restore Mode (DSRM), and then log into the DRM account by providing the DSRM password created during the Domain Controller promotion process to access the system.
- Now you need to validate that the Active Directory Domain Services role was removed from a domain controller. To do so in Windows Server 2008 R2, type or paste the following command and press Enter.
dism.exe /online /get-features
- Now that the Active Directory Domain Services is removed successfully, you need to re-add the DirectoryServices-DomainController role back to the server. For this, you need to execute the following command.
dism.exe /online /enable-feature/featurename:DirectoryServices-DomainController - Now restart normally and use the Shift + F8 key combination to access the boot menu once again.
- Log into the Directory Services Restore Mode by providing the password as you did previously.
- Type or paste the following command to remove the remove Active Directory Domain Services from the domain controller.
dcpromo.exe /forceremoval
- Microsoft releases updated HLK and VHLK for Windows 11 24H2 & Server 2025
- Microsoft’s hotpatching for Windows Server 2025 to be subscription-based starting July
- Microsoft releases the Windows Server Build 26360, introducing the WDAC for enhanced security
- How to Fix ERROR_SCRUB_DATA_DISABLED on Windows Server
1.2 Windows Server 2012 and later versions
- Reboot your computer and hold down the Shift key. Now, keep pressing the F8 key until the boot menu appears on the screen.
- Next, select Troubleshoot from the Choose an option menu.
- Select Advanced Options.
- Choose Startup Settings from the next screen.
- Click the Restart button.
- Select Directory Services Repair Mode (DSRM), and provide the DSRM password created during the Domain Controller promotion process to log in successfully.
- Type or paste the following command and press the Enter key to validate that the Active Directory Domain Services role was removed successfully.
dism.exe /online /get-features
- Next, execute the following command to add the DirectoryServices-DomainController role back to the server.
dism.exe /online /enable-feature/featurename:DirectoryServices-DomainController - Now restart your PC normally and use the Shift+F8 key combination to access the boot menu once again. Log into the Directory Services Rest Mode by providing the password as you did previously.
- Press the Windows key, type powershell in the search bar on top, and choose Run as administrator from the search result.
- Type or paste the following command and press the Enter key to remove Active Directory Domain Services from the domain controller.
Uninstall-AddsDomaincontroller -ForceRemoval
After validating the Active Directory Domain Services role, you need to remove the domain controller metadata; the steps for which are described below.
NOTE
The above method assumes that other working domain controllers are currently present on your server and you only wish to remove Active Directory Domain Services. In case, other working domain controllers are not present, and this is the only domain controller in the domain, restoring an earlier system state backup is required.
2. Remove the Domain Controller Metadata
- Use the Windows + R shortcut to launch the Run command, type cmd in the search bar on top and choose Run as administrator from the search result.
- Type or paste the following command and press Enter to execute it.
ntdsutil.exe - Execute the following command to enable the ntds instance:
activate instance ntds - Now, execute the following:
Files - Now type the following command and hit the Enter key. Make sure that the folder here is C:\Windows\NTDS:
Info - After this, type the following command and press Enter.
compact to - Now, you need to copy the file Ntds.dit in the temp folder to replace the old instance in NTDS.
- Finally, delete all the log files (.log) in this location and reboot your PC normally. Now restart your Windows Server, and you will no longer encounter the error code 0xc00002e2, indicating the Domain controller failed to start.
That’s all in this guide! Hopefully, we are successful in resolving the 0xc00002e2 boot error in Windows Server by performing the troubleshooting steps listed above.
You may want to check out this guide to learn the different ways to force sync Windows Server when the time is currently out of sync.
In case you need further assistance in this regard, feel free to reach out to us in the comments section.
Taiba Hasan
A postgraduate in Computer Applications, she is an avid technical writer who loves to craft content revolving around Windows, Android, and emerging technologies like SaaS. With How-To and troubleshooting guides, she aims to provide the best solutions for the problem and make technology less complicated for novice users.
Besides writing, she also loves to cook delicacies and spent time in her garden. In her free time, you will find her binge-watching web series or gazing the night sky.
By
If you are ready this article chances are you are encountering the dreaded 0x00002e2 boot error.
Backup, Just In Case
Before trying any of these, make a backup if possible of the instance. In case something goes wrong you could always revert back to where you started from.
Try From Safe Mode
In this situation I would first try these steps –
- Reboot
- Press f8 for boot menu options
- Select Safe Mode with Command Prompt
- At the command prompt type SFC /scannow
- Once done reboot
Boot Using Windows Media
If you cant boot to the safe mode with command prompt, try booting from a window boot media or install media.
- Select Repair
- Select Command Prompt
- Then run SFC /scannow
- Once done, then reboot
You may have to change to the directory where the windows installation resides.
Still Boot To The Error 0x00002e2 Screen
If you still boot to the error 0x00002e2 screen then time to try something else.
- Reboot and press F8 for boot menu options
- Select Directory Services Repair Mode (DSRM).
- Note: This mode is only available if the server has a DC to interact with NTDS database. During boot the server may repair itself or try to repair itself and reboot, leaving you to do steps one and two again.
- Log in using an administrator account.
- It maybe necessary to log in using a local administrator account. This will be necessary, because the AD service will not or may not be running. Chances are the domain users will be unavailable for log in.
- Open command prompt
- Then change directories. Type cd c:\windows\NTDS
- Make sure to make a copy or backup of everything in this directory before you continue.
- Then type NTDSUTIL and press enter.
- Type activate instance ntds and press Enter.
- Type Files and press Enter.
- Type Info and press Enter. This command will shows you the location of the logs. In case the the server has more than one partition.
- Navigate to logs location and delete or rename or move the *.log.
- Then reboot.
- F8 again.
- Select Directory Services Repair Mode (DSRM) again.
- Once in DSRM again, defrag the database.
- Using the command prompt, type NTDSUTIL and press enter.
- Type activate instance ntds and press Enter.
- Type files and press enter
- Type info and press enter. This will help verify the servers NTDS directory. Make sure it reads C:\Windows\NTDS.
- Created a folder – C:\Windows\NTDS\Temp.
- Type Compact to C:\Windows\NTDS\Temp and press enter.
- Once complete, copy the newly created Ntds.dit file in the C:\Windows\NTDS\Temp folder over the old one in C:\Windows\ NTDS directory.
- Delete all the *.log files.
- Reboot normally and that should be it.
Once up and running I would recommend running a DCdiag to make sure everything is okay or to help spot some other issues. If these steps do not work, I would suggest restoring from a backup (If a backup is available.).
The BSOD (Blue Screen of Death) error has long been a bane for Windows users, inflicting panic and frustration whenever it appears. Among various BSOD errors, the 0xc00002e2 error is particularly troublesome, manifesting during boot and indicating potential corruption in system files, hardware failures, or misconfigured settings in Windows Server. The following article provides a comprehensive guide to understanding, diagnosing, and resolving the 0xc00002e2 BSOD error in Windows Server environments.
Understanding the 0xc00002e2 Error
When you encounter the 0xc00002e2 BSOD error, your system effectively informs you of an issue with the booting process. This particular error is often linked to one or more of the following causes:
- Corrupt Boot Configuration Data (BCD): The BCD is crucial for the startup of Windows. If this data becomes corrupted, it may prevent the OS from booting correctly.
- Faulty or Missing System Files: Missing or damaged system files required for Windows operation can lead to this error.
- Issues with Hardware or Drivers: Incompatibilities, particularly with older hardware or misconfigured drivers, can trigger the BSOD.
- Improper System Configurations: Certain configurations or changes made to system settings can cause conflicts, leading to the error.
Initial Steps for Troubleshooting
Before diving deep into solutions, it’s advisable to carry out some initial troubleshooting steps:
- Restart the Server: A simple restart may sometimes resolve transient glitches or minor conflicts.
- Test for Hardware Issues: Check for any malfunctioning hardware components, such as memory (RAM), hard drives, or peripheral devices.
Boot into Safe Mode
Booting into Safe Mode can be an effective way to diagnose the issue, as it allows Windows to run with a minimal set of drivers and services.
- Restart your server.
- During the restart, press
F8repeatedly until the Advanced Boot Options menu appears. - Select “Safe Mode” or “Safe Mode with Networking”.
- If you can access the system in Safe Mode, examine recently installed software, drivers, or updates.
Repairing the Boot Configuration Data (BCD)
One of the most common causes of the 0xc00002e2 error is a corrupt BCD. Repairing the BCD can often resolve this issue.
-
Boot from Windows Server Installation Media:
- Insert the Windows Server installation disk or a bootable USB drive.
- Boot the server from this media.
-
Access Recovery Options:
- Select your language preferences and click “Next”.
- Click “Repair your computer”.
-
Navigate to Command Prompt:
- In the recovery menu, select “Troubleshoot”.
- Choose “Advanced options” and then open “Command Prompt”.
-
Rebuild the BCD:
-
Type the following commands in Command Prompt, pressing
Enterafter each:bootrec /fixmbr bootrec /fixboot bootrec /scanos bootrec /rebuildbcd
-
-
Exit and Restart:
- Type
exitin the Command Prompt and restart your server.
- Type
System File Checker (SFC) and DISM Tools
If there are corrupt system files, you can utilize the SFC and DISM tools to scan and repair these files.
Using SFC
- Boot into Safe Mode or from recovery media as outlined above.
- Access Command Prompt.
-
Run the SFC command:
sfc /scannow
This will scan all protected system files and replace corrupted files with a cached copy located in a compressed folder at C:WindowsSystem32dllcache.
Using DISM
When SFC fails to repair files, you can use the Deployment Imaging Service and Management Tool (DISM):
-
In the same Command Prompt window, run:
DISM /Online /Cleanup-Image /RestoreHealth
This command will reach out to Windows Update to download and replace damaged files.
Checking Hardware and Drivers
The next troubleshooting phase involves examining hardware and drivers, as these could also be the cause of the BSOD.
RAM Check
- Run Windows Memory Diagnostic:
- Type “mdsched.exe” in the search bar and hit Enter.
- Choose whether to restart the computer immediately or check for problems the next time.
- Test for Faulty RAM: Use a third-party tool like MemTest86 for a more comprehensive analysis.
Hard Disk Check
Verify the hard drive’s health:
- Boot into Safe Mode or from installation media.
- Access Command Prompt.
-
Run:
chkdsk C: /f /r
This command will check for file system errors and recover information from bad sectors if needed.
Update Drivers
Outdated or faulty drivers can cause BSOD errors. It’s essential to ensure that your hardware drivers are updated:
- Right-click on “Start” and select “Device Manager”.
- Check for any warning signs next to devices, particularly storage controllers and network adapters.
- Right-click on the affected device and select “Update driver”.
System Restore
If you continue to experience issues, utilizing System Restore can revert the server to a previous stable state.
- Boot from Windows Server Installation Media.
- Navigate to “Repair your computer”.
- Select “Troubleshoot” > “Advanced options” > “System Restore”.
- Follow the prompts to revert your system to a point before the installation of problematic drivers or updates.
Registry Editing (Advanced)
In certain instances, you may need to delve into the Windows Registry, specifically to check values related to boot management and system configuration. However, this step is for advanced users and should be carried out with caution, as incorrect modifications can lead to further failures.
- Access the Windows Registry Editor via bootable media and the Command Prompt.
- Type
regeditand press Enter. - Navigate to
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices.
Verify keys related to the drivers from the installed components and ensure that they’re correctly configured.
Reinstalling Windows Server
If all else fails, a fresh installation of Windows Server may be required. While this is often a last resort, it guarantees that all underlying issues, including software conflicts and corrupt files, are resolved.
- Backup data: Before proceeding, ensure all important data is backed up.
- Use the installation media to perform a clean installation, following the on-screen instructions.
Conclusion
Dealing with the 0xc00002e2 BSOD error in Windows Server can be a trying experience, but systematic troubleshooting can lead to resolution. By following through each comprehensive step—from repairing the BCD to checking hardware integrity, updating drivers, and potentially restoring the system or performing a reinstall—you can overcome the challenges presented by this error. Ensuring regular maintenance, performing backups, and keeping both software and hardware updated will help mitigate the risks of encountering such issues in the future. If you feel uncomfortable with any steps outlined, it’s always advisable to seek professional assistance or consult with IT support services.