Event 1168: Windows 2000 DCs Unable to Boot into Active Directory (265089)

SUMMARY

This article describes "Event ID 1168" error messages that are logged on a Windows 2000 domain controller (DC) that is unable to boot from the Active Directory database.

The "Event ID 1168" error message is a generic error message that is logged when Windows DCs experience either of the following conditions:

Resource shortages and "out of version store" conditions in Active Directory.
Inability to boot from the Active Directory database.

The 1168 events that are logged during resource utilization and version-store shortages have the following attributes:

Event Type:	Error
Event Source:	NTDS SDPROP
Event Category:	Internal Processing 
Event ID:         1168
Date:		MM/DD/YYYY
Time:		HH:MM:SS AM|PM
User:		N/A
Computer:         <computer name>
Description:      Error -1069(fffffbd3) has occurred (Internal ID d0006fc).
                  Please contact Microsoft Product Support Services for 
                  assistance.

Event Type:	Warning
Event Source:	NTDS General
Event Category:	(9)
Event ID:         1519
Date:		MM/DD/YYYY
Time:		HH:MM:SS AM|PM
User:		NT AUTHORITY\SYSTEM
Computer:         <computer name>
Description:      A Directory Service operation failed because the 
                  database has run out of version storage.  
                  If this error repeats frequently it most likely 
                  indicates that an object that is too large for the 
                  Directory Service to handle is attempting to replicate 
                  in. This object must be deleted or shrunk on a 
                  Directory Server where it already exists.
 
                  The internal id is 202073c.

The "version storage" event 1168 has a different root cause and appearance than the 1168 that is logged when DCs are unable to boot from the Active Directory.

As of April, 2001, the following three root causes of the 1168 boot errors are known:

Insufficient permissions to obtain access to the Ntds.dit file and log files.
Unscheduled loss of power that can cause the Ntds.dit file or log files to become un-readable (jet error 550).
Columns that have been deleted from the jet database updating-schema cache when inbound schema changes are replicated.

These scenarios and suggested action plans are described in more detail in the "More Information" section of this article. For additional information about the latest service pack for Windows 2000, click the article number below to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

MORE INFORMATION

Scenario 1: Insufficient Permission for the OS to Access the NTDS.DIT and Log Files

This behavior occurs because explicit or inherited NTFS permissions on the folder that contains the Active Directory database files and log files (or on their parent folders) are too restrictive. Events logged include:

Event Type:	Warning
Event Source:	NTDS General
Event Category:	(9)
Event ID:         1168
Date:		MM/DD/YYYY
Time:		HH:MM:SS AM|PM
User:		NT AUTHORITY\SYSTEM
Computer:         <computer name>
Description:      Error: 1032 (fffffbf8) has occurred. (internal ID 4042b).
                  Please contact Microsoft product support services for 
                  assistance.

Event Type:	Warning
Event Source:	NTDS General
Event Category:	(9)
Event ID:         1103
Date:		MM/DD/YYYY
Time:		HH:MM:SS AM|PM
User:		NT AUTHORITY\SYSTEM
Computer:         <computer name>
Description:      The windows directory services database could not be 
                  initialized and returned error 1032. Unrecoverable 
                  error, the directory can't continue.

To resolve this issue:

Restart the DC into Directory Services Restore mode by pressing F8 when the initial boot menu is displayed.
Select the Directory Services Restore Mode option for the appropriate installation of Windows.
Verify that the Administrator and System accounts on the %SystemRoot%\Ntds folder have the following permissions:
- Administrators (Full Control)
- System (Full Control)

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

258062 "Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller

Scenario 2: Windows 2000 DC Reboots Because of Unscheduled Power Loss

An unplanned loss of power (such as a rolling power outage) on a running Windows 2000 DC can prevent Active Directory from reading either the NTDS.DIT or log files on next boot. This problem is characterized by the following events:

Event Type:	Error 
Event Source:	NTDS ISAM 
Event Category:	Logging/Recovery  
Event ID:         100 
Date:		MM/DD/YY 
Time:		HH:MM:SS AM|PM 
User:		N/A 
Computer          <computer name>
Description:      NTDS (308) The database engine 6.00.3940.0004 started.   

Event Type:	Error 
Event Source:	NTDS General 
Event Category:	Internal Processing  
Event ID:         455 
Date:		MM/DD/YY 
Time:		HH:MM:SS AM|PM 
User:		N/A 
Computer:         <computer name> 
Description: 	NTDS (308) Error -1811 occurred while opening a log 
                file %4.   

Event Type:	Error 
Event Source:	NTDS General 
Event Category:	Internal Processing  
Event ID:         1168 
Date:		MM/DD/YY 
Time:		HH:MM:SS AM|PM 
User:		N/A 
Computer:         <computer name> 
Description:      Error -1811(fffff8ed) has occurred (Internal ID 4042b). 
                  Please contact Microsoft Product Support Services 
                  for assistance.

The 1811 error in the Event IDs 455 and 1168 map to jet errors that indicate that the specified file is missing or unreadable. The symbolic name for the 1811 from ESENT.H is:

#define JET_errPermissionDenied    -1809 /* Permission denied */ 
#define JET_errFileNotFound        -1811 /* File not found */ 
#define JET_wrnFileOpenReadOnly    -1813 /* Database file is read only */

Recovery methods in order of preference:

Rename the Edb.chk file. When Active Directory boots, it checks the integrity of the DIT file and log. If problems are encountered, a "soft recovery" is attempted. During soft recovery (or immediately afterwards), the 2195 release of Windows 2000 creates a log file without any attached information in the log file header.

To resolve the problem, delete (although it is safer to rename, then delete once you are able to boot) the Edb.chk checkpoint file. Reboot the DC in normal Active Directory mode.
Perform a non-authoritative restoration of a recent (but newer than tombstonelifetime), SYSTEM STATE backup. Upon bootup, Active Directory will source current Schema, Configuration and Domain Naming contexts from available replication partners.
Reinstall the operating system on the failed computer. Remove the failed computer from the forest, and then run Dcpromo.exe to add the computer back to the forest. Remove NTFRS member objects from the SYSTEM folder for deleted servers. Rebuilding the domain controller may well be considered a better solution than the preceding solution because the DC can be built with deterministic results in a deterministic amount of time.

For additional information about how to remove a computer from the forest, click the article number below to view the article in the Microsoft Knowledge Base:

216498 Removing Active Directory Data After an Unsuccessful Demotion

Scenario 3: Columns Deleted from Jet Database that Is Updating Schema Cache When Inbound Schema Changes Are Replicated

Symptoms you may experience:

The Windows 2000 DC no longer services requests for network authentication.
Inbound or outbound replication of all Active Directory naming contexts has stopped.
Critical Active Directory services including InterSite Messaging, Kerberos Key Distribution Center and NETLOGON appear to be running but none of the Windows 2000 administration tools start. This includes the Active Directory User and Computers (Dsa.msc) snap-in, Site and Services (Dssites.msc) snap-in, Ldp.exe, Netdiag.exe and Dcdiag.exe.

This scenario is discussed in more detail in the following MKSB article:

303077 SP2 hotfixes recommended prior to making schema changes in AD forests