I did? :-) I think I still said all I know is what the poster said :-)
I think I need a course in event log reading because even with the logs,
and the default size of the logs, I still don't see a smoking gun. The
directory services one is filled with events 'post' blow up.
What is interesting is that it seems to me big server land goes .. oh
yeah... ntds.dit corruption... and sbsland freaks out. Either we do
indeed need to ensure we have a secondary DC or we need to park a second
copy of a system state offsite [say at the vap/var]
Brett Shirley wrote:
She replied offline, very likely a single bit flip, tragedy, they aren't
one release later (Longhorn), where this would've probably been
non-disruptively handled, logged, and possibly self-healed:
http://blogs.technet.com/efleis/archive/2005/01.aspx
Anyway, this kind of thing is usually hardware ...
While there are much better disk sub-system testers, one that is freely
available to any box with Exchange is jetstress. You might give that a
try. If you can reproduce the event / error with jetstress I would not
use that box in production.
If you do reproduce the issue several times (several times is key, as you
want a trend before you start playing the variable game), some things
you might vary (one at a time):
- Try making sure you have the latest driver and motherboard / controller
firmware. Then see if you can reproduce.
- Try a different RAID configuration, such as RAID1/RAID1+0 if you're on
RAID5.
- Try swapping out the hard drives, one at a time.
- Adding the jetstress files to the exclude list in the Anti-Virus
software. (A low probablility, I've never heard of Anit-Virus causing this
paticular type of error, and I can't imagine the mistake an anti-virus
product would have to have to cause this side effect)
- If you can reproduce it several times, you could followup with Dell.
Good luck.
I'm not sure if I answered your question ...
Cheers,
BrettSh
On Sun, 4 Dec 2005, Eric Fleischman wrote:
Going back to the original post, I'm not sure I fully understand the
problem yet. Susan, can you define "ntds.dit file corruption" for us?
What sort of corruption? What errors/events lead you to believe this?
Specifically, I'm interested in errors from NTDS ISAM or ESE if you
have any.
________________________________
From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks
[MVP]
Sent: Sat 12/3/2005 10:58 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Ntds.dit file corruption
SBS box [with Windows 2003 sp1 since September]
RE: [ActiveDir] Database Corruption:
http://www.mail-archive.com/activedir@mail.activedir.org/msg32676.html
We have a SBS 2003 sp1 box with a corrupt ntds.dit that the Consultant
and PSS have been banging on. Could not get the services back running,
changed the RPC service to local system and some service came back up [I
don't have all the details but the consultant opened a support case of
SRX051202605433].
Bottom line they are about going to give up and start a restore but
before they do that I'd like to get the view of the AD gods and
goddesses around here. From all that I've seen, read, seen in the SBS
newsgroup, the corruption of ntds.dit is rare to nil and an underlying
cause is hardware issues [raid, disk subsystem]. This doesn't just
happen.
The VAP asked if not properly excluding the ad databases from the a/v
would cause this/trigger this and my expectation is 'no', given that I
doubt the majority of us in SBSland properly set up exclusions
Virus scanning recommendations on a Windows 2000 or on a Windows Server
2003 domain controller:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822158
If this were my hardware and box, I'd be putting this sucker on the
operating table and getting an autopsy before putting it back online.
Are we right in being paranoid now about this hardware? For you guys in
big server land you'd just slide over another box into that server role.
---------------------------------------
Stupid question alert....
Okay so we know that having a secondary/additional domain controller is
a good thing even in SBSland...but question.... many times the second
server in SBSland is a terminal server box because we do not support TS
in app mode on our PDCs. So we've established that having a domain
controller and a terminal server is a security issue [see Windows
Security resource kit, NIST Terminal services hardening guide, etc
etc....] If our second server is a member server handing out TS
externally, should that be a candidate for the additional DC? Are the
issues of TS on a DC ... true for 'any' DC? Would it be better than to
Vserver/VPC a Win2k3 inside a workstation in the network if a third
server box was not feasible?
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
