Article ID: kb00291Last Modified: 22-Nov-2024

BSOD 0xc00002e2 Issue on Image-Based Restore of a Windows Machine With Active Directory

Situation

After restoring Windows OS with Active Directory (AD) from image-based backup, BSOD (blue screen) error 0xc00002e2 appears upon system boot.

Cause

There are several possible causes for this issue:

  1. Active Directory was offline for too long (longer than tombstone period allows).

The resource provider used for the restore could be older than the Active Directory tombstone period.

Active Directory incorporates the tombstone lifetime into the backup and restore process as means of protecting itself from inconsistent data by disallowing the native restore procedure. Restoring Active Directory from an image-based backup is not a native method, therefore it bypasses this check.

The default tombstone lifetime depends on Windows OS release:

More about Active Directory native backup & restore procedures and related topics:

  1. Inconsistent Active Directory backup due to faulty VSS service on source machine or hardware issues (e.g. bad blocks on the source hard disk).

Solutions

  1. Utilizing Active Directory grace period:

Since version 8.1.1 MSP360 Backup agent tries to automatically resolve such situations. If you notice that the issue still persists, apply the following manual fix:

  • Boot into DSRM (Directory Services Restore Mode, available on Active Directory Domain Controllers)
  • Open "regedit.exe"
  • Browse to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters"
  • Create DWORD "Database restored from backup", value = 1
  • Delete "DSA Database Epoch"
  • Reboot normally
  1. Fixing a corrupt Active Directory:
  • Boot into DSRM (Directory Services Restore Mode, available on Active Directory Domain Controllers)
  • Open CMD and perform the following commands:
cd c:\
md _ntds_Backup
xcopy c:\Windows\NTDS\. c:\_ntds_Backup
NTDSUTIL
activate instance ntds
Files
Info
Integrity

If the command sequence fails, proceed with:

quit
quit
esentutl /p c:\windows\ntds\ntds.dit
ntdsutil 
activate instance ntds 
semantic database analysis 
go fixup
activate instance ntds 
files

If the command sequence fails, proceed with:

compact to C:\Windows\NTDS\TEMP 
quit
quit
copy C:\Windows\NTDS\TEMP\ntds.dit C:\Windows\NTDS\ntds.dit
del C:\Windows\NTDS\*.log
  • Open "regedit.exe"
  • Browse to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters"
  • Create DWORD "Database restored from backup", value = 1
  • Delete "DSA Database Epoch"
  • Open CMD and perform the following command:
shutdown -f -r -t 0
https://git.cloudberrylab.com/egor.m/doc-help-kb.git