Windows 2003 Server - LSASS.EXE - System Error
I received a call last night where a client had a physical Active Directory server that blue screened during a routine reboot and update cycle and then got caught in a loop with the following error:
LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1
I found a KB article referencing the issue here http://support.microsoft.com/kb/258062
Based on feedback from other sources I decided to do the following:
Boot in to Directory Services Restore Mode
Open a cmd prompt and run "ntdsutil files info" to determine the location of the AD database (it was good I did this as the client had an old install at C:\Windows and a newer install at D:\Windows)
Run a repair on the database "esentutl /p D:\Windows\System32\NTDS\ntds.dit"
Delete all log files from the NTDS folder where ntds.dit resides and then reboot the server
After the server reboot the client was able to login normally. There were still a few issues to clean up. The DHCP service was failing. The client had 25+ scopes so recreating the scopes would be a huge hassle.
We were able to grab a backup of the dhcp folder and rename the existing folder dhcp.old, copy the restored folder over and start the service normally.
One last item to check was AD replication. That consisted of the following:
From a cmd prompt run "repadmin /replsum >c:\replsum.txt && c:\replsum.txt" (this will generate a replication summary and output to a file and then open that file for easy viewing)
Push out replication from each Active Directory Domain Controller using the command "repadmin /syncall /AedP" from the cmd prompt
Verify the replication status using the command from step 1
After this we rebooted to verify everything was working and then ran a system state backup.











