A client we support is receiving the following error on a DC during boot: LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1 Unfortunately, this server has exchange installed (I know this is a complete no no). There is one other server in the domain which is the main DC. I was thinking the best method would be to completely remove AD from this faulty server, but I'd possibly have to forcefully remove. This would then leave just one AD server in the network. But I'm concerned that this is going to have an impact on Exchange and I want to avoid a full server rebuild at all costs. What would be the best method to get his server back functioning properly and avoid any rebuild or problems with Exchange? Both machines are Server 2003 Std SP2 and faulty machine has Exchange 2003 std installed. All FSMO roles are on the working machine. Any advice would be appreciated. Many Thanks

Take a look at this article: http://support.microsoft.com/kb/258062 It is not recommended to install Exchange on Domain Controllers. Also, promoting or demoting an exchange installed DC is not recommended. Try the options from the above KB article first. Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

Take a look at this article: http://support.microsoft.com/kb/258062 It is not recommended to install Exchange on Domain Controllers. Also, promoting or demoting an exchange installed DC is not recommended. Try the options from the above KB article first. Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights. Yes, we inherited the system and it's now causing me these problems. I know exchange and AD should always be separate. I'm onsite tomorrow so I'll work through the options in that article. I got the site to boot the server into safe mode and the integrity check was failing with JetError -501. I'll complete all the commands from directory services restore mode tomorrow but it doesn't look good. Thanks for your help.

Hi, Before troubleshooting, please backup your AD database and system state. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, Before troubleshooting, please backup your AD database and system state. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Yes, I took a backup from the working server. Integrity check and defrag failed. Machine can only boot into directory service restore mode. I don't think it's recommended to copy working AD DB from other server? I want to really avoid having to rebuild this machine due to exchange being installed. Any help is appreciated.

Hi, Before troubleshooting, please backup your AD database and system state. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights. Yes, I took a backup from the working server. Integrity check and defrag failed. Machine can only boot into directory service restore mode. I don't think it's recommended to copy working AD DB from other server? I want to really avoid having to rebuild this machine due to exchange being installed. Any help is appreciated. I restored system state from working backup (Friday night) via directory restore mode. Reboot server, then able to log on and replication changes occurred from working DC. Thanks for your help.

Thanks for the udpateSanthosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.

Glad to hear you have resolved the problem. If you have more questions in the future, you’re welcomed to this forum. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights.

Security Accounts Manager initialization failed with error 0xc00002e1 http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Security%20Accounts%20Manager%20initialization%20failed%20with%20error%200xc00002e1.aspx