hello, I got this error on my active directory domain services role: internal error:an active directory domain sevices error has occured. additional data:error value(decimal):-1073741536 error value(hex):c0000120 internal Id:300162a event ID:1168 task catecory:internal processing source:active directory domain services I searched in google but I couldn't solve this problem. it is happened after I run DCpromo to promote my 2008r2 server as domain controller. thanks johanh.david

Hi, Please refer following KB article and see if that helps "Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller http://support.microsoft.com/kb/258062A UNIVERSE without WINDOWS is CHAOS ! This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me !!!

According to Microsoft you should check the following: Verify that the default domain controllers policy exists in Active Directory and is granting the Enable computer and user accounts to be trusted for delegation user right to the Administrators security group or alternate user accounts used to promote and demote domain controllers in the target domain.Verify that the user account performing the DCPROMO operation has been granted the Enable computer and user accounts to be trusted for delegation user right in the default domain controllers policy.Verify that the default domain controllers policy is linked to the domain controllers OU and that all DC machine accounts reside in that OU. If DC machine accounts reside in an alternate OU container, either move all DC machine accounts to the domain controllers OU or link the default domain controllers policy to the alternate OU container (not a best practice).Verify that the file system portion of default domain controllers policy exists in the SYSVOL share of the DC being used to apply policy on the computer being promoted or demoted. If not present, evaluate whether that condition is due to simple replication latency, a replication failure in FRS / DFSR, or whether the policy has been deleted from the SYSVOL. Resolve as required. The default domain policy or policy in general is not applying to the logged on user. Check for policy inheritance, WMI filtering or security descriptor problem that may be preventing policy from applying. More : http://support.microsoft.com/kb/2002413 http://support.microsoft.com/kb/2000939 MCTS - Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/

Hi, Please refer following KB article and see if that helps "Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller http://support.microsoft.com/kb/258062A UNIVERSE without WINDOWS is CHAOS ! This posting is provided "AS IS" with no warranties or guarantees and confers no rights. About Me !!!

According to Microsoft you should check the following: Verify that the default domain controllers policy exists in Active Directory and is granting the Enable computer and user accounts to be trusted for delegation user right to the Administrators security group or alternate user accounts used to promote and demote domain controllers in the target domain.Verify that the user account performing the DCPROMO operation has been granted the Enable computer and user accounts to be trusted for delegation user right in the default domain controllers policy.Verify that the default domain controllers policy is linked to the domain controllers OU and that all DC machine accounts reside in that OU. If DC machine accounts reside in an alternate OU container, either move all DC machine accounts to the domain controllers OU or link the default domain controllers policy to the alternate OU container (not a best practice).Verify that the file system portion of default domain controllers policy exists in the SYSVOL share of the DC being used to apply policy on the computer being promoted or demoted. If not present, evaluate whether that condition is due to simple replication latency, a replication failure in FRS / DFSR, or whether the policy has been deleted from the SYSVOL. Resolve as required. The default domain policy or policy in general is not applying to the logged on user. Check for policy inheritance, WMI filtering or security descriptor problem that may be preventing policy from applying. More : http://support.microsoft.com/kb/2002413 http://support.microsoft.com/kb/2000939 MCTS - Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/

Hello, this is an internal error. You can start by that: http://support.microsoft.com/kb/265090 If you have another healthy DC / DNS /GC server in your AD domain then you can simply re-install the new DC, perform a metadata cleanup and resize FSMO roles if it was an FSMO holder. Once done, re-install the server and promote it again as a DC. More if you contact Microsoft PSS. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

hello, first when I go to users and computers I don't see under computer tab any computer. also to enable a user to trusted for delegation I don't see any delegation tab on the user properties. so I searched in google and found that I have to configure SPN for users. with setspn.exe utility. but now I am confused, when I use set spn command do I have to use (a) switch or (S) switch. for example my computer FQDN is dave.john.local ,dave is my computer name and john.local is my domain name, 1---can you give me a little example how I have to use here setspn command to configure spn for my trusted user account?which switch I have to use? second ,do I have to run spn also for my computer domain name,if yes can you also give me a little example? thanks johanh.david

hello, I have read the article you advise me. so I go to restore mode as the article tells then I run ntdsutil files info at the command prompt(with administrator privilege) and I get this answer. active instance not set. to set active instance use "Activate instance". error parsing input -invalid syntax ntdsutil: I don't understand nothing of it ,can you tell me wat this mean and wat I have to do to get the right answer. thanks johan h.david

Hello, this is an internal error. You can start by that: http://support.microsoft.com/kb/265090 If you have another healthy DC / DNS /GC server in your AD domain then you can simply re-install the new DC, perform a metadata cleanup and resize FSMO roles if it was an FSMO holder. Once done, re-install the server and promote it again as a DC. More if you contact Microsoft PSS. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Hello, please stick to one thread for the same problem. And that one is already answered. http://social.technet.microsoft.com/Forums/en/winservergen/thread/1c4dc666-2d27-4ab7-ac0a-864f7ff2a582Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, please stick to one thread for the same problem. And that one is already answered. http://social.technet.microsoft.com/Forums/en/winservergen/thread/1c4dc666-2d27-4ab7-ac0a-864f7ff2a582Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.