We’ve done a DR for a new client this week that we picked up when their server failed. Last known good backup was to tape drive a week ago, which is not ideal.
We were unable to fix the hardware of the server, but were able to get a cold image of it using ShadowProtect IT Edition. We restored it into a virtual machine on a Hyper-V 2012R2 server and when it booted we got a “STOP c00002e2 Directory Services could not start” error as per the screenshot below.
One of our techs working on it attempted to recover it but we were unable to get into DSRM mode as the client did not know the DSRM password. We also realised that when we built the VM we used the default settings for the virtual hard drives which generates them as VHDX drives.
One of the key changes between VHD and VHDX drives is the sector size of the virtual disk. In VHD – the sector size is 512byte, whereas in VHDX, it’s 4K sector size. For most applications this won’t matter, however with Active Directory it’s VERY important as when the AD database starts up, it checks to see the physical sector size of the “disk” it’s on (in this case the Virtual Hard Drive) is the same as what it was when the database was created. If it’s not, then it will give the stop error above, specifically with the error status of 0xc0000001.
There were two ways we could have resolved this – here’s what we did.
We were able to get the old server running again for a short time and during that we reset the DSRM password to something we knew, and then did another cold backup of the C: drive. This time however when we restored it, we restored it to a VHD file. This permitted us to recover into DSRM mode after the server booted nicely and do the normal things we would do to cleanup (ie set fixed IPs etc on the server)
The alternate thing we could have done is to use the powershell command “Convert-VHD” to convert the VHDX into a VHD. This would have also changed the sector size from 4K to 512byte. However – we still would not know the DSRM password which may be critical for the recovery.
For now – the client is running again on new hardware which is totally awesome way to end a busy week.