lsass.exe error, Windows cannot boot


This is apocalypse. The server threw me an "lsass.exe" error this morning, saying that it cannot boot, with the following error.

LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1.

I don't get to boot screen.

I can successfully boot in active directory restore mode.

I'm beyond horror and panic at the moment. The system told me the user hive was corrupted, but recuperation worked out okay, or so said the messagebox.

As far as I know, there is no disaster recovery plan at all. The boss said that there MIGHT be a ghost somewhere. If I don't find any, there isn't.

The question is simple. I have to improvise the best plan ever or we're all dead. What should I do, apart from trying not to panic?

The system is a Windows 2003 with SiS onboard RAID support, plugged with two scsi drives in RAID 0+1.
The drivers and system are up to date.
There is seemingly no virus in there, though I wouldn't rule out that possibility.
Security is a mess to start with.

This is a follow-up to my epic odyssey of tragic death:
Write-read errors, Raid1 recovery?
0x00000077 Error on the corporate server
Windows Server 2003 SiSRaid Error, \Device\SCSI\SiSRaid1?

asked on Server Fault Aug 14, 2009 by Olivier Tremblay • edited Apr 13, 2017 by Community

4 Answers


Here is a Microsoft KB reference to start with,
"Directory Services cannot start" error message when you start your Windows-based or SBS-based domain controller.

Have not looked deeply in your other questions, and, i do not see a reference here suggesting you have done a Microsoft KB lookup.

answered on Server Fault Aug 14, 2009 by nik

You receive a "lsass.exe-system error: Security Accounts Manager initialization failed" error message and event ID 1168 is logged when you restart a Windows Server 2003 domain controller

answered on Server Fault Aug 14, 2009 by Kev

I have never experienced that particular error before, but I dont think its panic time. Is the Event Viewer available in restore mode? If so check it out, maybe it will give you some idea where to start.

If not, I have used the ERD Commander boot disk many times on our Win2000 AD Server. It will allow you to boot from the ERD CD and 'attach' a Windows installation.

Once booted, you have a windows-like desktop and can do many helpful tasks, such as view event viewer, browse the drives, anything really.

Good luck. EDIT...from:

'This issue can occur if the path to the NTDS folder that holds theActive Directory database files and log files does not exist or the NTFS permissions on this folder and database files are too restrictive, and Active Directory cannot start. See Q258007 and Q295932 for more details. Also check Event id 26 from source Program Popup.'

answered on Server Fault Aug 14, 2009 by cop1152 • edited Aug 14, 2009 by cop1152

I had a very similar error on a winXP machine with a dying drive. There were bad blocks randomly appearing here and there, destroying important system files... What did I do? I used SpinRite to recover the bad blocks, then I booted from SystemRescue CD to restore the missing dll from another machine.

Then I changed the hard drive for a better one :)

answered on Server Fault Aug 14, 2009 by wazoox

User contributions licensed under CC BY-SA 3.0