Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS ISAM|
NTDS (<pid>) NTDSA: Index <index> of table <table> is corrupted (0).
|English: Request a translation of the event description in plain English.|
I was getting this event every 2 minutes on my SBS 2003 SP2 DC after power-loss shutdown. I restarted the server in AD recovery mode and I used the:
esentutl /p c:\windows\ntds\ntds.dit
command to resolve the problem.
I had multiple errors of "NTDS <PID> NTDSA: Index DRA_USN_index of table datatable is corrupted (0)." along with NTDS KCC event id 1435 "The Knowledge Consistency Checker (KCC) encountered an unexpected error while performing an Active Directory operation." in the directory service event logs, repeating every 15 minutes. I tried to integrity/compact/repair/recover using ntdsutil without luck - kept giving the error that the jet db was corrupt and could not continue. The SBS2003 server had no backups of an uncorrupted ntds database so the recover switch also failed.
In the end, I booted into "Directory Services Repair" mode, ran "ntdsutil files info" (without the quotation marks) to check the path for the ntds.dit file, then, using that info, ran
esentutl /p "<path>\ntds.dit"
The repair completed successfully and "ntdsutil files integrity" reported all good. I rebooted and my server was back online with Active Directory replicating properly.
From a support forum: "Error 467 issue occurs maybe because the Active Directory database engine manages the tuple index for the attribute incorrectly. Please try to install the ME2566592 hotfix package on all domain controllers of the forest. After you install the following hotfix package on all domain controllers, recover the database from the corrupted indexes.
See EV100405 (EventID 467 AD database corruption) for a discussion related to this event.
The database engine cannot update certain indexes in Active Directory. This database problem occurs because of the problems with the code pages and language locales that are used in the Lsass.exe system process. See ME902396 for a hotfix applicable to Microsoft Windows Server 2003.
See the link to "EventID 467 from source ESE" for information on this event.
|Private comment: Subscribers only. See example of private comment|
|Links: EventID 467 from source ESE|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated