How To: Remove Hidden (Non-Present) Devices after an HIR Domain Controllers

Reference:
https://support.storagecraft.com/s/article/How-To-Remove-Hidden-Non-Present-Devices-after-an-HIR?language=en_US&ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=5

Apr 5, 2019•Troubleshooting

Problem

There are times where a c00002e2 (2e2) blue screen error occurs after a Windows Domain Controller system restore; this is related to Windows Active Directory Services and is not affiliated with StorageCraft® products. However, through the use of Directory Services Repair Mode (DSRM) and the StorageCraft Windows Recovery Environment (WinRE), there are ways to resolve this issue.

Below is an example of the error code:

Though the 2e2 error is specific to DCs, the following processes can be followed for any Windows system that reaches a BSOD upon reboot after the restore process.

Cause

The 2e2 error code means the directory services are not accessible via the operating system at the state it currently resides. There are many reasons for this error, including, but not limited to:

Data for Active Directory Domain Services (AD DS) has been spread across multiple drives and only the system drive has been restored (this is commonly seen when performing Advanced Verification via Image Manager)
The domain controller (DC) has bound to a specific hardware driver and is attempting to use the device during the boot process (this is commonly seen with hardware to virtual or Hardware Indepentent Restore situations)
Corruption of the ADS database has occurred

The HIR process often leaves behind device drivers that the DC had bound to when previously configured on the network; this may included disk controller and network interface card (NIC) drivers.

User-added image

Domain Controllers are bound to a specific NIC during the ADS role addition process.

Resolution

To resolve the 2e2 error code, attempt the following steps in DSRM orActive Directory Restore Mode (dependent on OS).

User-added image Domain controllers require special attention. When the first boot of a restored DC happens hit F8 and select DSRMor Active Directory Restore Mode, this ensures that AD DS will not run.

For NIC troubleshooting only: perform all the steps below and ensure that the correct IP address is configured to the local area network (LAN) interface; this may take up to two reboots. If this is not done, and the server is allowed to boot normally, it may sit at the “Preparing Network Connections” stage for a considerable amount of time and still fail.

Boot the system to the Advanced Boot Options menu and select "Directory Services Repair Mode"

Once the login screen appears, use the DSRM password created during the Domain Controller promotion process to access the system:

Attempting to login with the domain administrator account will fail due to Directory Services being disabled; if the DSRM password has been lost or forgotten, skip to the Enable Boot Logging section and remove drivers manually through the File Explorer in the WinRE once identified.

Open a command prompt with administrative privileges

User-added image Location of the Command Prompt varies by operating system, for this demonstration Server 2016 is used.

User-added image

At the command prompt, type the following lines (press "ENTER" after each line):

set devmgr_show_nonpresent_devices=1

  cd %SystemRoot%\System32   devmgmt.msc

In Device Manager go to "View" then "Show hidden devices"

Navigate to the device driver sections of the components that may be affecting the system boot process; for example the "Network Adapters" section.

Locate any greyed out or faintly outlined devices. These devices are not present and can safely be removed by right-clicking on them and selecting "Uninstall"

User-added image

User-added image The system for this demo is a VM in a healthy state, otherwise there would be grayed out devices in the "Network Adapters" section of Device Manager.

Additonal Troubleshooting: "Enable Boot Logging"

One option that may assist with booting to a stable configuration is running HIR for a second time on the system drive; this may remove drivers that it didn't delete previously. If running HIR fails to fix the issue, boot to the recovery menu; there are circumstances when reaching "Safe Mode" or "DSRM" fails, (e.g. forgotten DSRM password, corruption in the recovery partition, a system driver used during boot fails and access to Safe Mode bluescreens the system, etc.). The best next step is starting "Enable Boot Logging" mode via the F8 Recovery Menu which creates a "ntbtlog.txt" file accessible in the StorageCraft Recovery Environment. The log file references the failure point and assists with identifying the driver causing the BSOD as the log file generated stops when the driver breaks the normal boot-cycle.

User-added image

After the first boot cycle after failure, boot into the WinRE, then select "File Browser" in the left hand Tools menu:

User-added image

Once selected, click "This PC" in the Explorer window:

User-added image

Now select the system volume (usually driver letter C):

User-added image

Now select the "Windows" folder and scroll down to the bottom of the directory to ntbtlog.txt:

User-added image

Select the log file and press ctrl + end to navigate to the end/failure point:

User-added image

If the issue persists StorageCraft is unable to further assist as this relates to Microsoft components; please reach out to Microsoft for further troubleshooting steps.