I'm posting this in the DS section because this is only happening to my AD server and the exact same problems followed to a brand new AD server I just setup.
So to start, my AD server, lets call it AD1 started to randomly lock up. This is a VM btw, host is Server 2012 and the AD server is 2012 as well. The VM couldn't be shutdown, turned off nor could I kill the process running the VM. I would have to restart the host and wait a good 15 minutes for it to get through "shutting down HV services". The Application error logs show a trail of EventIDs 508, 531, 533:
lsass (544) The database engine attempted a clean write operation on page 123 of database C:\Windows\NTDS\ntds.dit. This action was performed in an attempt to correct a previous problem reading from the page.
As well as a bunch of 2000 range IDs regarding VSS freezes:
lsass (544) Shadow copy instance 3 freeze started.
Then from what I can tell this is the nail in the coffin, EventID 8193:
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.
.
Operation:
Initializing Writer
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {10add81e-ea1f-4829-9890-eea6c305ada3}After a few days of trying to get this squared away and failing miserably I setup a new VM, lets call it AD2. Installed Server 2012, AD DS, DFS, migrated everything over, it's also running DHCP, changed all clients to the new DNS, demoted AD1, removed AD1, deleted AD1. For 24 hours everything ran great, no problems. This new VM is also on a different host. Then out of nowhere, all these exact same EventIDs started popping up and this new VM now locks up.
I'm at a loss at this point. The host isn't the issue, the hardware isn't the issue (many other VMs on both hosts running fine, both hosts at 40% resources used, HP Servers Gen7). New VM, new VHD, new install. The only other piece of software
on this server is System Center Endpoint Protection. I have %systemroot%\ntds\ntds.dit excluded site wide from the antivirus engine.
Regarding the ESENT IDs reporting write errors these are all the listed files with issues:
lsass - ntds.dit svchost - svc.log
This EventID is new on the new server (AD2), I never saw this on AD1:
lsass (544) The database cache size maintenance task has taken 239 seconds without completing. This may result in severe performance degradation. Current cache size is 41 buffers above the configured cache limit (111 percent of target). Cache size maintenance evicted 0 buffers, made 1 flush attempts, and successfully flushed 0 buffers. It has run 32977 times since maintenance was triggered.
This server is fully updated. I used ntdsutil to perform a file integrity check as well as semantic database analysis and both checked out fine.
Hopefully someone can help me out here and point me in some diag directions that I've missed. I would greatly appreciate any help!