0x0c00002e2 windows server 2025 domain controller KB5082063

Hi Admin,

You can use the recovery path from the virtual machine console:

• Start the virtual machine and go to the Windows boot menu. Microsoft's virtual DC instructions state to press F5 to enter Windows Boot Manager, then press F8 to enter advanced boot options and select Directory Service Recovery Mode (DSRM). If the virtual machine boots normally too quickly, shut it down and try again; Microsoft also notes that you cannot access DSRM from the Windows Error Recovery menu. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/virtual-dc/restore-virtualized-domain-controller
• Log in with your DSRM password. Microsoft's DC boot troubleshooting article uses DSRM to recover on Windows Server 2012 and later.
• Run the recovery process from your backup tool, using a system state backup created before the problem occurred. Microsoft states that a valid system state backup is a supported recovery method for virtual DCs.
• Restart normally after the recovery process is complete. For a restored virtual DC, Microsoft suggests booting in DSRM mode first and then returning to normal mode after the restoration.

A very important note: if this virtual machine had previously booted normally after the restoration, Microsoft says the directory service may have raised the USN, which is why the restoration process must be performed from DSRM before a normal boot. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/virtual-dc/restore-virtualized-domain-controller

If this is the only domain controller and you don't have a reliable system state backup, Microsoft's guidance is to restore a previous system state backup or, if that's not possible, rebuild the domain controller and clean up the metadata instead of trying to maintain a faulty copy. https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/domain-controller-not-start-c00002e2-error

Hi Admin,

0xC00002E2 is Microsoft’s documented Active Directory Domain Services startup error when the AD DS role was removed from a domain controller without first demoting it. That is a different problem from the KB5082063 issue. KB5082063 is known to cause LSASS startup crashes and repeated restarts on some Windows Server 2025 domain controllers in multi-domain forests that use Privileged Access Management (PAM), and Microsoft’s fix for that issue is the out-of-band update KB5091157.

Based on the symptoms you described, this sounds more like the separate Server 2025 firewall-profile problem than the reboot-loop bug: Microsoft says some Windows Server 2025 domain controllers can restart and then use the standard firewall profile instead of the domain profile, which can make the DC hard to reach on the domain network. The published workaround is to restart the network adapter, for example with Restart-NetAdapter *, and Microsoft notes that this can restore the expected behavior without a full server reboot.

So the safest move is: do not reboot the server yet if you can avoid it, first try the network-adapter workaround from a working admin path or console session. If the machine is actually on KB5082063, install KB5091157 as soon as possible because that update resolves the DC startup issue. If the box is truly showing the boot-time 0xC00002E2 error, then Microsoft’s fix path is DSRM and AD DS repair/restore, not normal remote logon. https://support.microsoft.com/en-us/topic/april-19-2026-kb5091157-os-build-26100-32698-out-of-band-13ab53cc-ccc8-4a00-89d2-823b58fa03ec