I have a similar issue as described here: ESX Server 3.5 - Corrupted Active Directory after taking a snapshot
I am aware that Microsoft doesn't support snapshotting Domain Controllers, I am used to doing this on development machines (dev machine containing active directory, sql server, visual studio etc.) since a long time now and it always worked. I just stared using VMWare Workstation Pro 15.5.5 (had previously used 10 & 12).
I have a Windows Server 2016 VM that I freshly set up as a domain controller and SQL Server (again - dev machine, I know in normal use cases you shouldn't put these two together). Everything works - also snapshotting. But when I delete an older snapshot, the VM stops working even though being turned off.
The process that leads to the BSOD:
This BSOD can be fixed by deleting the *.log files from C:\Windows\NTDS. I can always reproduce the behavior. After fixing the BSOD the machine works forever until I delete an older snapshot - same error again.
The hard disk is currently set up as a NVMe hard disk - I used to do SCSI, maybe that's a significant difference? If it is - can I migrate the VMDK to a SCSI disk even though it contains snapshots? I don't know if uninstalling some VMWare driver helps as discussed in the linked post since snapshotting is always done when the machine is turned off. I totally do not understand why this behavior occurs when I delete an older snapshot. What can I do to not get this error?
Does anybody know a solution or things I can try?
Additionally: This also happens when creating a full snapshot clone. BSOD with 0x00002e2, delete *.log files from NTDS - machine works.
I'm experiencing the same problem.
similar report:
Windows machines in repair loop after deleting/merging snapshots
I know this is an old thread but just experienced the same issue and deleting the logs out of C:\Windows\NTDS worked for me! However, how did you know that those logs had to be deleted in the first place?
Solve my own answer: In offline mode you can pull the evtx log for deleting all the *.log files fixed the issue. This occurred after a particular VM had gone through several "VMware Workstation Upgrades" and also had several snapshots on it that were deleted.
Event Type: Error
Event Source: NTDS ISAM
Event Category: General
Event ID: 482
Computer: 2019v2
Description:
NTDS (384) NTDSA: An attempt to write to the file "C:\WINDOWS\NTDS\edb.log" at offset 3230720 (0x0000000000314c00) for 512 (0x00000200) bytes failed after 0 seconds with system error 1784 (0x000006f8): "The supplied user buffer is not valid for the requested operation. ". The write operation will fail with error -1011 (0xfffffc0d). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Same issue here (VMware Worstation 17.0.2 build-21581411).
Solved deleting *.log in C:\Windows\NTDS as per your suggestion.
Thanks