Admin account appears to be locked out.

Hey guys i am in bad need of some help. I am on my DC right now and it is in safe mode. I cannot log in even as the Administrator at the first screen in regular boot. I also cannot even get past the ctrl alt del screen. I puch it and nothing happens. So anyway i am in safe mode and it appears that the problems started happening about 30 mins ago so i have gone back in the event logs and got the errors that began to occur at that time. I know everyone here is in need of help but this is critical. If i could give a million points i would. As of right now no one has mail and the dc is down and here at a hospital we all know it is critical is PLEASE help !!
Here are the Events that started all at the same time
Event ID 490    Source ESE
Information Store (5272) First Storage Group: An attempt to open the file "C:\Program Files\Exchsrvr\mdbdata\E00.chk" for read / write access failed with system error 1331 (0x00000533): "Logon failure: account currently disabled. ".  The open file operation will fail with error -1022 (0xfffffc02).

Event ID  419   Source smtpsrv
SMTP server cannot create a file in the queue directory C:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\.

Event id 7          Source KDC
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was DNS/ and lookup type 0x48.

This last one above appears several times with any account basically popping up at random.

Event id 3011    Source LDMS
Failed to create process dmadmin.exe, binPath=%SystemRoot%\System32\dmadmin.exe, Error=1331.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jjeffordsAuthor Commented:
Hey guys i figured i should also mention the fact these errors occur over and over again.
I also get the w32time popping up alot since then happened. I know how to fix that but i figured maybe this little bit of info would help things out. I was also getting some DNS server errors but they seemed to have tappered off
here is the one i was getting from DNS and one from the

Event ID  4004     Source   DNS  
The DNS server was unable to complete directory service enumeration of zone Backup2k3.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

Event ID  490         Source   ntds isam
NTDS (600) NTDSA: An attempt to open the file "C:\WINDOWS\NTDS\edb.chk" for read / write access failed with system error 1331 (0x00000533): "Logon failure: account currently disabled. ".  The open file operation will fail with error -1022 (0xfffffc02).

Event id 490  Source NTDS ISAM
NTDS (600) NTDSA: An attempt to open the file "C:\WINDOWS\NTDS\edb.chk" for read / write access failed with system error 1331 (0x00000533): "Logon failure: account currently disabled. ".  The open file operation will fail with error -1022 (0xfffffc02).

Regarding the entry, here is an exerpt from Mark Minasi's book:

": what IS this Well, once RFC 1918 (and its predecessors, actually)
came out, the IANA -- the old name, recall, for the folks in charge of
handing out IP address blocks -- realized that they needed a "placeholder" zone for the three ranges of non-routable addresses. So they
put zones named,, and on a three DNS servers named, and, at IP addresses,, and, and prisoner is set as the primary DNS
server for the zones.

Thus, if one of your systems with a 192.168.x.x address tries to register
its PTR record then it will, unless you have a local DNS server with a zone, end up trying to register with
-- which will reject the request. The bottom line is, don't worry about it
in most cases. In one case, however, you MIGHT worry about it, if you were
running an intranet with a dialup connection to the Internet. If your
intranet systems have private addresses and you don't have a local reverse
lookup zone for your private addresses then you will cause your systems to
try to contact prisoner, which would trigger a dialup. And if you're
connected via ISDN in some country not blessed with as low a set of telecomm
rates as we enjoy in the US, then that could be a quite expensive
proposition. Again, the answer in that case would either be to tell your
system not to do dynamic updates at all, or to create a local DNS server
with a dynamic zone. "

So, in a nutshell, your server is trying to register a private IP address with your ISP - so your DNS is not setup completely correct.

With respect to account lockout - in server 2003 it is possible to lock the Admin account - which scares me.  If you have a service account (ie. for Exchange) and can remember the password you might be able to log in with that account to check what's going on with the Admin account.  Alternately, you could boot the server in normal mode, connect remotely to it with ADUC or Manage and see what's up also.  

All the events you show simple tell me that either the service account is locked or the password expired.

jjeffordsAuthor Commented:
Also one more thing to add to all of this. When the machine is booting and it is showing the Applying computer settings, etc etc etc
It also now says Active Directory is now reloading indicies or something similar to that...
Any clue as to what could be causeing this?
Also i can still log into the server with the Administrator account as long as i am in Safe Mode. But if i am not in safe mode i cannot even get past Ctrl Alt Del
It just leaves me sitting there and no matter how many times i hit it. It goes no where. It doesnt matter what account i use it will not let me log in. I mean any domain account i try would not let me in. Then when i rebooted it wont let me past the ctrl alt delete
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Jjefford, that's the one predictable part of this:  AD absolutely will not run without DNS.

Sounds like there is an AD database corruption.  The file that holds AD is NTDS.DIT.

Here is an article to help troubleshoot:;en-us;258062


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Yes, as nihlcat mentions, your DNS could be the culprit too if something changed and AD cannot use it.

jjeffordsAuthor Commented:
Would any of these reasons cause you not to be able to get past the Ctrl Atl Del screen ??
This one i cant figure out to save my life....
Unless i go to Safe Mode i cannot even execute ctrl alt del
Joseph OLoughlinIT Support SpecialistCommented:
Hi jjeffords,
You may have denied yourself permissions to log in locally.
usual disclaimers apply
Start your computer in to Safe mode with networking support.
Log on as the administrator.
Start the Active Directory Users and Computers snap-in, expand Local Users and Groups, and then expand Users.
Right-click Administrator, and then click Enable Account.
Restart your computer.
If you cant logon have you tried starting using Last Know Good Configuration?

You can also restore the registry by doing the following:

Using Recovery Console to Restore the Registry Keys HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE
If the previously discussed recovery methods do not enable you to start Windows you can try replacing the System and Software files, which are in the systemroot\System32\Config folder, with a backup copy from the systemroot\Repair folder. The System and Software files are used by Windows to create the registry keys HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE. A corrupted copy of the System or Software file could prevent you from starting Windows.

Try other recovery methods before using the manual procedure that follows. The manual procedure enables you to start the operating system, allowing you to perform further repairs by using Windows.

When using the following procedure, do not replace both the System and Software files as part of a single attempt to start the computer. First, replace one file, and then test whether this action resolves the startup problem. If the problem persists, copy the other file. Which file you decide to replace first (the System or Software file), depends on the information that the Stop error displays (hardware or software related).

Using Recovery Console to replace the System file

At the Recovery Console prompt, locate the config folder by typing:
cd system32\config

Create backups of the System or Software files by typing:
copy system <drive:\path\filename>


copy software <drive:\path\filename>

If they exist, save backups of other files that use file names that start with "system" or "software," such as System.sav or Software.sav.

Replace the current System or Software file by typing:
copy ..\..\repair\system


copy ..\..\repair\software

Answer the Overwrite system? (Yes/No/All): prompt by pressing Y.
Restart the computer.
What type of keyboard are you using?  Have you changed it recently?

Do you see any i8042prt errors in the Event Logs?

Thanks, but did it actually help?

Troubleshooting blind is a hard thing and I hope that something above helped fix your issue.  Can you please let us know if you were successful at fixing this with our assistance or if you figured it out on your own.  

If you did figure it out on your own, we would love to have you share your fix - it helps us learn too!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.