Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2524
  • Last Modified:

12293 Event Log error source SAM (Duplicate SID deleted)

I am having an issue I haven't seen before and can't find information on. I have a two DC network that was fine until we moved it to a different location and changed IP's on the network.

The first weekend we had it up at the new location we got errors similar to the ones below and ended up losing about 6 objects in AD due to the situation. It disapeered after that and didn't come back until this week when we joined a few new computers to the domain. One of them aparently grabbed the same SID as an account that has existed since day one on the domain.

Anyway, all I can find is the following article about it which tells how to check for more duplicates, which there weren't the last time it happend and aren't now. It doesn't tell you how to check for and fix the problem. It mentions that it can happen if the roles are seized, or if one of the master's is down for awhile, but to my knowledge this hasn't happened.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315062

If anyone has any information other than the above article I would appreciate it if you could forward it to me via a reply to this post before I lose an account I can't recover.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The Distinguished Name of the account is CONFERENCEROOM\0ADEL:913f77ba-4d49-4f42-a96b-6633eca5f692,CN=Deleted
Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the
event log for additional duplicates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The

Distinguished Name of the account is CN=Jeff

Kisner\0ADEL:f0b72e97-cbb9-4121-b47c-506c1ba69d14,CN=Deleted

Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the

event log for additional duplicates.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Thanks,

Ashley Heaton
aheaton*nospam*@nex-tech.com
0
nextech01
Asked:
nextech01
1 Solution
 
Kini pradeepPrincipal Cloud and security consultantCommented:
well the article does describe how to cheeck and delete the duplicate sid using ntdsutil which is in the support tools, i have however seen instances of duplicate sid when we cloned the winxp clients as well as some servers, however it gave errors but did not delete and accounts, we resolved it using a sysinternal tool called newsid. this utility would generate a random sid for the computer account when run on the client computer, it requires a reboot after newsid is run.

http://www.sysinternals.com/ntw2k/source/newsid.shtml 

0
 
nextech01Author Commented:
We do indeed use cloned workstations in this environment but not servers. We also run sysprep on the clones that effectively changes the SID of the machine before it's introduced into the network. The other thing against that possibility is that this particular laptop that caused the issue isn't a clone because it was the first model of it's type. We used it to make an image but the machine itself was setup from scratch.

Thanks,

Ashley
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now