Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

12293 Event Log error source SAM (Duplicate SID deleted)

Posted on 2006-07-20
4
2,419 Views
Last Modified: 2008-01-09
I am having an issue I haven't seen before and can't find information on. I have a two DC network that was fine until we moved it to a different location and changed IP's on the network.

The first weekend we had it up at the new location we got errors similar to the ones below and ended up losing about 6 objects in AD due to the situation. It disapeered after that and didn't come back until this week when we joined a few new computers to the domain. One of them aparently grabbed the same SID as an account that has existed since day one on the domain.

Anyway, all I can find is the following article about it which tells how to check for more duplicates, which there weren't the last time it happend and aren't now. It doesn't tell you how to check for and fix the problem. It mentions that it can happen if the roles are seized, or if one of the master's is down for awhile, but to my knowledge this hasn't happened.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315062

If anyone has any information other than the above article I would appreciate it if you could forward it to me via a reply to this post before I lose an account I can't recover.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The Distinguished Name of the account is CONFERENCEROOM\0ADEL:913f77ba-4d49-4f42-a96b-6633eca5f692,CN=Deleted
Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the
event log for additional duplicates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The

Distinguished Name of the account is CN=Jeff

Kisner\0ADEL:f0b72e97-cbb9-4121-b47c-506c1ba69d14,CN=Deleted

Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the

event log for additional duplicates.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Thanks,

Ashley Heaton
aheaton*nospam*@nex-tech.com
0
Comment
Question by:nextech01
4 Comments
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
ID: 17156513
well the article does describe how to cheeck and delete the duplicate sid using ntdsutil which is in the support tools, i have however seen instances of duplicate sid when we cloned the winxp clients as well as some servers, however it gave errors but did not delete and accounts, we resolved it using a sysinternal tool called newsid. this utility would generate a random sid for the computer account when run on the client computer, it requires a reboot after newsid is run.

http://www.sysinternals.com/ntw2k/source/newsid.shtml 

0
 

Author Comment

by:nextech01
ID: 17156810
We do indeed use cloned workstations in this environment but not servers. We also run sysprep on the clones that effectively changes the SID of the machine before it's introduced into the network. The other thing against that possibility is that this particular laptop that caused the issue isn't a clone because it was the first model of it's type. We used it to make an image but the machine itself was setup from scratch.

Thanks,

Ashley
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used.

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question