Solved

12293 Event Log error source SAM (Duplicate SID deleted)

Posted on 2006-07-20
4
2,414 Views
Last Modified: 2008-01-09
I am having an issue I haven't seen before and can't find information on. I have a two DC network that was fine until we moved it to a different location and changed IP's on the network.

The first weekend we had it up at the new location we got errors similar to the ones below and ended up losing about 6 objects in AD due to the situation. It disapeered after that and didn't come back until this week when we joined a few new computers to the domain. One of them aparently grabbed the same SID as an account that has existed since day one on the domain.

Anyway, all I can find is the following article about it which tells how to check for more duplicates, which there weren't the last time it happend and aren't now. It doesn't tell you how to check for and fix the problem. It mentions that it can happen if the roles are seized, or if one of the master's is down for awhile, but to my knowledge this hasn't happened.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315062

If anyone has any information other than the above article I would appreciate it if you could forward it to me via a reply to this post before I lose an account I can't recover.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The Distinguished Name of the account is CONFERENCEROOM\0ADEL:913f77ba-4d49-4f42-a96b-6633eca5f692,CN=Deleted
Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the
event log for additional duplicates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type:      Error
Event Source:      SAM
Event Category:      None
Event ID:      12293
Date:            7/20/2006
Time:            4:18:20 PM
User:            S-1-5-21-4106901455-2021588547-2731152627-1611
Computer:      NTWAPP
Description:
There are two or more objects that have the same SID attribute in the SAM database. The

Distinguished Name of the account is CN=Jeff

Kisner\0ADEL:f0b72e97-cbb9-4121-b47c-506c1ba69d14,CN=Deleted

Objects,DC=nextechwireless,DC=internal. All duplicate  accounts have been deleted. Check the

event log for additional duplicates.

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

Thanks,

Ashley Heaton
aheaton*nospam*@nex-tech.com
0
Comment
Question by:nextech01
4 Comments
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
ID: 17156513
well the article does describe how to cheeck and delete the duplicate sid using ntdsutil which is in the support tools, i have however seen instances of duplicate sid when we cloned the winxp clients as well as some servers, however it gave errors but did not delete and accounts, we resolved it using a sysinternal tool called newsid. this utility would generate a random sid for the computer account when run on the client computer, it requires a reboot after newsid is run.

http://www.sysinternals.com/ntw2k/source/newsid.shtml 

0
 

Author Comment

by:nextech01
ID: 17156810
We do indeed use cloned workstations in this environment but not servers. We also run sysprep on the clones that effectively changes the SID of the machine before it's introduced into the network. The other thing against that possibility is that this particular laptop that caused the issue isn't a clone because it was the first model of it's type. We used it to make an image but the machine itself was setup from scratch.

Thanks,

Ashley
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question