Change of Domain password, now I get an error in event log

Posted on 2008-01-31
Medium Priority
Last Modified: 2008-05-31
I have recently changed the Domain administrator password that we use to log onto servers, run backups etc...Since changing this password I now get the following error in the Event log relating to Group Policy

Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hsfc,DC=hpoolsfc,DC=ac,DC=uk. The file must be present at the location <\\hsfc.hpoolsfc.ac.uk\sysvol\hsfc.hpoolsfc.ac.uk\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you. ). Group Policy processing aborted.

The account in question is being locked out every five minutes so obviously something is trying to access it with its old password. Does anyone have any ideas what I need to change in order to stop the above error from occurring?

Question by:brookesm

Accepted Solution

FC01 earned 2000 total points
ID: 20788853
Do you leave your servers\workstations logged in as administration.  If so, have you logged out of all your machines and  logged back in with the new password.  Also, do you have any services or scheduled jobs set to start with the admin account?
LVL 10

Expert Comment

ID: 20788863
You must be using the administrator account for a service somewhere.  

You can use the program EventCombNT to figure out which account or which server this is happening on.
LVL 70

Expert Comment

ID: 20788910
Problems like this can occur id you have setup services or scheduled tasks to run under the Administrator credentials, since the password has now changed the service/task is unable to authenticate. Best practice dictates that to create dedicated accounts for services/tasks and set the password and account to "does not expire"

You will need to locate the service/task and change the credentials, the event log should indicate where the problem is - look for an account logon failure

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question