Recently, I found out that one of my systems have detected a very dangerous worm (Conficker). Also, I have noticed that on almost all my server, the SERVER services keep stopping which is preventing my users to access network resources.
Currently, I have created a batch file using NET VIEW to query the devices and make sure I am aware of a drop in connectivity. However, patching the servers resolved the SERVER services issue.
But now I am having issue with my DC, please find the event log entry below:
EVENT ID: 12294
The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
1. How can I narrow down the client where it is trying to connect from and
2. The Conflicker worm - any ideas on how to resolve it.
Your help is greatly appreciated....