• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 462
  • Last Modified:

Windows 2003 SBS with SP2 services lose authentication randomly and at reboot

Problem: after a reboot or after a random period of time the passwords for the accounts use to run services seem to corrupt, vanish, or change inexplicably. The password still shows to be there in the service properties but if the service stops, or is stopped, it will give a logon error when a start is attempted. When you put the password back in it is fine. If you restart right after you put the password in it restarts fine. Only after time...

This seems to only affect services that require a user account for Authentication. Being SBS it is of course a DC. It also hosts Exchange 2003 SP2, and the latest Blackberry Server Express. The Blackberry services are the ones that usually have the issue and are currently using the BESAdmin account specifically created for it. However it does the same thing using Administrator and other domain admin accounts. It does this on other services than Blackberry as well.

We cannot use Local System, or any other generic account unfortunately for any of the services. I did change those I could and we have no longer had any issues for those services. I cannot seem to find anyone else with this issue. Any ideas?

0
olygraham
Asked:
olygraham
  • 4
  • 3
  • 2
1 Solution
 
Justin OwensITIL Problem ManagerCommented:
Those services should be using the BESAdmin account.  It should have the necessary rights on your DC and also have a password set to not expire.  It also needs to be granted permission to interact with the machine.  Do you see any events in your logs when this happens?

Justin
0
 
comphilCommented:
That's a really odd one and no mistake.  So does the problem not happen if you use the BESAdmin account on the Blackberry services or am I misreading that bit?

A few things to try - set a service to use the Local System account, restart the service and then change it back to a user again - then restart the service once more.  Make sure that user's password is not set to expire.

Second, check Group Policy settings for Local Security settings.  One post on Technet refers to a similar problem and the fix appeared to be related to this ("someone modified my Group Policy settings to remove the accounts from the Local Security Settings").

My first port of call would be the Windows event log for any clues, particularly the System, Application and Security logs (the last is huge and may take a bit of trawling through to find anything that might be relevant assuming you know an approx. date and time when it last happened).
0
 
comphilCommented:
Sorry Justin didn't mean to override your reply you got yours in while I was writing mine!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Justin OwensITIL Problem ManagerCommented:
No worries... Refresh strikes us all from time to time.
0
 
olygrahamAuthor Commented:
done
0
 
Justin OwensITIL Problem ManagerCommented:
Author requests a refund but never answered either questions asked by the two participating Experts after almost two months.  If the Author wants to delete the Question, that is his/her business, but if he/she wants a refund of points, he/she should respond to the Experts.
0
 
Justin OwensITIL Problem ManagerCommented:
This seems to be the case of an Author trying to clear a Question he/she abandoned.  My first choice would be for the Author to interact with the Experts and actually resolve the Question.  My second choice would be for the Author to post the actual resolution and accept it as a 0 point answer.  My third choice would be to delete the Question with no refund, as we normally would an abandoned Question.
0
 
olygrahamAuthor Commented:
Well - first - am unsure of how to just end the questions as I resolved it myself.  The issue really lies at the core of AD in the domain permissions
0
 
comphilCommented:
Could you expand on exactly what the resolution to this problem was?  I am intrigued as I've never come across this particular problem before, it'd be useful to have it recorded here for anyone else who comes across the same problem.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now