Solved

Windows Storage Server 2003 lsass.exe can't log in after password change

Posted on 2010-11-12
7
1,091 Views
Last Modified: 2012-06-27
Experts,

We have a 2003 storage server that we had to join to a new domain, well we failed to realize that we did not know the local admin account password to log in after the disjoin. We popped in a Trinity Rescue Kit Cd to reset/blank the password but now upon boot we get the below error, and when we try to boot into safe mode it does the same thing. What options do we have?


0
Comment
Question by:smarin820
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:tstritof
Comment Utility
Hi,

could you please explain what error are you referring to, I can't find anything attached to your post.

Regards,
Tomislav
0
 

Author Comment

by:smarin820
Comment Utility
Oh snap, I dont know why the image did not post. trying again;

http://i794.photobucket.com/albums/yy221/appzattak/IMG_20101112_144545.jpg
0
 
LVL 7

Expert Comment

by:tstritof
Comment Utility
Have you attempted system recovery or system repair? I've had a similar problem once on XP and after doing some research I've decided to wipe and rebuild the machine since there was nothing of great importance on the disk that would justify the alternate solutions.

Here are some of the solutions that were suggested:
- system recovery,
- repair install (sometimes with chkdisk applied in the process),
- reinstall (to the same folder as previous Windows installation) with creation of new admin user in the process,
- various manual procedures for recovery of sytem files - some suggested by MS (like this KB307545), some not - mostly applied with partial success.

The option you decide to follow should take into account the following:
- you were planning to move the server to a new domain in the first place, and have already taken it out of the old domain, so no user accounts or profiles on the server need to be preserved for the future,
- since this is the storage server there are probably files there that need to be salvaged - this is the most important criteria to satisfy in any solution scenario,
- the OS install itself is important only if necessary to recover the data stored on the server, and can be reinstalled or whatever as long as it doesn't compromise the possibility to recover the data,
- to ensure the possibility of recovering your data backing up the contents of your drives would be a good thing to do if not already done
- if you don't have a backup of the data and can't boot to Windows to perform a normal backup I'm guessing that this server had some kind of "hardware" redundancy (like RAID1, RAID1+0, or RAID5)
- if you do have some of the above RAID configurations you should have the option to create additional copies of your data without booting to Windows "simply" by introducing empty replacement discs into your RAID array and thus creating a copy of your server on a new set of drives - this is not a risk-free operation and I suggest that you take that path ONLY if you know EXACTLY how to do this,
- after you have your data backed up and safe, you can try doing whatever necessary on the server to gain access to the data - I suggest contacting MS support and explaining exactly how you got into the situation - however if you have time and will on your hands you can try some of the solutions above (my favorite being "inplace" reinstall of Windows).

Regards,
Tomislav
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 5

Expert Comment

by:9660kel
Comment Utility
I agree that backing up first is a really good idea for this situation.

You might also consider re-running the password tool and assigning an actual password to the admin account, as it is not designed to run without one.

If that is not an option with your utility, I can dig one up for you.
0
 
LVL 5

Expert Comment

by:9660kel
Comment Utility
Here's a brief overview of your problem, without any malfunction from the password utility there is:
(1) A service that depended on the admin creds to run, now has no permissions.

(2) The admin account is being blocked because it has no password.

(3) files needed to run were encrypted by the admin account, and changing the password has killed the hash.

If the utility coughed a furball, you might have a corrupted SID database.


Some of this might be corrected with a repair install, but not an encryption issue or a bad SID database. (might help, but no guaranties)

How to proceed is mostly dependent on the value of the data and configuration settings on the server. If the configuration and data just aren't very important to you, it's probably faster to wipe the system and re-load it.

If the data is the only important thing on the server, use a utility like clonezilla to copy the data to a separate drive before wiping. (requires an extra hard drive big enough to hold the data, and enough understanding to pick out the drive you want to copy)
0
 

Accepted Solution

by:
smarin820 earned 0 total points
Comment Utility
We ended up restoring a backup image of the server to resolve this.
0
 

Author Closing Comment

by:smarin820
Comment Utility
This was fixed by restoring a backup image of the server
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now