Solved

Windows Storage Server 2003 lsass.exe can't log in after password change

Posted on 2010-11-12
7
1,118 Views
Last Modified: 2012-06-27
Experts,

We have a 2003 storage server that we had to join to a new domain, well we failed to realize that we did not know the local admin account password to log in after the disjoin. We popped in a Trinity Rescue Kit Cd to reset/blank the password but now upon boot we get the below error, and when we try to boot into safe mode it does the same thing. What options do we have?


0
Comment
Question by:smarin820
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34125521
Hi,

could you please explain what error are you referring to, I can't find anything attached to your post.

Regards,
Tomislav
0
 

Author Comment

by:smarin820
ID: 34125590
Oh snap, I dont know why the image did not post. trying again;

http://i794.photobucket.com/albums/yy221/appzattak/IMG_20101112_144545.jpg
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34127134
Have you attempted system recovery or system repair? I've had a similar problem once on XP and after doing some research I've decided to wipe and rebuild the machine since there was nothing of great importance on the disk that would justify the alternate solutions.

Here are some of the solutions that were suggested:
- system recovery,
- repair install (sometimes with chkdisk applied in the process),
- reinstall (to the same folder as previous Windows installation) with creation of new admin user in the process,
- various manual procedures for recovery of sytem files - some suggested by MS (like this KB307545), some not - mostly applied with partial success.

The option you decide to follow should take into account the following:
- you were planning to move the server to a new domain in the first place, and have already taken it out of the old domain, so no user accounts or profiles on the server need to be preserved for the future,
- since this is the storage server there are probably files there that need to be salvaged - this is the most important criteria to satisfy in any solution scenario,
- the OS install itself is important only if necessary to recover the data stored on the server, and can be reinstalled or whatever as long as it doesn't compromise the possibility to recover the data,
- to ensure the possibility of recovering your data backing up the contents of your drives would be a good thing to do if not already done
- if you don't have a backup of the data and can't boot to Windows to perform a normal backup I'm guessing that this server had some kind of "hardware" redundancy (like RAID1, RAID1+0, or RAID5)
- if you do have some of the above RAID configurations you should have the option to create additional copies of your data without booting to Windows "simply" by introducing empty replacement discs into your RAID array and thus creating a copy of your server on a new set of drives - this is not a risk-free operation and I suggest that you take that path ONLY if you know EXACTLY how to do this,
- after you have your data backed up and safe, you can try doing whatever necessary on the server to gain access to the data - I suggest contacting MS support and explaining exactly how you got into the situation - however if you have time and will on your hands you can try some of the solutions above (my favorite being "inplace" reinstall of Windows).

Regards,
Tomislav
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 
LVL 5

Expert Comment

by:9660kel
ID: 34127737
I agree that backing up first is a really good idea for this situation.

You might also consider re-running the password tool and assigning an actual password to the admin account, as it is not designed to run without one.

If that is not an option with your utility, I can dig one up for you.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 34127848
Here's a brief overview of your problem, without any malfunction from the password utility there is:
(1) A service that depended on the admin creds to run, now has no permissions.

(2) The admin account is being blocked because it has no password.

(3) files needed to run were encrypted by the admin account, and changing the password has killed the hash.

If the utility coughed a furball, you might have a corrupted SID database.


Some of this might be corrected with a repair install, but not an encryption issue or a bad SID database. (might help, but no guaranties)

How to proceed is mostly dependent on the value of the data and configuration settings on the server. If the configuration and data just aren't very important to you, it's probably faster to wipe the system and re-load it.

If the data is the only important thing on the server, use a utility like clonezilla to copy the data to a separate drive before wiping. (requires an extra hard drive big enough to hold the data, and enough understanding to pick out the drive you want to copy)
0
 

Accepted Solution

by:
smarin820 earned 0 total points
ID: 34364844
We ended up restoring a backup image of the server to resolve this.
0
 

Author Closing Comment

by:smarin820
ID: 34391769
This was fixed by restoring a backup image of the server
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question