Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Storage Server 2003 lsass.exe can't log in after password change

Posted on 2010-11-12
7
Medium Priority
?
1,151 Views
Last Modified: 2012-06-27
Experts,

We have a 2003 storage server that we had to join to a new domain, well we failed to realize that we did not know the local admin account password to log in after the disjoin. We popped in a Trinity Rescue Kit Cd to reset/blank the password but now upon boot we get the below error, and when we try to boot into safe mode it does the same thing. What options do we have?


0
Comment
Question by:Steve Marin
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34125521
Hi,

could you please explain what error are you referring to, I can't find anything attached to your post.

Regards,
Tomislav
0
 
LVL 1

Author Comment

by:Steve Marin
ID: 34125590
Oh snap, I dont know why the image did not post. trying again;

http://i794.photobucket.com/albums/yy221/appzattak/IMG_20101112_144545.jpg
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34127134
Have you attempted system recovery or system repair? I've had a similar problem once on XP and after doing some research I've decided to wipe and rebuild the machine since there was nothing of great importance on the disk that would justify the alternate solutions.

Here are some of the solutions that were suggested:
- system recovery,
- repair install (sometimes with chkdisk applied in the process),
- reinstall (to the same folder as previous Windows installation) with creation of new admin user in the process,
- various manual procedures for recovery of sytem files - some suggested by MS (like this KB307545), some not - mostly applied with partial success.

The option you decide to follow should take into account the following:
- you were planning to move the server to a new domain in the first place, and have already taken it out of the old domain, so no user accounts or profiles on the server need to be preserved for the future,
- since this is the storage server there are probably files there that need to be salvaged - this is the most important criteria to satisfy in any solution scenario,
- the OS install itself is important only if necessary to recover the data stored on the server, and can be reinstalled or whatever as long as it doesn't compromise the possibility to recover the data,
- to ensure the possibility of recovering your data backing up the contents of your drives would be a good thing to do if not already done
- if you don't have a backup of the data and can't boot to Windows to perform a normal backup I'm guessing that this server had some kind of "hardware" redundancy (like RAID1, RAID1+0, or RAID5)
- if you do have some of the above RAID configurations you should have the option to create additional copies of your data without booting to Windows "simply" by introducing empty replacement discs into your RAID array and thus creating a copy of your server on a new set of drives - this is not a risk-free operation and I suggest that you take that path ONLY if you know EXACTLY how to do this,
- after you have your data backed up and safe, you can try doing whatever necessary on the server to gain access to the data - I suggest contacting MS support and explaining exactly how you got into the situation - however if you have time and will on your hands you can try some of the solutions above (my favorite being "inplace" reinstall of Windows).

Regards,
Tomislav
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 5

Expert Comment

by:9660kel
ID: 34127737
I agree that backing up first is a really good idea for this situation.

You might also consider re-running the password tool and assigning an actual password to the admin account, as it is not designed to run without one.

If that is not an option with your utility, I can dig one up for you.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 34127848
Here's a brief overview of your problem, without any malfunction from the password utility there is:
(1) A service that depended on the admin creds to run, now has no permissions.

(2) The admin account is being blocked because it has no password.

(3) files needed to run were encrypted by the admin account, and changing the password has killed the hash.

If the utility coughed a furball, you might have a corrupted SID database.


Some of this might be corrected with a repair install, but not an encryption issue or a bad SID database. (might help, but no guaranties)

How to proceed is mostly dependent on the value of the data and configuration settings on the server. If the configuration and data just aren't very important to you, it's probably faster to wipe the system and re-load it.

If the data is the only important thing on the server, use a utility like clonezilla to copy the data to a separate drive before wiping. (requires an extra hard drive big enough to hold the data, and enough understanding to pick out the drive you want to copy)
0
 
LVL 1

Accepted Solution

by:
Steve Marin earned 0 total points
ID: 34364844
We ended up restoring a backup image of the server to resolve this.
0
 
LVL 1

Author Closing Comment

by:Steve Marin
ID: 34391769
This was fixed by restoring a backup image of the server
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question