Solved

Windows Storage Server 2003 lsass.exe can't log in after password change

Posted on 2010-11-12
7
1,107 Views
Last Modified: 2012-06-27
Experts,

We have a 2003 storage server that we had to join to a new domain, well we failed to realize that we did not know the local admin account password to log in after the disjoin. We popped in a Trinity Rescue Kit Cd to reset/blank the password but now upon boot we get the below error, and when we try to boot into safe mode it does the same thing. What options do we have?


0
Comment
Question by:smarin820
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:tstritof
ID: 34125521
Hi,

could you please explain what error are you referring to, I can't find anything attached to your post.

Regards,
Tomislav
0
 

Author Comment

by:smarin820
ID: 34125590
Oh snap, I dont know why the image did not post. trying again;

http://i794.photobucket.com/albums/yy221/appzattak/IMG_20101112_144545.jpg
0
 
LVL 7

Expert Comment

by:tstritof
ID: 34127134
Have you attempted system recovery or system repair? I've had a similar problem once on XP and after doing some research I've decided to wipe and rebuild the machine since there was nothing of great importance on the disk that would justify the alternate solutions.

Here are some of the solutions that were suggested:
- system recovery,
- repair install (sometimes with chkdisk applied in the process),
- reinstall (to the same folder as previous Windows installation) with creation of new admin user in the process,
- various manual procedures for recovery of sytem files - some suggested by MS (like this KB307545), some not - mostly applied with partial success.

The option you decide to follow should take into account the following:
- you were planning to move the server to a new domain in the first place, and have already taken it out of the old domain, so no user accounts or profiles on the server need to be preserved for the future,
- since this is the storage server there are probably files there that need to be salvaged - this is the most important criteria to satisfy in any solution scenario,
- the OS install itself is important only if necessary to recover the data stored on the server, and can be reinstalled or whatever as long as it doesn't compromise the possibility to recover the data,
- to ensure the possibility of recovering your data backing up the contents of your drives would be a good thing to do if not already done
- if you don't have a backup of the data and can't boot to Windows to perform a normal backup I'm guessing that this server had some kind of "hardware" redundancy (like RAID1, RAID1+0, or RAID5)
- if you do have some of the above RAID configurations you should have the option to create additional copies of your data without booting to Windows "simply" by introducing empty replacement discs into your RAID array and thus creating a copy of your server on a new set of drives - this is not a risk-free operation and I suggest that you take that path ONLY if you know EXACTLY how to do this,
- after you have your data backed up and safe, you can try doing whatever necessary on the server to gain access to the data - I suggest contacting MS support and explaining exactly how you got into the situation - however if you have time and will on your hands you can try some of the solutions above (my favorite being "inplace" reinstall of Windows).

Regards,
Tomislav
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 5

Expert Comment

by:9660kel
ID: 34127737
I agree that backing up first is a really good idea for this situation.

You might also consider re-running the password tool and assigning an actual password to the admin account, as it is not designed to run without one.

If that is not an option with your utility, I can dig one up for you.
0
 
LVL 5

Expert Comment

by:9660kel
ID: 34127848
Here's a brief overview of your problem, without any malfunction from the password utility there is:
(1) A service that depended on the admin creds to run, now has no permissions.

(2) The admin account is being blocked because it has no password.

(3) files needed to run were encrypted by the admin account, and changing the password has killed the hash.

If the utility coughed a furball, you might have a corrupted SID database.


Some of this might be corrected with a repair install, but not an encryption issue or a bad SID database. (might help, but no guaranties)

How to proceed is mostly dependent on the value of the data and configuration settings on the server. If the configuration and data just aren't very important to you, it's probably faster to wipe the system and re-load it.

If the data is the only important thing on the server, use a utility like clonezilla to copy the data to a separate drive before wiping. (requires an extra hard drive big enough to hold the data, and enough understanding to pick out the drive you want to copy)
0
 

Accepted Solution

by:
smarin820 earned 0 total points
ID: 34364844
We ended up restoring a backup image of the server to resolve this.
0
 

Author Closing Comment

by:smarin820
ID: 34391769
This was fixed by restoring a backup image of the server
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question