Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

SBS 2008 Local Admin Login

We have a client with an SBS 2008 server that is not allowing users to login. There are two domain admin accounts and neither one of those are working when booting into Normal Mode. Yet they both work when booting into Safe Mode with Networking. When trying to login to Normal Mode get an error about invalid username or password.

We have followed these directions http://social.technet.microsoft.com/Forums/sk-SK/winserverDS/thread/172eb4bb-a8df-42ce-a1c7-472d33dc210a and determined that the NTDS.dit file was corrupt. We have restored it from a backup and made it through these steps with no problems. On step 9 after going into NTDSUTIL we do have to enter ACTIVATE INSTANCE NTDS before FILES will work.

Any assistance would be greatly appreciated

Greg
0
grevels
Asked:
grevels
  • 5
  • 5
1 Solution
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It sure would help if you provided the actual errors you are getting rather than the solution you chose to implement.

Jeff
TechSoEasy
0
 
grevelsAuthor Commented:
Jeff,

The error is no one can logon to the server. Even the two domain admin accounts are not working when booting into Normal mode, but they work in Safe Mode.

Thanks,

Greg
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
There should still be an error message event logged in the Server's System Log file regarding these failed log in attempts.

Please log in via safe mode and take a look.

Jeff
TechSoEasy
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
grevelsAuthor Commented:
Jeff,

Here is the System log and the Directory Services log. I had to filter the System log If you need to see anything else just let me know.

Thanks,

Greg
Directory-Services.xml
System.xml
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Okay, please review the suggestions in this thread:
http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/8b11b132-a145-4f81-91b7-9cbb685a0370

These are more specific to SBS.

Jeff
TechSoEasy
0
 
grevelsAuthor Commented:
Thanks for the link. I will review my notes at the office, but it seems like I have done all of this. I know I found the error about deleting the registry key and I have done that. I will make sure that the key did not repopulate from trying another repair of the ntds.dit file though.

Greg
0
 
grevelsAuthor Commented:
Jeff,

When I got in this morning the server was in Safe Mode with Networking. I checked the registry and that entry was there so I deleted it. I restarted in Normal Mode and was unable to login still. The only procedure I had not tried was the ntds defrag. I rebooted into DSRM and followed the steps to defrag ntds.dit. I then checked the registry again and deleted that key again. I rebooted into Normal Mode and still cannot login. I am going to clear the event logs and start with some fresh ones to see if I can see why that key keeps getting added back to the registry.

Thanks,

Greg
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
The key will always be recreated -- the reason to delete it is to automatically repair the database.  

Do you have a backup which may have a good copy of the NTDS file?

Jeff
TechSoEasy
0
 
grevelsAuthor Commented:
Jeff,

I do not have a backup. We have gotten the customer up on other hardware and just created a new domain since it was less than ten users. Without a backup of the NTDS folder do you think this is salvageable? This is just for my knowledge at this point.

Thanks,

Greg
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It might be if you followed this article: http://support.microsoft.com/kb/816120

Alternatively you may be able to just create a new Admin account while logged in in Safe Mode.

Jeff
TechSoEasy
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now