Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows 2008 Errors

Posted on 2013-01-22
7
402 Views
Last Modified: 2013-01-22
I have a Windows 2008 domain contoller & it has started throwing numerous event ID 12294:

The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.


This server is also a FSMO role holder & a WSUS server. Has anyone seen this? I rebooted the server & it is still doing this...any ideas?
0
Comment
Question by:wantabe2
7 Comments
 
LVL 11

Expert Comment

by:Venugopal N
ID: 38805447
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38805486
Doesn't help any...can't disable the admin account.
0
 
LVL 14

Accepted Solution

by:
BlueCompute earned 500 total points
ID: 38805553
The error message is misleading - the reason the SAM database was unable to lock out the account is not a resource error, it is because the Administrator account cannot be locked out - you'd be stuffed if it was your last administrator account and it got locked out.

This is usually a sign that the server is subject to a brute-force attack - what services do you have exposed to the internet?  RDP, Exchange, IIS?  You should be able to confirm this by looking in the security log for a large number of authentication failures for the administrator account.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 15

Author Comment

by:wantabe2
ID: 38805615
There are no services as such exposed to eh outside world. This is just an internal LAN server that holds the following roles:

WSUS, Domain Controller, DNS server

I've ran a full virus scan & found nothing. There are no authentication failures in the security log. Still getting there same event around 4 or 5 events per minute.
0
 
LVL 15

Author Comment

by:wantabe2
ID: 38805665
I've looked in the netlogon.log file to see if there where any clients trying to log on as the administrator but I see no bad password logged....
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38806791
Follow this

Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx

Troubleshooting account lockout the PSS way
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Below link is of specific tool which removes the Kido Virus found majorly producing such issues

http://support.kaspersky.com/1956
Go to "Protection measures":->kk.zip

You may check security event logs if auditing is enable to see which machine is generating bad password requests
0
 
LVL 15

Author Closing Comment

by:wantabe2
ID: 38806968
I checked the log & discovered which clinet was trying to authenticate to the DC.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question