wantabe2
asked on
Windows 2008 Errors
I have a Windows 2008 domain contoller & it has started throwing numerous event ID 12294:
The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
This server is also a FSMO role holder & a WSUS server. Has anyone seen this? I rebooted the server & it is still doing this...any ideas?
The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
This server is also a FSMO role holder & a WSUS server. Has anyone seen this? I rebooted the server & it is still doing this...any ideas?
ASKER
Doesn't help any...can't disable the admin account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There are no services as such exposed to eh outside world. This is just an internal LAN server that holds the following roles:
WSUS, Domain Controller, DNS server
I've ran a full virus scan & found nothing. There are no authentication failures in the security log. Still getting there same event around 4 or 5 events per minute.
WSUS, Domain Controller, DNS server
I've ran a full virus scan & found nothing. There are no authentication failures in the security log. Still getting there same event around 4 or 5 events per minute.
ASKER
I've looked in the netlogon.log file to see if there where any clients trying to log on as the administrator but I see no bad password logged....
Follow this
Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
Troubleshooting account lockout the PSS way
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
Below link is of specific tool which removes the Kido Virus found majorly producing such issues
http://support.kaspersky.com/1956
Go to "Protection measures":->kk.zip
You may check security event logs if auditing is enable to see which machine is generating bad password requests
Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
Troubleshooting account lockout the PSS way
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
Below link is of specific tool which removes the Kido Virus found majorly producing such issues
http://support.kaspersky.com/1956
Go to "Protection measures":->kk.zip
You may check security event logs if auditing is enable to see which machine is generating bad password requests
ASKER
I checked the log & discovered which clinet was trying to authenticate to the DC.
http://technet.microsoft.com/en-us/library/cc733228(v=ws.10).aspx