Windows 2008 Errors

I have a Windows 2008 domain contoller & it has started throwing numerous event ID 12294:

The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

This server is also a FSMO role holder & a WSUS server. Has anyone seen this? I rebooted the server & it is still doing this...any ideas?
LVL 15
Who is Participating?
BlueComputeConnect With a Mentor Commented:
The error message is misleading - the reason the SAM database was unable to lock out the account is not a resource error, it is because the Administrator account cannot be locked out - you'd be stuffed if it was your last administrator account and it got locked out.

This is usually a sign that the server is subject to a brute-force attack - what services do you have exposed to the internet?  RDP, Exchange, IIS?  You should be able to confirm this by looking in the security log for a large number of authentication failures for the administrator account.
Venugopal NCommented:
wantabe2Author Commented:
Doesn't help any...can't disable the admin account.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

wantabe2Author Commented:
There are no services as such exposed to eh outside world. This is just an internal LAN server that holds the following roles:

WSUS, Domain Controller, DNS server

I've ran a full virus scan & found nothing. There are no authentication failures in the security log. Still getting there same event around 4 or 5 events per minute.
wantabe2Author Commented:
I've looked in the netlogon.log file to see if there where any clients trying to log on as the administrator but I see no bad password logged....
Sarang TinguriaSr EngineerCommented:
Follow this

Troubleshooting Account Lockout

Troubleshooting account lockout the PSS way

Below link is of specific tool which removes the Kido Virus found majorly producing such issues
Go to "Protection measures":->

You may check security event logs if auditing is enable to see which machine is generating bad password requests
wantabe2Author Commented:
I checked the log & discovered which clinet was trying to authenticate to the DC.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.