Solved

URGENT!  SBS 2003 issues - NO ADMIN ACCESS!

Posted on 2013-06-04
12
383 Views
Last Modified: 2013-06-17
SBS 2003 server, R2 I believe, last week the HDD got completely full - 0 bytes available space (Symantec Enterprise Protection old virus def files).

When trying to fix that problem, it would not accept my normal Admin login - said it "could not load user profile" I think?  I finally got in, but it said it was creating a new profile (or something to that effect), and it did look like a new user desktop - some of my icons were gone.

I also now see two user folders with my name - one just "Clay" which I think is my original one, and one "Clay.GCF.Local.000" which I suspect is the new one that got created?

I was able to delete the Symantec files & now have about 10g free space on the C drive.  

Other users (workstations) have had no problems running their apps and accessing server data (which is on D drive, not C), but yesterday on MY workstation I noticed the domain tree under Network in Win Explorer was missing - it just wasn't there.  Thinking it was something awry on my workstation, I removed myself from the domain & joined a workgroup in the hopes that subsequently rejoining the domain would resolve the issue.

It didn't - now I can't rejoin the domain at all - says my credentials are not recognized.

That's when I went to the server, and cannot login with either of the two Admin accounts I had (Clay and Administrator) - both just say "System cannot log you on"... credentials not recognized.

I can logon with a non-admin user I have called Manager, but of course I can't get to any management settings.

May or may not be related, but same time these issues appeared, the logon dialog box looks weird - name, password, and domain input fields are a darker color, can't read their contents unless select whatever is in them with the mouse.  Strange.

I've done a restart of course - and also a complete shutdown - no change.

I have limited system backups, but I do have some.  Three days worth made with the internal backup utility, not sure if that's gonna get me back far enough (before the disk full issue) - I don't think it will.

(If it sounds like I'm a little scattered here.... my first grandchild was born Saturday night... the last few days have been a whirlwind and I haven't had much sleep!).

When I loaded the backups yesterday to see what I had, I saw the ones from last 3 days and also some much older ones - about a year old - that are not in the folder I have backups aimed at now, not sure where they are on the disk but if the b/u utility sees them they should be there somewhere, right?

Haven't tried restoring the System State from one yet, that was my thought but want help from you guys first.

DISCLAIMER: I am not a "real tech guy" - no formal training, just many long nights sitting in front of a screen and throwing darts, but I am pretty decent at it, basically have been my own IT guy for the last 15 years, so I'm quite comfortable "under the hood", but not a true "expert".

Any and all thoughts appreciated - PLEASE HELP!!!!

cricketman
0
Comment
Question by:cricketman
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 39218941
See MVP Dana Epp's series at Scorpion Software on cracking the admin password.  It's FRIGHTENINGLY EASY to reset your server's domain admin password and should take 5 minutes or so.  NOTE: This is why PHYSICAL SECURITY is JUST AS IMPORTANT as a strong password.

It's video 105 on the playlist.
 http://www.scorpionsoft.com/videos/crackthecred/
0
 

Author Comment

by:cricketman
ID: 39218990
Thanks for the quick reply!

WOW.... kind of scary that it could be that easy, and you're right - it highlights why physical security is important!

I will try this tonight (I'm going to stay out & let my office gals do their regular work today).

Meanwhile... any other ideas from anyone else are appreciated, would like to have multiple tools in my bag when I tackle this tonight!!

Thanks....

cricketman
0
 
LVL 7

Expert Comment

by:JardaCZ
ID: 39219033
Hello cricketman,

I monitor this post and wish you good luck!

Try to remember local administrator (Directory Services Restore Mode password) and restore AD:
http://support.microsoft.com/kb/258062/en-us


Regards,
Jarda
0
 

Author Comment

by:cricketman
ID: 39220764
Not having any luck.

Cannot get the server to boot from the SBS 2003 CD.  I have TWO CD's... one is a Microsoft, the other a Dell, neither will boot.  Tried w/o initiating the boot menu with F11 and it just flies right by and boots from the HDD, also tried  initiating the boot menu with F11 and then choosing CD drive from the list to boot from, but system still boots from the HDD.

Went into SETUP, the CD drive is listed first in boot order (HDD 2nd, Dell RD 1000 removable drive 3rd).

In researching today, came across references to Powersuite Utilities by SPOTMAU, purchased it, DID get machine to boot from that CD.  Ran their password reset utility (which is supposed to  work for all versions of Windows 2003)... it APPEARED to work (said it completed successfully), restarted machine, no dice - still cannot login as Administrator.

Perhaps important?... the SPOTMAU utility only saw 2 users to let me pick from to reset  password - Administrator, and Guest.  Did not show the user "Manager" that IS still active - I CAN login as Manager, but that user doesn't have admin privileges so I can't do much.

Is there a way to give Manager admin privs so I can use it to create another new user for myself?

Will have to let my office gals do their work tomorrow, so won't be  able to try more things till tomorrow night.

Any other ideas?

Any thoughts on why it won't boot from either SBS 2003 CD?

cricketman
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39220773
Do not boot from the 2003 CD - it probably doesn't have drivers installed to see the drive.  Boot from a Windows 7 or Vista or Windows 8 or 2008 DVD.  Or create a flash drive.  I don't know where you got your 2003 CD... or how it might have been burned.
0
 
LVL 7

Expert Comment

by:JardaCZ
ID: 39221255
Before OS boots, press F8 and choose active directory restore mode. You will be asked for local administrator password. Than you will be able to restore AD.

Jarda
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Assisted Solution

by:Gary Coltharp
Gary Coltharp earned 50 total points
ID: 39221905
The password reset utility will not work because this is a domain controller. Those utilities just change/reset passwords in the hive file. The accounts you are having difficulty with are in active directory.
0
 

Assisted Solution

by:cricketman
cricketman earned 0 total points
ID: 39224175
My two SBS 2003 CD's are an original Microsoft and an OEM one from Dell.  Both say SBS 2003 R2.

I do have couple Windows 7 64 bit disks, can try to boot from them - and you mean just to try Epp's password reset trick, right?

If that trick is just for the local admin password and not the AD domain admin pw, I assume it really won't help me either though (but will prob still try since it seems "less invasive").

I found an AD Domain pw change method here:

http://www.petri.co.il/reset_domain_admin_password_in_windows_server_2003_ad.htm

... may try that tomorrow after office closes.

Hoping to avoid the AD restore since I really think the bkf files I have with system state don't go back far enough to get me "before" this problem.  But will try anyway if PW reset thing doesn't work.

Absolute last resort will be to blow all away & completely rebuild the SBS machine, something that I really don't WANT to do, but... may not have a choice.

Will report back to you guys after I try tomorrow evening... meanwhile please keep any new ideas coming!

Thanks guys for all your suggestions so far!!!

cricketman
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39225462
Epp's method will work on the domain controller if you can boot to the CD successfully to gain recovery console access. The other bootable password reset utilities will not.

The Petri method is a little more lengthy. It is how I have done it in the past, but I will certainly be using Epp's method from now on (Brilliant).

The dell badged disc should say "disc 1" or Small Business Server 2003 or something.... and should be your bootable install media. Blow out your CD tray with compressed air if you havent read a lot of discs in it, the optical pickup may be dirty.

HTH

Gary
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39225473
BTW: You may need to create a driver disk for your storage controller if the SBS 2003 media boots but doesnt see your installation. F6 at the load screen and load the driver from a <cough> diskette. Assuming your server has one of those...they are becoming increasingly rare.
0
 

Accepted Solution

by:
cricketman earned 0 total points
ID: 39242440
Finally got the issue resolved.

I VERY MUCH appreciate all the advice you experts gave me, but in the end, no suggestions I received proved to be the actual solution.

I called a local tech company, their technician spent 11.5 hours here last Friday night, and finally got things resolved.  Thinking Dana Epp's method would do the trick he tried that (I had already tried it with no joy), but it didn't work for him either.  In the end, he used the Pteri method that I referenced in a previous comment of running a script that set the domain admin pw at boot up, and THAT finally got us in.

What we discovered was VIRUS - LOTS of virus infected files.  When we got Symantec Endpoint Protection reinstalled (something - the virus we assume - had completely removed SEP from the machine!) it presented as a variant of the Wapomi! virus.  And it was quite effective.  Scans on the server found literally thousands of infected files.

The good news is that the files were easily cleaned, and I really didn't lose any data, just the $1,000+ the tech guy cost me!

THANKS to all who helped.  I will award some points to comments that proved to be helpful in at least keeping me pointed in the right direction even if they didn't actually present the final solution.

Thanks again!!

cricketman
0
 

Author Closing Comment

by:cricketman
ID: 39252598
Comment explains situation
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now