none
Server 2003 active directory - user accounts get locked RRS feed

  • Question

  • Hi,

    I am new to this forum and i hope im posting in the correct forum.

    I have a critical issue with my AD, is running on Server 2003, functional level is 2000 native. only 2 domain controllers,

    Since last 5 days, many users' (randomly) accounts getting locked automatically. I am getting the system event on one DC as 12294

    "the SAM database was unable to lock out the account of Administrator due to a resource error, such as hard disk write failure (the specific error is in the error data). Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above"

    I have around 100 user IDs and this happends to many users simultaniously including domain admins.

    Ideas please.

    Thanks
    Wednesday, February 11, 2009 10:54 AM

Answers

  • Hello,

     

    Unexpected user Account Lockouts can be a virus issue Please refer the following KB  http://support.microsoft.com/kb/887433/en-us?spid=3198&sid=515


    Listed below are the Common issues which can cause the above issue 

    1. Applications using cached credentials that are stale.
    2. Stale service account passwords cached by the Service Control Manager (SCM).
    3. Stale logon credentials cached by Stored User Names and Passwords in Control Panel.
    4. Scheduled tasks and persistent drive mappings that have stale credentials.
    5. Disconnected Terminal Service sessions that use stale credentials.
    6. Failure of Active Directory replication between domain controllers.
    7. Users logging into two or more computers at once and changing their password on one of them.
    I advice you download Account Lockout and Management Tools from the below link and start trouble shooting.

    http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en


    Thanks and Hope it helps

    Syed Khairuddin
    Thursday, February 12, 2009 6:24 AM

All replies

  • Check your network for virus !

    "the SAM database was unable to lock out the account of Administrator..." is a feature - be happy for it.


     - Duelund
    Wednesday, February 11, 2009 12:15 PM
  • Hello,

     

    Unexpected user Account Lockouts can be a virus issue Please refer the following KB  http://support.microsoft.com/kb/887433/en-us?spid=3198&sid=515


    Listed below are the Common issues which can cause the above issue 

    1. Applications using cached credentials that are stale.
    2. Stale service account passwords cached by the Service Control Manager (SCM).
    3. Stale logon credentials cached by Stored User Names and Passwords in Control Panel.
    4. Scheduled tasks and persistent drive mappings that have stale credentials.
    5. Disconnected Terminal Service sessions that use stale credentials.
    6. Failure of Active Directory replication between domain controllers.
    7. Users logging into two or more computers at once and changing their password on one of them.
    I advice you download Account Lockout and Management Tools from the below link and start trouble shooting.

    http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en


    Thanks and Hope it helps

    Syed Khairuddin
    Thursday, February 12, 2009 6:24 AM
  • Looks like W32/Conficker type virus, i'll confirm after some testing

    Thanks all there,

    Chandika
    Thursday, February 12, 2009 6:29 AM