Re: Event 12294 SAM error

Tech-Archive recommends: Fix windows errors by optimizing your registry

Well, the error code means "DS (Directory Services) is busy" - not much help
there. How about the user name - is it the same all the time? Is the
webserver a domain controller? Any other relevant events in the log? Also,
take a look at this page:
http://www.eksternkompetanse.no/blog/PermaLink,guid,576846a0-ac14-47d4-8057-c117a9e2ec1c.aspx

--
Adrian Grigorof
www.eventid.net


"Speaker Ender" <SpeakerEnder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5D3365C5-BA22-447E-8578-AC7DF48DB890@xxxxxxxxxxxxxxxx
Thanks for the link

Data:
Byte:
0000: a5 02 00 c0

Also of note these are running Windows Server 2003 SP1. Usually when
searching the notes suggest its a virus (like from that link) all 3 DCs we
have and the Webserver have been scanned with Symantec 9.0 (latest
definations) and nothing is found (and the articles usually state those
virus
effect Windows 2000).

Also it does not appear to be a case of someone trying to hack us, just
when
users are trying to sign into our site and mistyping their passwords.

"Adrian Grigorof" wrote:

What is the error code in the data portion of the event? There could be
several reasons for this and the code may narrow down the problem. See
also:


http://www.eventid.net/display.asp?eventid=12294&eventno=875&source=SAM&phase=1--Adrian
Grigorofwww.eventid.net"Speaker Ender"
<SpeakerEnder@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
messagenews:2657EEBC-6DBA-4049-85FA-9669701BFD40@xxxxxxxxxxxxxxxx> Has
anyone run into this and found a fix/workaround.>> We regularly recieve
the following error on several of our DCs:>> "The SAM database was unable
to lockout the account of <username> due to a> resource error, such as a
hard disk write failure (the specific error codeis> in the error data) .
Accounts are locked after a certain number of bad> passwords are provided
so please consider resetting the password of the> account mentioned
above.">> <username> = a number of valid accounts.>> After enabling
logging I've been able to trace our problem back to one of> our
webservers(Windows Server 2k3, running iis) and can duplicate theproblem>
when trying to sign into the server and entering a wrong password 3
times> (domain policy locks accounts
after 3 attempts). Nothing appears wrong on> the webserver, and looking
at the security log on the DCs shows theaccount> is locked.




.

Relevant Pages

  • Re: Security Breach in AD! Help!
    ... I have set up auditing of account logon and account management, ... still allowed to create a user and add the user to the built in admin group ... passwords, but all security updates have been applied. ... > success and failure in Domain Controller Security Policy. ...
    (microsoft.public.win2000.security)
  • Re: Security Breach in AD! Help!
    ... about 5 minutes the user was removed from the built in admin group. ... Make sure you are using hard to guess passwords. ... > auditing of account logon for success and failure and account management for ... > success and failure in Domain Controller Security Policy. ...
    (microsoft.public.win2000.security)
  • Re: User password List
    ... It seems like a bad idea to know other people's passwords. ... This posting is provided "AS IS" with no warranties, and confers no rights. ... and i have a domain controller. ... and password (account) to log on domain. ...
    (microsoft.public.windows.server.security)
  • Re: Windows 2003 Password Expiration
    ... On the domain controller, try using the command "net user username" [substituting ... you have it set to never in the user account properties. ... expiring or the passwords or both?? ... account lockout threshold in Domain Security Policy is not too low and keep in mind ...
    (microsoft.public.win2000.security)
  • Re: Account lockouts
    ... for reusable passwords and the AAA infrastructures that rely upon them? ... In that context, account lockout policy -- duration, threshold, lockout ... > cracking attacks. ...
    (microsoft.public.security)