Re: Event ID 12294 - The SAM database was unable to lockout the account...
From: Blake (blake_duffey_at_NOSPAM.hotmail.com)
Date: 08/10/04
- Next message: Steven L Umbach: "Re: Workgroup issues"
- Previous message: Steven L Umbach: "Re: Secure Boot Settings "on." Can't turn "off" on local system."
- In reply to: jabrandt_at_online.microsoft.com: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Next in thread: Steven L Umbach: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Reply: Steven L Umbach: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Aug 2004 14:28:31 -0400
I can understand the inclination that this is a password guess attempt, but
the frequency of these logs makes that unlikely.
I am just worried that this is a problem with the AD itself. It could be a
service trying to log on...
<jabrandt@online.microsoft.com> wrote in message
news:eUqcNLlfEHA.596@TK2MSFTNGP11.phx.gbl...
> Blake, I would consider the fact that it could be someone attempting to
> guess a user account password. Since it is only a couple of times a day
> that would not be my first guess. If you dont already, enable auditing on
> logon events success and failures. This might help provide further info
> in the security event log about which DC is attempting the authentication
> and the user account.
> My inital reaction would be that you have a user account that the password
> has been changed on and you still have either a service or TS session that
> is attempting to authenticate with the old password.
>
>
>
> --
> James Brandt [MSFT]
>
>
> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
> news:%23EVeQj%23eEHA.1724@TK2MSFTNGP10.phx.gbl...
>> Getting this a couple times/day in the event log of our DCs (Windows 2000
>> native mode AD):
>>
>> The SAM database was unable to lockout the account of ? due to a resource
>> error, such as a hard disk write failure (the specific error code is in
>> the error data) . Accounts are locked after a certain number of bad
>> passwords are provided so please consider resetting the password of the
>> account mentioned above.
>>
>> Anybody seen this before??
>>
>> Blake
>>
>
>
- Next message: Steven L Umbach: "Re: Workgroup issues"
- Previous message: Steven L Umbach: "Re: Secure Boot Settings "on." Can't turn "off" on local system."
- In reply to: jabrandt_at_online.microsoft.com: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Next in thread: Steven L Umbach: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Reply: Steven L Umbach: "Re: Event ID 12294 - The SAM database was unable to lockout the account..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
