Passwords mysteriously deleted

  • Thread starter Thread starter Andy
  • Start date Start date
A

Andy

Hi all,

All of the passwords on one of our W2K Server machines have suddenly
disappeared. Not a single one of them works, including the
administrator's, and we can't work out how to fix it without being
able to log in. To make matters worse, the server is hosted remotely,
so getting to it to use a boot disk is a pain as well.

There are a few clues which may help shed some light:

1. There have been problems with disk space on the boot partition.
Could this mean the SAM file couldn't be loaded properly?

2. We were able to reboot the server, and when it came back up, it
gave a message saying that some services couldn't be started and to
check the event viewer. Could an authentication service have died?

3. I'm not very knowledgable about the use of domains, etc, but as I
understand it, it's not in a domain. I understand that changing the
domain could stop user accounts from working.. Obviously, we can't log
in to check whether this has happened

If anyone has any experience of this happening, please let us know!

Cheers,
Andy
 
Domain accounts would not work if communications to a domain controller failed
and domain cached logons were disabled or the global catalog server coud not be
contacted in a native mode domain [except for administrators]. You say it is not
a domain machine. Either its was attacked and all the accounts are locked out
[except administrator can always logon at the console] or it has a major problem
that is going to need physical access in my opinion. It may help to boot into
safe mode. A possible solution may be to run a fast repair on it. Of course
reading Event Viewer would probably help. You might try reading Event Viewer
[select connect to another computer] remotely by using a another networked
machine if possible. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;238359
 
Andy said:
Hi all,

All of the passwords on one of our W2K Server machines have suddenly
disappeared. Not a single one of them works, including the
administrator's, and we can't work out how to fix it without being
able to log in. To make matters worse, the server is hosted remotely,
so getting to it to use a boot disk is a pain as well.

There are a few clues which may help shed some light:

1. There have been problems with disk space on the boot partition.
Could this mean the SAM file couldn't be loaded properly?
Click to expand...
maybe SAM can't SAVE properly - or it's no password problem - too low
virtual memory
2. We were able to reboot the server, and when it came back up, it
gave a message saying that some services couldn't be started and to
check the event viewer. Could an authentication service have died?
Click to expand...
With low space can be ANYTHING
3. I'm not very knowledgable about the use of domains, etc, but as I
understand it, it's not in a domain. I understand that changing the
domain could stop user accounts from working.. Obviously, we can't log
in to check whether this has happened
Click to expand...
The only way to fix it - boot to ERD/Recovery Console (ERD - my choice,
based on WINDOWS PE with GUI etc) -> NOT REMOTE
 
Back
Top