JSI Tip 0972. Corrupted SAM will generate netlogon errors.


If the System Event Log on your domain controller contains:


   Event ID: 5735
   Source: NETLOGON
   Type: Stop
   Description:
   Replication of the LSA Account Object "<SID#>" from primary domain
   controller BHWMIS01 failed with the following error:
   The system cannot find the file specified.

   -or-

   Replication of the LSA Account object "<SID#>" from PDC \\name failed
   with the following error:
   Unable to complete the requested operation due to a catastrophic media
   failure or an error on the disk.

   -and a workstation or member server receives:

   The system could not log you on. Make sure your User name and domain are
   correct, then type your password again. Letter in passwords must be type
   using the correct case. Make sure that Caps Lock is not accidentally on.

-or- 

   Event ID 5723
   The session setup from the computer <computer name> failed to
   authenticate. The name of the account referenced in the security
   database is <name>. The following error occurred: Access is denied.
you most likely have a corrupted SAM ( Security Account Manager) database.

The only known solution is to restore the SAM. See tip 505:

If the corruptions is on a:

Member Server or Workstation:

- Boot to an alternate install of NT and restore the SAM.

BDC:

- Boot to an alternate install of NT and restore the SAM. Domain synchronization will update the SAM.

PDC:

- Boot to an alternate install of NT and restore the SAM. Any changes since the backup will be lost. You may have to reestablish trusts.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish