If the System Event Log on your domain controller contains:
Event ID: 5735 Source: NETLOGON Type: Stop Description: Replication of the LSA Account Object "<SID#>" from primary domain controller BHWMIS01 failed with the following error: The system cannot find the file specified. -or- Replication of the LSA Account object "<SID#>" from PDC \\name failed with the following error: Unable to complete the requested operation due to a catastrophic media failure or an error on the disk. -and a workstation or member server receives: The system could not log you on. Make sure your User name and domain are correct, then type your password again. Letter in passwords must be type using the correct case. Make sure that Caps Lock is not accidentally on. -or- Event ID 5723 The session setup from the computer <computer name> failed to authenticate. The name of the account referenced in the security database is <name>. The following error occurred: Access is denied.you most likely have a corrupted SAM ( Security Account Manager) database.
The only known solution is to restore the SAM. See tip 505:
If the corruptions is on a:
Member Server or Workstation:
- Boot to an alternate install of NT and restore the SAM.
- Boot to an alternate install of NT and restore the SAM. Domain synchronization will update the SAM.
- Boot to an alternate install of NT and restore the SAM. Any changes since the backup will be lost. You may have to reestablish trusts.