1083 and 12294

Discussion in 'Active Directory' started by KJ, Apr 19, 2004.

  1. KJ

    KJ Guest

    I am getting the below messages and my Administrator
    account keeps getting locked out, but of course still logs
    in fine. What is going on, can someone point me in
    direction that either some policy or software/setting
    might be locking this out? Have already read KB articles.

    Event Type: Warning
    Event Source: NTDS Replication
    Event Category: (5)
    Event ID: 1083
    Date: 4/17/2004
    Time: 10:05:23 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: DC1
    Description:
    Active Directory could not update the following object
    with changes received from the domain controller at the
    following network address because Active Directory was
    busy processing information.

    Object:
    CN=administrator,CN=Users,DC=xxxx,DC=xxxx,DC=xxx
    Network address:
    xxxxxxxxxxxxxxxxxxxxxx._msdcs.xxxx.xxxx.edu

    This operation will be tried again later.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.



    Event Type: Error
    Event Source: SAM
    Event Category: None
    Event ID: 12294
    Date: 4/19/2004
    Time: 12:59:43 AM
    User: Domain\Administrator
    Computer: DC1
    Description:
    The SAM database was unable to lockout the account of
    administrator due to a resource error, such as a hard disk
    write failure (the specific error code is in the error
    data) . Accounts are locked after a certain number of bad
    passwords are provided so please consider resetting the
    password of the account mentioned above.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: a5 02 00 c0 ¥..À
     
    KJ, Apr 19, 2004
    #1
    1. Advertisements

  2. KJ

    Simon Geary Guest

    Sounds like your hard drive is full?

    Failing that, try the account lockout troubleshooter.
    http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

    I am getting the below messages and my Administrator
    account keeps getting locked out, but of course still logs
    in fine. What is going on, can someone point me in
    direction that either some policy or software/setting
    might be locking this out? Have already read KB articles.

    Event Type: Warning
    Event Source: NTDS Replication
    Event Category: (5)
    Event ID: 1083
    Date: 4/17/2004
    Time: 10:05:23 PM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: DC1
    Description:
    Active Directory could not update the following object
    with changes received from the domain controller at the
    following network address because Active Directory was
    busy processing information.

    Object:
    CN=administrator,CN=Users,DC=xxxx,DC=xxxx,DC=xxx
    Network address:
    xxxxxxxxxxxxxxxxxxxxxx._msdcs.xxxx.xxxx.edu

    This operation will be tried again later.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.



    Event Type: Error
    Event Source: SAM
    Event Category: None
    Event ID: 12294
    Date: 4/19/2004
    Time: 12:59:43 AM
    User: Domain\Administrator
    Computer: DC1
    Description:
    The SAM database was unable to lockout the account of
    administrator due to a resource error, such as a hard disk
    write failure (the specific error code is in the error
    data) . Accounts are locked after a certain number of bad
    passwords are provided so please consider resetting the
    password of the account mentioned above.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: a5 02 00 c0 ¥..À
     
    Simon Geary, Apr 19, 2004
    #2
    1. Advertisements

  3. KJ

    KJ Guest

    I have 69 GB on RAID5 for just AD. I don't believe it;s
    full but will check all DC's. Thanks,
     
    KJ, Apr 19, 2004
    #3
  4. KJ

    KJ Guest

    Looks to be malware or viral hacking attempts on network.
     
    KJ, Apr 19, 2004
    #4
  5. KJ

    KJ Guest

    Renamed admin account and still persists. Any ideas?\
     
    KJ, Apr 20, 2004
    #5
  6. KJ

    Simon Geary Guest

    Renaming the admin account is little use against a dedicated hacker because
    the object SID remains the same. I take it you have run a full anti-virus
    sweep on your network?

    Renamed admin account and still persists. Any ideas?\
     
    Simon Geary, Apr 21, 2004
    #6
  7. KJ

    KJ Guest

    I have little to do with WHOLE network and there lies the
    problem. Many domains and not a controlled environment.
     
    KJ, Apr 22, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.