Announcement

Collapse
No announcement yet.

Accounts Locking Out

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Accounts Locking Out

    Hello, I have a Windows Server 2003 setup, recently I started having some random account lockouts. I have two domain controllers in my setup too.
    I have not configured account lockouts in Group Policy.
    I did some research and found out that it could be due to replication errors or a Conficker worm.
    when I do dcdiag on the domain controllers i get this error:

    An Error Event occured. EventID: 0x00003006
    Time Generated: 01/10/2011 10:16:47
    Event String: The SAM database was unable to lockout the
    An Error Event occured. EventID: 0x00003006
    Time Generated: 01/10/2011 10:16:47
    Event String: The SAM database was unable to lockout the
    An Error Event occured. EventID: 0x00003006
    Time Generated: 01/10/2011 10:16:48
    Event String: The SAM database was unable to lockout the

    I have checked MS site but no solution yet.
    How can I stop these account lockouts.
    Thanks.

  • #2
    Re: Accounts Locking Out

    I presume you have made sure it is NOT conficker and have scanned all your systems for malware. If not, do that NOW.

    If the problem continues after you are sure the system is clean, we can look again
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Accounts Locking Out

      Thanks Sir, when I run a virus scan with the latest dat file of McAfee I get a result that my svchost is infected with Conficker worm. I chanced upon one application at McAfee's site stinger; but it cannot delete this worm..
      I read through some forums and said I could possibly replace this svchost.exe file in System32 folder... Is that possible?
      Last edited by nukunu; 10th January 2011, 14:40.

      Comment


      • #4
        Re: Accounts Locking Out

        Roughly -- will depend on exactly what you have:
        Disconnect network from everything
        Boot machines one by one to bootable media (CD?) with Stinger or equivalent on it (make sure it is up to date)
        Clean machine -- multiple times
        Shut down
        When all machines are clean, bring them up one by one, update regular AV and check no detections.

        Have you also tried MalwareBytes on them?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Accounts Locking Out

          Thanks Sir, but how can I go about all these processes?.
          Do you please have a link I can follow?
          I havent tried the MalwareBytes application yet.

          Comment


          • #6
            Re: Accounts Locking Out

            I thought I spelled it out fairly clearly in my post above. Perhaps you should pass this one on to your network admin.
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Accounts Locking Out

              Thanks a lot Sir. We would perform above tasks as soon as possible.

              Comment

              Working...
              X