+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 42
Windows Server 2000/2003 Thread, Server Down - Administrator Cannot Login / Directory Services Unavailable in Technical; Afternoon All, Well, Whilst I'm waiting on Microsoft calling me back to have a look into this issue I thought ...
  1. #1

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273

    Server Down - Administrator Cannot Login / Directory Services Unavailable

    Afternoon All,

    Well, Whilst I'm waiting on Microsoft calling me back to have a look into this issue I thought I would throw it up here in case anyone has ever come accross this before.

    History:

    - No One Knows Previous Administrator Passwords
    - No One Knows Directory Restore Password
    - No Documentation has ever been made
    - No other Admin Account can login

    === So that gave me a mad morning, but now I am getting the following error message also.

    Directory Services could not start because of the following error: The system cannot find the file specified. Error status: 0xc000000f. Please click Ok to shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detail information.
    Now that is all well and good, but i don't know the Directory Restore Login?

    I have been on site here for 4 days now and have built up an aweful lot of documentation but still have a long way to go. So before anyone starts screaming none of this (documentation does not exist) is down to me

    any one got any ideas? or am i best just waiting for MSFT to hopefully break into it (if they can).

    Oh! and backups were failing for the past 4 months, I managed to get a sucesful backup last week before this happened. so fingers crossed that backup is all well and good.

    also, without going into detail the previous IT guy was here for the first day but aint seen him since.. I was asked to lock him out of the system yesterday (change password etc.) but that is all that was done, and the new administrator password worked fine after changing it and rebooting the servers and logging in again worked fine.. but over night something weird happened.

    James.
    Last edited by EduTech; 21st June 2011 at 02:26 PM.

  2. #2

    Join Date
    Mar 2011
    Location
    Coventry
    Posts
    61
    Thank Post
    12
    Thanked 6 Times in 6 Posts
    Rep Power
    9
    What version of Windows Server is it running?

    If it is Windows 2000 then as per the KB article Here then you could try using the backup software to restore Ntds.dit to %SystemRoot%\NTDS folder (default location of Ntds.dit..... the location can be changed at promotion time but usually isnt).

    As for breaking into the password I would be inclined to run something along the lines of ophcrack on a client and see if the admin password on the clients is the same as the directory services restore mode or admin on the server (Good reason to have your clients administrator account disabled, and the password completely different to any domain passwords).

    Are you only running a single server with no redundancy?

    That would be where I would start at least.........

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by iMash View Post
    What version of Windows Server is it running?

    If it is Windows 2000 then as per the KB article Here then you could try using the backup software to restore Ntds.dit to %SystemRoot%\NTDS folder (default location of Ntds.dit..... the location can be changed at promotion time but usually isnt).

    As for breaking into the password I would be inclined to run something along the lines of ophcrack on a client and see if the admin password on the clients is the same as the directory services restore mode or admin on the server (Good reason to have your clients administrator account disabled, and the password completely different to any domain passwords).

    Are you only running a single server with no redundancy?

    That would be where I would start at least.........
    Yeah I have already come accross that KB Article for Server 2000, This server is running Small Business Server 2003 Standard. There is no Failover etc.

    I plan to get rid of SBS in the very near future and do it properly, but being here 4 days you can understand it's not something i could of sorted in that amount of time.

    I have tried all of the passwords which i have found from doing a scan, none of which work. I even phoned the support company that installed this a few years ago and they gave me a few to try but they did not work either.

    James.

  4. #4

    Join Date
    Mar 2011
    Location
    Coventry
    Posts
    61
    Thank Post
    12
    Thanked 6 Times in 6 Posts
    Rep Power
    9
    I have found a few things from a website that is for the exchange of experts information (am unsure of the rules of links to 3rd party sites on here can PM you the link if needed).

    They were for Server 2003. But i can imagine that SBS will be very very similar (Never used SBS myself).

    That suggested using ERD Commander to reset the domain admin account. I was always under the impression that as a DC does not use a SAM you would not be able to reset it via ERD Commander but others on the site believed you could. So may be worth a try?

    The other suggestion was...........

    I just ran into this issue yesterday. I spent hours struggling to find an answer scouring the internet. Luckily, I found out that since I was a MS certified partner, they (Microsoft) would help me for free! Instead of trying to find the original password, the answer is actually rather simple.

    Do this:

    Install a parallel copy of the OS (making note of the new password that you create during install). After install, activate product, and simply copy over the new SAM, SOFTWARE, DEFAULT, SYSTEM, and SECURITY from "%systemroot%\system32\config" to your old installation with the same directory. Reboot into the old Operatiing system (Having to activate again). Then, you can restore from a backup a previous copy of the files listed above (I used the previous night's backup system state and restored the whole stinking thing) to bring your Active Directory and settings back. Your server will (fingers crossed) be back to normal and your system will boot up normally. Mine was as if it never happened and lost no data, settings, etc. during the process.

    The procedure took me approx. 4 hours on a 2003 server including OS install.
    Last edited by iMash; 21st June 2011 at 03:18 PM.

  5. #5

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by iMash View Post
    I have found a few things from a website that is for the exchange of experts information (am unsure of the rules of links to 3rd party sites on here can PM you the link if needed).

    They were for Server 2003. But i can imagine that SBS will be very very similar (Never used SBS myself).

    That suggested using ERD Commander to reset the domain admin account. I was always under the impression that as a DC does not use a SAM you would not be able to reset it via ERD Commander but others on the site believed you could. So may be worth a try?

    The other suggestion was...........
    I was under the impression ERD Commander would not work to be honest as that had crossed my mind also.

    I'll keep the lata in mind as it might get to me having to do that... joys! it is going to be a long night indeed!

    James.

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    A system restore is definitely needed here, as clearly it appears AD and possibly other services are corrupted. Is there no RAID setup on this system at all?

    I presume you've tried just a blank password to restore the directory?

  7. #7

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Quote Originally Posted by Michael View Post
    A system restore is definitely needed here, as clearly it appears AD and possibly other services are corrupted. Is there no RAID setup on this system at all?

    I presume you've tried just a blank password to restore the directory?
    Yup, Tried Blank Password, and the usual common passwords.

    It is RAID, type I will have to get back to you as I have not looked yet.

    James.

  8. #8
    RobBaxter's Avatar
    Join Date
    Jun 2011
    Location
    Baldock
    Posts
    93
    Thank Post
    8
    Thanked 21 Times in 15 Posts
    Blog Entries
    1
    Rep Power
    10
    @EduTech that is a total bollox point.

    Hiren's BootCD 14.0 - All in one Bootable CD » www.hiren.info may help in this case. This is my little O Crap CD. I can't remember, but there is a tool for replacing the System Restore Password. With any luck you can just boot the server, replace it and use that to fix the root of the issue.

    Security 101 Keep server in locked secure location, cause if your at the terminal and have enought time, no password is strong enough. Unless its BitLocked ofc

    Hope it helps buddy and good luck!

  9. #9
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60

  10. #10

    Join Date
    Oct 2008
    Posts
    214
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    22
    new administrator password worked fine after changing it and rebooting the servers and logging in again worked fine.. but over night something weird happened.
    Did you suspend VPNs? I suspect foul play or a severely corrupted AD database. If you have successfully logged in with an administrator account then either AD has turned very corrupt in which case it would be restore from backups anyway or someone has killed the account password.

    Obviously if you restore from backup you wont have an administrator account yet again (although the previous IT guy will have his account active again). Is anyones PERSONAL account a member of domain admins?

    Ntds.dit is the usual culprit of directory services errors. Since you havent reinstalled then the certificates on the server are still valid so if a backup exists then try copying that back over. TBH though you can either waste time cracking the admin account or start from scratch. I dont think you can reset the password in the same way as a normal windows machine as there isnt a local admin password on a DC. Domain controllers store their password in the AD directory - only after a DCPROMO demotion will you get a local admin password (having said that I have never used SBS therefore SBS could behave differently to a regular DC server)

    Not nice but you arent a miracle worker!
    Last edited by KK20; 21st June 2011 at 03:55 PM.

  11. #11

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Security is something I am getting on top off, they had 5900, 3389 and various other ports wide open and did not know the password the to WatchGuard Firewall so I had to rebuild that from scratch on thursday. I have not been able to lock down 3389 as of yet because I have to deploy a new solution quickly and I don't want to have to do it twice when the least line goes live in a couple of days so i'm just keeping my fingers crossed for the time being. (that will get locked down, and people will only be able to login using an SSL VPN via the Watchguard Firewall).

    No User Accounts can login, Only the Administrator, Myself and another account has Domain Admin / Enterprise Admin Rights and neither of them work.

    I am not sure if the previous guy has done something malicious over the weekend that has only caused an issue since me rebooting because last night even though i could auhenticate fine, it did feel a bit ropy and then around 10pm the server went offline.. and i came in this morning and it was powered on but had crashed so i had to reboot it and that is when i could not login at all (and i got quite worried) and then after trying a few things, safe mode, restore mode etc. this error now comes up with regards to the ntds.dit file etc.

    I just hope to god that this backup is in a good state because it has not been tested or anything.

    __

    One thing that made me think this morning is that an SBS Server normally sits at the pre logon screen for a while doing it's business because of how much it has to deal with, but yet it got to the logon box in less than 30 seconds which is odd.. as if all the services was not started so i just assumed that maybe the logon/ad services were not starting which is why i could then not authenticate would make sense, but it leaves me stuck.

    MD wants to know how it has happened, as he is convinced the previous guy has done it and I can't say nowt as i don't know and won't be saying anything UNTIL i have concrete facts. and even then I want to stay out of it as much as possible. (they really upset him, and he has threatened with causing problems in the past like this).

    anyway, no call from MSFT as of yet even then the SLA is less than 1hr and that was 2hrs ago! I'm serously going to have to start doing some of the above soon.

    Thanks for your help chaps,

    James.

  12. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,572 Times in 1,252 Posts
    Rep Power
    340
    It is RAID, type I will have to get back to you as I have not looked yet.
    Well I hope it's RAID1 or RAID5 and not RAID0. That would be a little silly...

    I would check the status of the RAID array in the RAID BIOS. This should give you a better indication what's going on. Also, the fact the server is POSTing OK, hopefully the issue isn't hardware related.

    The link IanT posted looks promising and would definitely be something I would explore. If the backup doesn't work, then it doesn't work. You can't be held responsible for this! It sounds to me you're doing a fab job given the circumstances.

  13. #13
    ozydave's Avatar
    Join Date
    Jun 2007
    Posts
    256
    Thank Post
    80
    Thanked 34 Times in 23 Posts
    Rep Power
    31
    Hello
    I have a SAM password cracker (for emergencies).
    Create a boot cd from the iso boot the server. It's a command line tool. Have used it here when I first took up post. I done the job for me.
    PM me if your interested
    All the best

  14. #14

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,232
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    423
    @ozydave that is not going to help here.

  15. #15

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,068
    Thank Post
    160
    Thanked 925 Times in 727 Posts
    Blog Entries
    3
    Rep Power
    273
    Right, There are 2 arrays (RAID 1 and RAID 5) for reference.

    Tried a few more things with MSFT this afternoon, but they now basically want me to restore the system state from a backup (LTO3 Media) to another server (which i have not got) so they can grab somes files, and then using Server 2008/Windows 7 and a USB Drive with the files on they want me to copy the files to the Server and then I am guessing they are hoping it will then work.

    I am going to struggle to get that data of an LTO3 Catridge because I don't know anyone with one at the moment, I am going to get a copy of the server using Symantec System Recovery or something so i can at least get access to the data using a Virtual Machine if needs be. And then I shall fight with Microsoft with sorting that server.

    I can't re-build it, no chance with no documentation etc. just a complete nightmare!

    Don't help that I have the MD jumping up and down because he wants to know if he can take legal action against someone as he thinks that certain person did it maliciously, but to be honest that is the least of my worries right now i need to damn thing up and running.

    Joy oh Joy! I cannot believe how much of a mess this entire network is, nothing right about it at all and they are an international company! eek! i have not stopped dripping with sweat all day.. :/ scary stuff!

    I don't think it is hardware related.

    I'll update everyone in the morning, for now i need to find some drivers and get another box and a LTO3 Backup Drive to restore this media.

    James.

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Logging Failed Administrator Login Attempts
    By farquea in forum Windows
    Replies: 4
    Last Post: 24th March 2011, 10:13 AM
  2. [MDT] Auto Login as Administrator
    By deano in forum O/S Deployment
    Replies: 5
    Last Post: 7th October 2010, 12:49 PM
  3. Replies: 2
    Last Post: 14th September 2009, 08:51 AM
  4. How to prevent domain administrator login on workstations?
    By ronanian in forum Wireless Networks
    Replies: 8
    Last Post: 4th August 2009, 08:59 PM
  5. Replies: 3
    Last Post: 6th October 2007, 10:30 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •