Would a degraded RAID1 cause login issues?

[paperfist]

Howdy folks

I'm trying to help out a local zoo with a server issue, but it's a little out of my area of knowledge. They have a Intel based system from '03 running in RAID1 with Windows Server 2003. Since Thursday they've been unable to log into the system with the Admin account. It says to check and make sure that the password or domain are correct which it is. To make sure I reset the password and it still won't let me log in.

Now the RAID1 is degraded and I'm wondering if that could be the cause of the issue. Once in a while I'll get a BSOD pointing to the aarich.sys file but I haven't been able to pin point anything.

I've tried safe-mode, last known good config, rebuilding the array and I can't seem to find a way in. The only other clue I have is the last file that is loaded before the log-in screen is acpitable.dat which yields some similar issues when doing a search on google, but no answers.

Can anyone point me in the right direction? Thanks!

 

[RebateMonger]

No, a degraded RAID 1 array shouldn't affect login. Redundant RAID wouldn't be worth much if a server stopped working when a single drive has failed.

 

[corkyg]

Check for a BIOS update for Server 2003 - should be 1.14 or newer or it will hang on ACPITABLE.DAT.

 

[paperfist]

Originally posted by: RebateMonger
No, a degraded RAID 1 array shouldn't affect login. Redundant RAID wouldn't be worth much if a server stopped working when a single drive has failed.

Thanks for the info, that's what I figured with having a second drive, but I wasn't sure if having the 2nd offline would effect anything since it's technically not usable.

 

[paperfist]

Originally posted by: corkyg
Check for a BIOS update for Server 2003 - should be 1.14 or newer or it will hang on ACPITABLE.DAT.

Ok I will check thank you. Now it's been running fine at whatever version it's using since Thursday, so can that still be an issue?

 

[paperfist]

Ok no luck with the BIOS update. Just to clairfy it didn't actually hang at ACPITABLE.DAT, but that's the last file that gets loaded before the log-in screen and I was just thinking that could be an issue.

I think there must be a corrupt file or missing directory service, but I haven't figured out how to access the event view when you can't log-in to Windows.

I also rebuilt the array and so far with multiple reboots it's no longer saying it's degraded, but optimal instead.

 

[RebateMonger]

You can certainly have corrupted files in a RAID 1 array. Power outages can do it.

I'm still not clear how you can reset the Administrator password, but you can't log in. You can't reset a password unless you are already logged in, at least not from the console. Are other accounts able to log in? I assume that's how you are doing it.

 

[paperfist]

Originally posted by: RebateMonger
You can certainly have corrupted files in a RAID 1 array. Power outages can do it.

I'm still not clear how you can reset the Administrator password, but you can't log in. You can't reset a password unless you are already logged in, at least not from the console. Are other accounts able to log in? I assume that's how you are doing it.

No there's a linux boot disc that lets you edit the SAM file and thus lets you change the passwords which I used. The only account they have on the computer is for Administrator.

 

[RebateMonger]

Originally posted by: paperfist
No there's a linux boot disc that lets you edit the SAM file and thus lets you change the passwords which I used. The only account they have on the computer is for Administrator.

Yeah, I use the Norwegian one often. I just didn't know how you were doing it. I never could get the Norwegian one to work with Server 2003 SP2, but it might just be me. It'd SAY it had changed the local Administrator passwordk, but it hadn't. I haven't yet tried the lastest version (that works on Vista) on Server 2003.

So, my question still is: Can other accounts (besides local Administrator) log in? And we are talking about changing passwords on local Accounts, not Domain accounts, right?

 

[paperfist]

Originally posted by: RebateMonger

Originally posted by: paperfist
No there's a linux boot disc that lets you edit the SAM file and thus lets you change the passwords which I used. The only account they have on the computer is for Administrator.

Yeah, I use the Norwegian one often. I just didn't know how you were doing it. I never could get the Norwegian one to work with Server 2003 SP2, but it might just be me. It'd SAY it had changed the local Administrator passwordk, but it hadn't. I haven't yet tried the lastest version (that works on Vista) on Server 2003.

So, my question still is: Can other accounts (besides local Administrator) log in? And we are talking about changing passwords on local Accounts, not Domain accounts, right?

First, thank you very much for trying to help me out

No, of the 6 or 7 other accounts no one can log in. Though I only tried one other computer with admin access to log into the server with. With the other 6 computers I just took their word for it that they couldn't log-in. I figured since I couldn't get into the server from the server itself with the admin account that there was no hope with the other computers.

Yes, just trying to change the password on the local account.

To be honest now that you are bringing it up when I used Linux reset tool it only shows me the admin and guest accounts. There should be 6 or 7 others, correct? Hmmm...

So maybe that Linux reset tool doesn't work as you are saying, but it certainly seems to work for me like it does when I've used it with XP and 2k. There's no way for me to test if it's actually changing the password since I can't get past the log-in screen.

 

[Boobs McGee]

Is this machine a member of a domain or possibly is it a DC? That could explain some of the problems you may be having with editing the SAM if you are trying to use domain accounts. Are you trying to logon locally or log on to a domain?

 

[paperfist]

Originally posted by: Boobs McGee
Is this machine a member of a domain or possibly is it a DC? That could explain some of the problems you may be having with editing the SAM if you are trying to use domain accounts. Are you trying to logon locally or log on to a domain?

Half the problem is I'm not an expert with servers (I can build a PC, install and maintain a DOS box, Win98/2k/XP/Vista, but I'm unfamiliar with Windows Server x) and I didn't set this network up so with never having logged into Windows and no documentation left behind from previous admins I don't know exactly how it's meant to work.

What I do know is the Windows 2003 server has shares on it for 7 users to log into with. When I boot the server up itself I get a log in screen that has "Administrator" filled out for user name; the password is blank (I have it and it's never, ever been changed; and the log in box is filled out as "UZoo". There are no other options to pick from and for whatever reason I can't log into the server with the password. I have one other user's log-in info that isn't admin and I can't log in with hers either.

I greatly appreciate everyone's help

 

[redbeard1]

If the server is a domain controller, which is very likely, then password reset tools will not work on it.

I suppose you could download and install the Server 2003 admin pack on one of the computers. This will get you the server administrator tools, which would have the Active Directory Users and Computers console. This may enable you to try and change the password for the server account.

What you are seeing at the logon is definitely not normal. I would wonder if it has been hacked.

You could press F8 at the server port and try to get into Domain Controller recovery mode, but you need to know the password for that option. It may be the password you have, but it may not.

 

[paperfist]

Originally posted by: redbeard1
If the server is a domain controller, which is very likely, then password reset tools will not work on it.

I suppose you could download and install the Server 2003 admin pack on one of the computers. This will get you the server administrator tools, which would have the Active Directory Users and Computers console. This may enable you to try and change the password for the server account.

What you are seeing at the logon is definitely not normal. I would wonder if it has been hacked.

You could press F8 at the server port and try to get into Domain Controller recovery mode, but you need to know the password for that option. It may be the password you have, but it may not.

Hmm I haven't run into the Server 2003 admin pack so I'll look into that, thanks!

I actually messed around with hacking the SAM file and according to the program I ran the password was indeed changed to what I made it and yet I still can't log-in. There's def an issue with the OS whether it was hacked or corrupted.

I also finally got into the tape backup drive and whoever set that up disappointing me Even though it is physically capable of backing up the whole drive and making it bootable they only choose to backup the user files. UGH!

About the last thing I was going to try was to reinstall 2003 on a separate drive and see if I could copy those new files onto the existing copy of the system drive that isn't working.

Thanks again for everyone's help

 

[paperfist]

w00t I gained access!

What I learned so far: You can use Petter Nordahl-Hagen's Linux or Emergency Boot CD (EBCD) to reset an admin's password to blank. You cannot however use them to change a password to something else. This is for Windows Server 2003 anyway.

I retried a few things and found that blanking the password and booting into Directory Service Restore Mode via F8 gained me access to the system (FINALLY!).

Just looking at the event viewer log now it looks like either Quickbooks update cause the server issue or a Userenv event 'Windows cannot determine the user or computer name' (The system detected a possible attempt to compromise security) is the culprit.

Thanks again for all the help everyone. Now I have to figure out what all the event viewer events mean and what the problem with the server actually is.

 

[RebateMonger]

Originally posted by: paperfist
What I learned so far: You can use Petter Nordahl-Hagen's Linux or Emergency Boot CD (EBCD) to reset an admin's password to blank. You cannot however use them to change a password to something else. This is for Windows Server 2003 anyway.

Yeah, that's always been in Nordahl-Hagen's instructions (blanking the password rather than trying to change it).

I saw a Quickbooks update totally trash a brand-spanking-new SBS 2003 box. The owner was on the phone with Intuit. Intuit said to install a patch. The box never rebooted again. Intuit said, "Sorry".

 

[paperfist]

Originally posted by: RebateMonger

Originally posted by: paperfist
What I learned so far: You can use Petter Nordahl-Hagen's Linux or Emergency Boot CD (EBCD) to reset an admin's password to blank. You cannot however use them to change a password to something else. This is for Windows Server 2003 anyway.

Yeah, that's always been in Nordahl-Hagen's instructions (blanking the password rather than trying to change it).

I saw a Quickbooks update totally trash a brand-spanking-new SBS 2003 box. The owner was on the phone with Intuit. Intuit said to install a patch. The box never rebooted again. Intuit said, "Sorry".

Well the thing is of all the people I asked half said you can't have a blank password and half said you could. Anyway, after I changed or blanked the password I still couldn't get in under normal boot up... Until I figured out with a tip from someone else to try Directory Service Restore Mode (DSRM) after blanking the password.

The funny thing is if you reboot after having blanked (instead of trying the newly blanked password) the password it resets back to something else and won't let you log in so lord knows how many times I reset it and it not working because Windows wasn't functioning correctly.

There's another website that had a registry hack from DSRM to change the admin password as if you were logged in as admin. I ran through that and now I can log into Windows normally.

Yeah I believe that about QuickBooks, I myself use '06 and after reading all of the horror stories about '09 decided not to upgrade.

 

[redbeard1]

There's another website that had a registry hack from DSRM to change the admin password as if you were logged in as admin. I ran through that and now I can log into Windows normally.

Do you still have the link to that site, or the information it provided? If you do, post it here so we can all learn.

 

[redbeard1]

Petri

Was it this procedure?

 

[paperfist]

Originally posted by: redbeard1
Petri

Was it this procedure?

It's not the same web page I found (I have it book marked on my laptop) but it's the same exact procedure that works unbelievably well

I found it by searching "domain controller password reset".