JSI Tip 0972. Corrupted SAM will generate netlogon errors.

Jerold Schulman

January 4, 1999

1 Min Read
ITPro Today logo in a gray background | ITPro Today


If the System Event Log on your domain controller contains:

   Event ID: 5735   Source: NETLOGON   Type: Stop   Description:   Replication of the LSA Account Object "" from primary domain   controller BHWMIS01 failed with the following error:   The system cannot find the file specified.   -or-   Replication of the LSA Account object "" from PDC ame failed   with the following error:   Unable to complete the requested operation due to a catastrophic media   failure or an error on the disk.   -and a workstation or member server receives:   The system could not log you on. Make sure your User name and domain are   correct, then type your password again. Letter in passwords must be type   using the correct case. Make sure that Caps Lock is not accidentally on.-or-    Event ID 5723   The session setup from the computer  failed to   authenticate. The name of the account referenced in the security   database is . The following error occurred: Access is denied.

you most likely have a corrupted SAM (Security Account Manager) database.

The only known solution is to restore the SAM. See tip 505:

If the corruptions is on a:

Member Server or Workstation:

- Boot to an alternate install of NT and restore the SAM.

BDC:

- Boot to an alternate install of NT and restore the SAM. Domain synchronization will update the SAM.

PDC:

- Boot to an alternate install of NT and restore the SAM. Any changes since the backup will be lost. You may have to reestablish trusts.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like