LSASS - Incorrect Password

August 13, 2009 at 12:38:38
Specs: Windows XP SP2
Background:
- client PC on a large corporate domain
- default Admin account has been renamed

Issue:
- began with corrupt registry "Windows cannot find the following file or it is corrupt C:\Windows\System32\Config\SOFTWARE"
- was successful in restoring registry

- after registry restoration I receive the following error on boot "when trying to update a password the return status indicated that the value provided as the current password is not correct.""


Attempted resolution:
- chkdsk /r
- restored additional registry backups
- blanked out admin password


I am guessing that this issue is occurring due to the fact that the default registry backup would contain the default administrator account and associated information.

The image layer we use on top of these machines changes the default administrator account name as well as sets the password.

Does anyone have any insight into this issue? I have already followed microsoft resolution for restoring a corrupt registry which allowed me to recover to the point i am at now.

- it should be noted that these are not OEM installs but a base XP install with separate layers depending on the role within the organization. Ghost Images are applied to workstations based on make and model as well as current hardware configuration.


See More: LSASS - Incorrect Password

Report •


#1
August 13, 2009 at 17:54:13
If you apply an image and it fails suspect more issues than just registry.

Lsass may be a virus. View all users root. Use attrib. If you find an lsass you are infected. Shows up in other places too.

Playing to the angels
Les Paul (1915-2009)


Report •

#2
September 1, 2009 at 09:10:41
It turns out that the issue i described was the cause.

The default admin account had been renamed through a GPO so when doing a registry restore it was defaulting to the Administrator name however group policies defined in the SECURITY hive would be associated with the renamed account.

To fix this issue i had to retain the old SAM hive and restore only SOFTWARE, SYSTEM, SECURITY and DEFAULT.


Report •

Related Solutions


Ask Question