Local System Account Expired
I have a member server running Windows 2003 Standard that generates four Event 532 "The specified user account has expired" any time a service using the Local System is started. The service does start, however this is producing a lot of noise in my
log management application. The server is virtualized, running on Hyper-V.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 532
Date: 12/9/2010
Time: 10:32:11 AM
User: NT AUTHORITY\SYSTEM
Computer: LLV-APPS1
Description:
Logon Failure:
Reason: The specified user account has expired
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: LLV-APPS1
Caller User Name: LLV-APPS1$
Caller Domain: LAKELV
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 892
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
December 9th, 2010 1:45pm
Server restored from snapshot?
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2010 2:00pm
No, but we did migrate it from a physical server using System Center Virtual Machine Manager,
December 9th, 2010 6:18pm
Hi,
What's the status of the machine account in AD? Can it connect to DC properly? Is there any other error logged on the computer?
The following blog could be helpful:
http://blogs.technet.com/b/askds/archive/2009/02/15/test2.aspx
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 2:00am
Ok, to solve this problem you need to rejoin computer to the domain.
You also can try to Reset Computer Account (http://support.microsoft.com/kb/216393), but fastest way to solve problem - remove computer from domain and after restart joind it to domain again.
December 10th, 2010 2:52am
I do not see any other errors on the server or the domain controllers. I ran nltest /sc_query and the result was Trusted DC Conennection Status Staus - 0 0x0 NERR_Success. Nltest /sc_verify gave me Trusted DC Conennection Status Staus - 0 0x0 NERR_Success
and Trusted Verification Status = 0 0x0 NERR_Success.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2010 11:43am
I ran nltest /sc_query and the result was Trusted DC Conennection Status Staus - 0 0x0 NERR_Success. Nltest /sc_verify gave me Trusted DC Conennection Status Staus - 0 0x0 NERR_Success and Trusted Verification Status = 0 0x0 NERR_Success. I ran netdom
reset which succeeded. I still have the same problem. I will not be able to remove the computer from the domain until tomorrow.
December 10th, 2010 11:47am
Hi,
How's everything going? Is there any update on the issue?
Please do not hesitate to respond back if you need further assistance.
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2010 8:36pm
no no, this will not be a case for NLTEST, the event shows that this was Network Logon (type 3) which means that the operating system itself probably requires a TGS for itself (something like host/LLV-APPS1). Would you be able to post here the contents of
the computer account from AD? Either use LDP or ADSI Edit or the Attributes tab on Windows 2008 dsa.msc console.
did you check the machine time/time-zone against the DC? are they really on the same time?
ondrej.
December 15th, 2010 2:23am
Expanding base 'CN=LLV-APPS1,OU=Servers,DC=lakelv,DC=domain'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=LLV-APPS1,OU=Servers,DC=lakelv,DC=domain
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: LLV-APPS1;
1> distinguishedName: CN=LLV-APPS1,OU=Servers,DC=lakelv,DC=domain;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 12/21/2005 12:55:38 Pacific Standard Time Pacific Daylight Time;
1> whenChanged: 12/06/2010 08:20:27 Pacific Standard Time Pacific Daylight Time;
1> displayName: LLV-APPS1$;
1> uSNCreated: 63235;
1> uSNChanged: 17240389;
1> name: LLV-APPS1;
1> objectGUID: 7fd049c7-a8ca-4bc8-bde2-81e04cf0379f;
1> userAccountControl: 0x1000 = ( UF_WORKSTATION_TRUST_ACCOUNT );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: 01/01/1601 00:00:00 UNC ;
1> lastLogoff: 01/01/1601 00:00:00 UNC ;
1> lastLogon: 12/13/2010 22:16:30 Pacific Standard Time Pacific Daylight Time;
1> localPolicyFlags: 0;
1> pwdLastSet: 11/25/2010 04:47:37 Pacific Standard Time Pacific Daylight Time;
1> primaryGroupID: 515;
1> objectSid: S-1-5-21-823518204-1303643608-682003330-11609;
1> accountExpires: 09/14/30828 02:48:05 UNC ;
1> logonCount: 663;
1> sAMAccountName: LLV-APPS1$;
1> sAMAccountType: 805306369;
1> operatingSystem: Windows Server 2003;
1> operatingSystemVersion: 5.2 (3790);
1> operatingSystemServicePack: Service Pack 2;
1> dNSHostName: LLV-APPS1.lakelv.domain;
8> servicePrincipalName: WSMAN/LLV-APPS1.lakelv.domain; WSMAN/LLV-APPS1; NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/LLV-APPS1.lakelv.domain; MSSQLSvc/LLV-APPS1.lakelv.domain:1433; SMTPSVC/LLV-APPS1; SMTPSVC/LLV-APPS1.lakelv.domain; HOST/LLV-APPS1;
HOST/LLV-APPS1.lakelv.domain;
1> objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=lakelv,DC=domain;
1> isCriticalSystemObject: FALSE;
5> dSCorePropagationData: 11/06/2008 13:12:56 Pacific Standard Time Pacific Daylight Time; 11/06/2008 13:12:56 Pacific Standard Time Pacific Daylight Time; 03/21/2008 14:31:04 Pacific Standard Time Pacific Daylight Time; 03/21/2008 14:31:04 Pacific
Standard Time Pacific Daylight Time; 07/04/1609 15:45:23 Pacific Standard Time Pacific Daylight Time;
1> lastLogonTimestamp: 12/06/2010 08:20:27 Pacific Standard Time Pacific Daylight Time;
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2010 2:56pm
They server and DCs have the correct time zone.
December 15th, 2010 2:57pm
Using netdom reset actually solved the problem. Thanks for the help.
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2010 11:03am