EventID.Net GFI
 
home| search| login| forums| it admin tasks| tcp/ip ports| documents | contributors| about us 
 
Event ID/Source search
Event ID: Event Source:
Keyword search
Example: Windows cannot unload your registry file
 
Event ID: 1005 Source: dsrestor
Source: dsrestor
Type: Error
Description:
The DSRestore Filter failed to connect to local SAM server. Error returned is <id:997>.
English: This information is only available to subscribers. An example of English, please!
Comments:
Dominik Rappaport
From a newsgroup post: "Please perform the following steps to resolve this issue:
1. Use the administrator account to log on the SBS Server, run "regedit".
2. Locate this registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
3. In the right panel, double-click ''Notification Packages'', and delete "dsrestor" from the value data.
4. Then monitor this issue".
Click if the comment is good! x 16

Gasper Rupnik
From a newsgroup post: "You can safely ignore this event, however be aware of what it means. Prior to Windows 2003 SP1 when you changed the admin password in SBS, a hidden wizard automatically changed the dsrm (directory restore mode) administrator password to match when you rebooted. Windows 2003 SP1 broke this functionality, so now if you change the admin password you should also change the dsrm password or make very sure you know what it is in case you ever need it. You will see this error logged on every reboot because the server tries to synchronize the passwords". See "MCPMag Forum Thread 2938" for the original post.
Click if the comment is good! x 6

Anonymous
From a newsgroup post: "DSRestore's job is to synchronize the domain admin password with the dsrm password. The dsrestore process will run every 30 minutes to verify that the passwords are coordinated. If they are not, dsretore will synchronize them. The 1005 error indicates that dsrestore was unable to connect to the SAM and verify if the passwords are coordinated when the server boots. My guess is that it fails at boot due to a race condition. If the process fails, it does not run again until the server is rebooted. As a workaround, you can manually reset the DSRM password to match the domain admin password by using ntdsutil. See ME322672 for information on how to reset the Directory Services Restore Mode administrator account".
Click if the comment is good! x 3
Private comment: Subscribers only. See example of private comment
Links: ME322672, MCPMag Forum Thread 2938
Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue - More links...
Custom search for *****: Google - Bing - Microsoft - Yahoo
Feedback: Send comments or solutions - Notify me when updated

Printer friendly
  • Subscription
    SubscribeSubscribe to EventID.Net now!
    Already a subscriber? Login here
GFI

 





 

 

Recommend Us


  • Quick Tip
    Connect to EventID.Net directly from the Microsoft Event Viewer!
    Instructions

  • Newest article
    How to Maintain and Monitor a Microsoft SharePoint Server
    Read

Customer services

Contact us
Support
Terms of Use

Help & FAQ

Sales FAQ
EventID.Net FAQ

Articles

Managing logs
Recommended books

Links

Downloads
Firegen Log Analyzers
Link to us


© Copyright 2001 - 2012 EventID.Net