Unable Logon to Vista with my account inspite of typing right password

Hi All,

This is a strange scenario. I am unable to logon to Vista with my user account inspite of typing in the right password( I am verry sure that the password i am typing in is correct as i have been using it for quite some time). Throws invalid password error.

Luckily i had another parallel account with right priveleges.I logged on to that account and reset the password for my user account.

I reviewed the event logs and observed the following error

Event ID:6037

Source:LSASRV

Description:

The program lsass.exe, with the assigned process ID 123, could not authenticate locally by using the target name host/\\machinname. The target name used is not valid. A target name should refer to one of the local computer names, for example, the DNS host name.

Try a different target name.

I performed a search on google ,event id site and microsoft support site but not able to find any info on this error message which is quite strange.

any one come across a similar problem before or any idea why this problem was observed?

 

There have been reports where lsass.exe has been "hijacked" by a virus which then points the OS away from the copy in C:\Windows\System32 to a virus/trojan-injected version resident elsewhere. So, the first thing to do is check for that file and confirm that it has the same date and time stamp as the other system files surround it in the list.



Other references I found to lsass.exe and LSASRV-related problems had to so with Windows Server 2K3, Active Director, and domain-based environments. So, are you logging into a local machine? Or are you logging into a corporate network machine?

 

Hi,

Thanks for the update.My vista machine is work group and not part of any domain.

SK

 

OK, so have you checked the file info like I suggested?

 

Hi,

I checked the modified date of the file lsass.exe and lsasrv.dll. I does matches that of other files on system32 directory.Could this be a same database error or any registry corruption?

SK

 

Here are some details on more stuff you can do (courtesy of "Dwarf" from www.tutorials-win.com):



"This file, lsass.exe, is an essential part of the Windows operating system.

LSASS, the Local Security Authority Subsystem Service, is responsible for

helping Windows manage security and logins. It is normal for this process to

access the system on a regular basis, but excess access by this process is a

case for concern, particularly when accompanied by higher than normal CPU

useage. You should be able find the lsass.exe file in the following folder:

'C:\windows\system32'.



Check this by opening 'Task Manager'. Select the 'Processes' tab. Click on 'Show processes from all users' (provide administrative credentials when prompted). Scroll down the list until you come to 'lsass.exe'.



Check the 'CPU' useage for this process. Right click on 'lsass.exe' and select 'Properties' from the popup menu. In the 'General' tab, check the location of this file. If it is different to that mentioned above, then your system is infected with a variant of the SASSER malware and you should scan your system with your anti-malware tools, allowing them to fix any problems that they find. In severe cases, a reinstallation of your OS

may be required."