Just from nowhere I can't login to my Windows server 2008 machine. All the services like FTP server or webserver (which I'm actually not using, just remote desktop and FTP) are running.
Whatever credentials I try (even/especialy administrator), it always says Unknown Username or bad password. I have already tried hard turn off/on and safe mode without luck. Also I already tried type in login name as SERVER NAME\user or Workgroup\user (every case sensitive scenario), still says I have wrong login. Usually we are using remote desktop to access the machine but local access over KVM doesn't work either.
Now I'm lock out of any control or any way to do something. There's just logon screen preceding by ctrl+alt+del to login alert. Without me able to login I can't actually try to fix anything. Can't find much more on Internet except the SERVER NAME\user thing. Reinstall would be the last resort but I can't let things this way for much longer anyway. This server is vital.
If it would be any help, I think automatic Windows updates are turned off and there were no updates or newly installed software for last couple years and just few soft restarts, non of them recently.
It happened during it's runtime while all other services were still up and running, so this couldn't be just some Windows nasty screw up during boot or something. What could have possibly changed? What are my options now?
Best Answer
STOP!
You could be infected with something unpleasant. My recommendation is to first bring the server down and scan it with an offline antivirus disc. I prefer to use Kaspersky'y free rescue disc that does not, as of this writing, have license restrictions on its use for commercial purposes.
If you're not infected with anything, then check your event logs for password change events and failed logins. You will be most interested in seeking the origins of those changes. However, in order to see the Event Logs, you still need to be able to log in. Let's move on to that problem:
As for your password...
Reset the password for the administrator account using the old Accessibility Tools trick. In summary:
osk.exe
asosk.exe.old
and then renamecmd.exe
toosk.exe
net user
command.For full instructions, see this article or this video.
P.S. Don't forget to rename those files back to their original names, lest you 1) let this gaping security hole remain on the server, and 2) be confused when the on screen keyboard pops up when you try to launch a command prompt.