Users on your network may unexpectedly have their user accounts locked. This behavior occurs even though users have not previously tried to log on and have not typed any incorrect user names or passwords. When this behavior occurs, the following event is recorded in the event log on Microsoft Windows Server 2003-based computers:
Event Type: Error Event Source: SAM Event Category: None Event ID: 12294 Date: Time: User: Computer: Description: The SAM database was unable to lockout the account of due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
This issue may occur when a computer on your network is infected with the W32.Randex.F worm or with a variant of it.
To resolve this issue, run a complete virus scan on your network using the latest available virus definitions. Use the scan to remove the W32.Randex.F worm. For information about how to perform a virus scan or how to obtain the latest virus definitions, see your antivirus software documentation, or contact the manufacturer.
For additional information about how to contact the manufacturer of your antivirus program, click the following article number to view the article in the Microsoft Knowledge Base: