Event ID - 12289

Event Id12289
SourceSAM
DescriptionSAM failed to restore the database to an earlier state. SAM has shutdown. You must reboot the machine to re-enable SAM.
Event InformationAccording to Microsoft :
Cause :
This event is logged when SAM failed to restore the database to an earlier state.
Resolution :
Restart the computer to enable the SAM database
The Security Accounts Manager (SAM) experienced a commit failure, and it also failed to revert to an earlier state. Ensure that the system drive is not completely out of free disk space, and then restart the computer. To enable SAM access again, you must restart the system. Perform the following procedure on the computer that is logging the event to be resolved.
To perform these procedures, you must have membership in Domain Admins or you must have been delegated the appropriate authority.
To ensure that there is enough free disk space on the system drive:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type cd /d %systemroot%, and then press ENTER.
  3. Type dir, and then press ENTER. The last line of the command output displays the number of bytes that are free, which should be at least 10,024 or more. If there are not enough free bytes reported, remove unnecessary files from the System root drive.
  4. Restart the computer to enable the SAM database.
Verify :
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority.
To verify that the Security Accounts Manager (SAM) exists and that there is enough free disk space to make updates to the database:
Caution : Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type cd /d %systemroot%\system32\config, and then press ENTER.
  3. Type dir sam, and then press Enter. The command output should display a file named SAM, and there should be at least 10,024 or more free bytes reported in the last line of the output. If there are not enough free bytes reported, remove unnecessary files from the Systemroot drive.
  4. Close the command prompt.
  5. Open Registry Editor. To open Registry Editor, click Start. In Start Search, type regedit, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  6. Expand the registry path HKEY_LOCAL_MACHINE\SAM, and ensure that there is a SAM registry key that is subordinate to that registry path. If the key is not present, restart the computer.
Reference LinksEvent ID 12289 from Source SAM

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.