Event ID - 16406

Event Id16406
SourceSAM
DescriptionThe Security Account Database detected that the well known account %1 does not exist. The account has been recreated. Please reset the password for the account.
Event InformationAccording to Microsoft :
Cause :
This event is logged when the Security Account Database detected that the well known account does not exist.
Resolution :
Reset the password for a well-known account that was created recently
The Security Accounts Manager (SAM) created a required built-in account that did not exist. Reset the password on this account. The account name is in the Event Viewer event text. Perform the following procedure using a domain member computer with the domain administrative tools installed.
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority.
To locate an account and reset the account password:
  1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start. In Start Search, type dsa.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the console tree, right-click the object that represents your domain, and then click Find. The Find Users, Contacts, and Groups dialog box opens.
  3. In Name, type the name of the account that is specified in the event text, and then click Find Now.
  4. In Search results, right-click the account that requires a password reset, and then click Reset Password. The Reset Password dialog box appears.
  5. In New Password, type the password, and, in Confirm Password, type the same password again, and then click OK.
  6. To confirm the password change, click OK.
Verify :
To perform this procedure, you must have membership in Domain Admins or you must have been delegated the appropriate authority. Perform the following steps using a domain controller in the domain.
To verify that the well-known accounts exist:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Type dsquery * -filter "(objectSID=*)" -limit 44 -attr objectsid distinguishedname %gt wellknownaccounts.txt, and press ENTER. The first 44 accounts in the directory are copied to a text file.
  3. Type notepad wellknownaccounts.txt and press ENTER. The file opens in Notepad.
  4. Check the entries in the list against the following table.
Reference LinksEvent ID 16406 from Source SAM

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh