Box is a 7028-6C4 running AIX 5.2. This is one of many for which neither the 'who' or the 'w' command work. The only other potentially revealing symptom is that the 'last' command output is formatted badly - the lines are not separated by line feeds.
I'm sure someone will have a perfectly reasonable explanation why I should have the answer to this without help. Those comments are welcome too.
I would guess that the database files where login info and so on is stored are missing or damaged. I'm not sure where these are located in aix, but in Solaris they are /var/adm/utmpx and /var/adm/wtmpx.
That fits with what I have found so far ... the /var/adm/wtmp in this case.
We had been using a dump from the 'last' command for user logging, apparently I need to rethink how the team is doing that. I'll start though the drudgery of reviewing the Sys Management docs and figuring that all out.
Well that was fun. I see the various accounting processes are supposed to clean these logs up, truncate them and extract them to permanent-type files. I ran through the process, lost all the last log entries, and still no w or who commands.
Good thing this is on a dev system.
IBM call, coming up!
This is kinda cool. I patched up the system to ML 6 per the tech I talked to. Still no joy.
I called again and there is another misc commands APAR that deals with 'last' and 'who' so at their direction I downloaded and installed bos.rte.misc_cmds.5.2.0.75.bff
Now, the 'last' command contains a dump of the /etc/security/user file! How cool is this huh?
So they created a level 1 security call out of what was a minor inconvenience.
Wow. I don't know much about AIX but it sounds like you got one messed up system there. Have fun with tech support. It is always fun to stump them! 
If you see a dump from /etc/security/user then something has really gone wild. Of course I can only guess at what is wrong, but have you checked your root-fs? Could it be that your i-nodes are cross-linked or something such?
There is a file /etc/security/failedlogin, which should contain logs about failed login attempts in /var/adm/wtmp format. If "last" fails on these two you can try "who" to get a similar formatted list:
who /etc/security/failedlogin
Another thing you could try is using "last" with the "-f <file>" parameter. maybe it helps to explicitly state the file it should work from. The same goes for /etc/utmp.
Hope this helps and I would appreciate follow-up information about what comes up about the system. Perhaps I would reinstall the system from a CD to get it to a clean state in a productive environment, but it should be much more informative to find out what the problem really is.
bakunin
you can also clear the wtmp file using audit commands
/usr/sbin/acct/nulladm /var/adm/wtmp