Solved

Logon Failure: The target account name is incorrect

Posted on 2008-06-11
13
1,223 Views
Last Modified: 2008-07-03
In one of our branches, we have 2 DCs (Win Server 2003 Ent. Ed. SP2) and one of them crashed completely. We restored everything back but the following errors appear frequently:
"      On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
"      On System Event Viewer: Event ID: 4, 24, 26 and 29 (W32Time)
"      ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
When I run DCDiag on this restored server I got: Failed test Netlogons and Failed test Advertising. In addition: I can ping this server by name & IP, I can also browse it by IP but NOT with its domain name and I get a message: DAM-FNP is not accessible. You might not have permission to use this network resource. Contact the & Logon Failure: The target account name is incorrect.
I tested Active Directory replication between these 2 servers and it is OK. Replication is Ok also with other servers in the main office.
Any solutions to this situation. Thanks a lot
0
Comment
Question by:Gamout
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Expert Comment

by:sofianshibani
ID: 21757844
it sounds like you have some services not running, please confirm if Netlogon, Server and Workstation services are running.
0
 

Author Comment

by:Gamout
ID: 21757876
Thanks for responding. The 3 services you mentioned are all "Started". Machine also has been restarted many times and these services are working fine.
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21757938
try this :

1: disjoined the server from the domain, leave it in the workgroup.
2: do a nbtstat -a servername, see if there is any conflict.  do a nbtstat -a domaincontrollerservername too.
3: if there is no conflict, join back the server to the domain again.

reference: http://www.experts-exchange.com/Operating_Systems/Q_21018430.html
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21757951
0
 
LVL 2

Expert Comment

by:sofianshibani
ID: 21757956
ok, now , there are multiple causes to the situation you are in, all those generated events indicate a problem with AC DS, netlogon is trying to register in dns but it cannot contact the active directory domain service, you should (i'm assuming you have DNS running on both servers):
first check if the reverse lookup zones are correctly pointing to your servers. (if you have reverse zones configured)
then check in the ip properties if you have configured the server to use correct dns .
check if the active directory zone exists in the dns.
run netdiag and post the response.


0
 

Author Comment

by:Gamout
ID: 21758349
Thanks for the posts so far. ZuhairGmaty: This is a DC and disjoining the domain is not applicable.
Sofianshibani: DNS is running on both servers and Active Directory zones exist in the DNS. The reverse lookup zones are correctly pointing to the servers. For the IP properties, every server is pointing to itself as preferred DNS, and to the second DC as second choice. Netdiag output:
trust relationships... Failed
Kerberos authentication... Failed
Domain membership test . . . . . . : Failed
Failed to query SPN registration on DC 'XXX'. This phrase appeared for all servers XXX in organization
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21758617
dear Gamout:
On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
http://support.microsoft.com/kb/832215
after you restore your dc , it did restore SP too?
ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
it's sounds something related to DNS replication, check this  
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21760015.html
 
0
 

Author Comment

by:Gamout
ID: 21758825
I checked the registry as per the Article ID : 832215 you posted, and it is clean. Now for the replication issue and testing, I have done some changes in AD and DNS and these changes have been reflected on other sites correctly. So it seems cool unless I have a tool that can check specifically the replication and prove the contrary.
One more thing is that when restoring this DC, we did a fresh installation of OS Win 2003 and SP2 and then restored C:, D: and system state.
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21759694
i will suggest this :

1- make sure of  WINS  or DNS address configured on the network interface of your DC
2- also take a look at this  article, it's belong to the error : Contact the & Logon Failure: The target account name is incorrect.  http://support.microsoft.com/kb/288167/en-us
0
 

Author Comment

by:Gamout
ID: 21768063
Now the DNS failed and stoped working, and when I open DNS I don't see anything. No forward/reverse lookup zones, and new errors appear:
Applicatio: Event id: 1053 (Userenv)
Directory services: Event id: 1925 (KDC)
DNS server: Event id: 4000 and 4013 (DNS)
Any magic solution to this issue?
0
 

Author Comment

by:Gamout
ID: 21768386
Where are you EXPERTS ??? Any solution to this ???
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21768766
0
 

Accepted Solution

by:
Gamout earned 0 total points
ID: 21787916
Dear friends, this problem was persisting until I uninstalled AD using dcpromo /forceremoval and the reinstalled AD again. Now everything is working fine and thanks a lot for your posts.
Have a nice day.
0

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now