Solved

Logon Failure: The target account name is incorrect

Posted on 2008-06-11
13
1,231 Views
Last Modified: 2008-07-03
In one of our branches, we have 2 DCs (Win Server 2003 Ent. Ed. SP2) and one of them crashed completely. We restored everything back but the following errors appear frequently:
"      On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
"      On System Event Viewer: Event ID: 4, 24, 26 and 29 (W32Time)
"      ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
When I run DCDiag on this restored server I got: Failed test Netlogons and Failed test Advertising. In addition: I can ping this server by name & IP, I can also browse it by IP but NOT with its domain name and I get a message: DAM-FNP is not accessible. You might not have permission to use this network resource. Contact the & Logon Failure: The target account name is incorrect.
I tested Active Directory replication between these 2 servers and it is OK. Replication is Ok also with other servers in the main office.
Any solutions to this situation. Thanks a lot
0
Comment
Question by:Gamout
  • 6
  • 5
  • 2
13 Comments
 
LVL 2

Expert Comment

by:sofianshibani
ID: 21757844
it sounds like you have some services not running, please confirm if Netlogon, Server and Workstation services are running.
0
 

Author Comment

by:Gamout
ID: 21757876
Thanks for responding. The 3 services you mentioned are all "Started". Machine also has been restarted many times and these services are working fine.
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21757938
try this :

1: disjoined the server from the domain, leave it in the workgroup.
2: do a nbtstat -a servername, see if there is any conflict.  do a nbtstat -a domaincontrollerservername too.
3: if there is no conflict, join back the server to the domain again.

reference: http://www.experts-exchange.com/Operating_Systems/Q_21018430.html
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21757951
0
 
LVL 2

Expert Comment

by:sofianshibani
ID: 21757956
ok, now , there are multiple causes to the situation you are in, all those generated events indicate a problem with AC DS, netlogon is trying to register in dns but it cannot contact the active directory domain service, you should (i'm assuming you have DNS running on both servers):
first check if the reverse lookup zones are correctly pointing to your servers. (if you have reverse zones configured)
then check in the ip properties if you have configured the server to use correct dns .
check if the active directory zone exists in the dns.
run netdiag and post the response.


0
 

Author Comment

by:Gamout
ID: 21758349
Thanks for the posts so far. ZuhairGmaty: This is a DC and disjoining the domain is not applicable.
Sofianshibani: DNS is running on both servers and Active Directory zones exist in the DNS. The reverse lookup zones are correctly pointing to the servers. For the IP properties, every server is pointing to itself as preferred DNS, and to the second DC as second choice. Netdiag output:
trust relationships... Failed
Kerberos authentication... Failed
Domain membership test . . . . . . : Failed
Failed to query SPN registration on DC 'XXX'. This phrase appeared for all servers XXX in organization
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21758617
dear Gamout:
On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
http://support.microsoft.com/kb/832215
after you restore your dc , it did restore SP too?
ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
it's sounds something related to DNS replication, check this  
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21760015.html
 
0
 

Author Comment

by:Gamout
ID: 21758825
I checked the registry as per the Article ID : 832215 you posted, and it is clean. Now for the replication issue and testing, I have done some changes in AD and DNS and these changes have been reflected on other sites correctly. So it seems cool unless I have a tool that can check specifically the replication and prove the contrary.
One more thing is that when restoring this DC, we did a fresh installation of OS Win 2003 and SP2 and then restored C:, D: and system state.
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21759694
i will suggest this :

1- make sure of  WINS  or DNS address configured on the network interface of your DC
2- also take a look at this  article, it's belong to the error : Contact the & Logon Failure: The target account name is incorrect.  http://support.microsoft.com/kb/288167/en-us
0
 

Author Comment

by:Gamout
ID: 21768063
Now the DNS failed and stoped working, and when I open DNS I don't see anything. No forward/reverse lookup zones, and new errors appear:
Applicatio: Event id: 1053 (Userenv)
Directory services: Event id: 1925 (KDC)
DNS server: Event id: 4000 and 4013 (DNS)
Any magic solution to this issue?
0
 

Author Comment

by:Gamout
ID: 21768386
Where are you EXPERTS ??? Any solution to this ???
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
ID: 21768766
0
 

Accepted Solution

by:
Gamout earned 0 total points
ID: 21787916
Dear friends, this problem was persisting until I uninstalled AD using dcpromo /forceremoval and the reinstalled AD again. Now everything is working fine and thanks a lot for your posts.
Have a nice day.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question