• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1266
  • Last Modified:

Logon Failure: The target account name is incorrect

In one of our branches, we have 2 DCs (Win Server 2003 Ent. Ed. SP2) and one of them crashed completely. We restored everything back but the following errors appear frequently:
"      On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
"      On System Event Viewer: Event ID: 4, 24, 26 and 29 (W32Time)
"      ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
When I run DCDiag on this restored server I got: Failed test Netlogons and Failed test Advertising. In addition: I can ping this server by name & IP, I can also browse it by IP but NOT with its domain name and I get a message: DAM-FNP is not accessible. You might not have permission to use this network resource. Contact the & Logon Failure: The target account name is incorrect.
I tested Active Directory replication between these 2 servers and it is OK. Replication is Ok also with other servers in the main office.
Any solutions to this situation. Thanks a lot
0
Gamout
Asked:
Gamout
  • 6
  • 5
  • 2
1 Solution
 
sofianshibaniCommented:
it sounds like you have some services not running, please confirm if Netlogon, Server and Workstation services are running.
0
 
GamoutAuthor Commented:
Thanks for responding. The 3 services you mentioned are all "Started". Machine also has been restarted many times and these services are working fine.
0
 
Zuhir ElgmatiCommented:
try this :

1: disjoined the server from the domain, leave it in the workgroup.
2: do a nbtstat -a servername, see if there is any conflict.  do a nbtstat -a domaincontrollerservername too.
3: if there is no conflict, join back the server to the domain again.

reference: http://www.experts-exchange.com/Operating_Systems/Q_21018430.html
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Zuhir ElgmatiCommented:
0
 
sofianshibaniCommented:
ok, now , there are multiple causes to the situation you are in, all those generated events indicate a problem with AC DS, netlogon is trying to register in dns but it cannot contact the active directory domain service, you should (i'm assuming you have DNS running on both servers):
first check if the reverse lookup zones are correctly pointing to your servers. (if you have reverse zones configured)
then check in the ip properties if you have configured the server to use correct dns .
check if the active directory zone exists in the dns.
run netdiag and post the response.


0
 
GamoutAuthor Commented:
Thanks for the posts so far. ZuhairGmaty: This is a DC and disjoining the domain is not applicable.
Sofianshibani: DNS is running on both servers and Active Directory zones exist in the DNS. The reverse lookup zones are correctly pointing to the servers. For the IP properties, every server is pointing to itself as preferred DNS, and to the second DC as second choice. Netdiag output:
trust relationships... Failed
Kerberos authentication... Failed
Domain membership test . . . . . . : Failed
Failed to query SPN registration on DC 'XXX'. This phrase appeared for all servers XXX in organization
0
 
Zuhir ElgmatiCommented:
dear Gamout:
On Application Event Viewer: Event ID: 1030 and 1097 (Userenv)
http://support.microsoft.com/kb/832215
after you restore your dc , it did restore SP too?
ON DNS server Event Viewer: Event ID: 3000, 4000, 4011 and 9999 (DNS)
it's sounds something related to DNS replication, check this  
http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21760015.html
 
0
 
GamoutAuthor Commented:
I checked the registry as per the Article ID : 832215 you posted, and it is clean. Now for the replication issue and testing, I have done some changes in AD and DNS and these changes have been reflected on other sites correctly. So it seems cool unless I have a tool that can check specifically the replication and prove the contrary.
One more thing is that when restoring this DC, we did a fresh installation of OS Win 2003 and SP2 and then restored C:, D: and system state.
0
 
Zuhir ElgmatiCommented:
i will suggest this :

1- make sure of  WINS  or DNS address configured on the network interface of your DC
2- also take a look at this  article, it's belong to the error : Contact the & Logon Failure: The target account name is incorrect.  http://support.microsoft.com/kb/288167/en-us
0
 
GamoutAuthor Commented:
Now the DNS failed and stoped working, and when I open DNS I don't see anything. No forward/reverse lookup zones, and new errors appear:
Applicatio: Event id: 1053 (Userenv)
Directory services: Event id: 1925 (KDC)
DNS server: Event id: 4000 and 4013 (DNS)
Any magic solution to this issue?
0
 
GamoutAuthor Commented:
Where are you EXPERTS ??? Any solution to this ???
0
 
Zuhir ElgmatiCommented:
0
 
GamoutAuthor Commented:
Dear friends, this problem was persisting until I uninstalled AD using dcpromo /forceremoval and the reinstalled AD again. Now everything is working fine and thanks a lot for your posts.
Have a nice day.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now