og_sh0x
asked on
"The target account name is incorrect" when joining a Windows 2008 Server to the domain
I have a server that I upgraded from Server 2003 Standard SP2 to Server 2008 Standard, SP1. This is a 32-bit server that was a domain controller. I demoted it, upgraded, and promoted it, but I got all sorts of strange errors. DNS was also not working properly on this server, the forward lookup zone was not showing up and I couldn't create one. Unofrtunately I don't have all these errors documented.
So I decided I need to just start over, wipe out any trace of the machine from the domain and set it up again. I demoted the machine, removed DNS, unjoined the machine from the domain, cleaned up the metadata, deleted the machine account, forced replication on the domain controllers, and waited overnight.
Now I want to start rejoining the server. So I'm trying to join this machine as a member server again, and I'm getting the error message:
The following error occurred attempting to join the domain "mydomain.com": Logon Failure: The target accounr name is incorrect.
I have researched this error, and so far it looks like the problem might be with the machine account, or it might be a DNS error. But when I test DNS, everything looks fine. And I thought I did a pretty thorough job of cleaning up the machine account and metadata, etc. Where could the errant data be hiding? Or what else might cause this problem?
So I decided I need to just start over, wipe out any trace of the machine from the domain and set it up again. I demoted the machine, removed DNS, unjoined the machine from the domain, cleaned up the metadata, deleted the machine account, forced replication on the domain controllers, and waited overnight.
Now I want to start rejoining the server. So I'm trying to join this machine as a member server again, and I'm getting the error message:
The following error occurred attempting to join the domain "mydomain.com": Logon Failure: The target accounr name is incorrect.
I have researched this error, and so far it looks like the problem might be with the machine account, or it might be a DNS error. But when I test DNS, everything looks fine. And I thought I did a pretty thorough job of cleaning up the machine account and metadata, etc. Where could the errant data be hiding? Or what else might cause this problem?
dfxdeimos
As a test (if possible) try changing the name of the server before you join it to the domain... like just append a "1" to the end, does that give you the same result?
ASKER
dfxdeimos:
I added "-x" to the name of the server when joining, and received the same message. Thank you for the quick reply! I'm hoping you might have some more ideas.
I added "-x" to the name of the server when joining, and received the same message. Thank you for the quick reply! I'm hoping you might have some more ideas.
Hmm... so we have removed the machine account, the DHCP lease (if any), and the DNS entries of the server in question...
Can you run DCDiag and NETDiag from a DC on the network and post the results? Can you also post the IP configuration information from both a good domain member and the machine in question?
Have you tried to join another test machine to the network to see if the problem is limited to this particular machine or is domain wide?
Can you run DCDiag and NETDiag from a DC on the network and post the results? Can you also post the IP configuration information from both a good domain member and the machine in question?
Have you tried to join another test machine to the network to see if the problem is limited to this particular machine or is domain wide?
ASKER
I ram DCDiag and NETDiag and they didn't seem to return anything interesting. I ran into an interesting phenomenon:
As you know, I can't join this machine with any name. I can join other machines with any name, except the name of this machine. I get the same error message every time. I have tried this on a couple of machines, some have and haven't been joined before. They were all in different cities, with separate subnets, separate domain controllers, and separate DNS servers. The test machines were all 2008 servers on fresh installs.
As you know, I can't join this machine with any name. I can join other machines with any name, except the name of this machine. I get the same error message every time. I have tried this on a couple of machines, some have and haven't been joined before. They were all in different cities, with separate subnets, separate domain controllers, and separate DNS servers. The test machines were all 2008 servers on fresh installs.
It seems that the object must not have been removed successfully from your AD structure.
Can you give this process ( http://www.petri.co.il/delete_failed_dcs_from_ad.htm ) a try and see if via the method described you can still see traces of the old object?
Can you give this process ( http://www.petri.co.il/delete_failed_dcs_from_ad.htm ) a try and see if via the method described you can still see traces of the old object?
ASKER
Yep, I found that very article and followed it before I posted this question. I have Microsoft on the phone now so I will post their solution when I get it.
Alright, best of luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Wow, quite the ride indeed.
Glad everything is working well for you, best of luck going forward.
Glad everything is working well for you, best of luck going forward.