broncbuster
asked on
Login Failure: the target account name is incorrect
Hello,
I'm having an issue with my domain controller. The office is running windows server 2003 AD DC with DNS, DHCP and file sharing with about 30 workstations connected to it. I got called in because the office was complaining about problems losing network shares randomly. Sometimes, they will reboot and it will be ok, other times, it continues to act up. I got here and checked it out and found several computers that when I tried to access network drives, got the error: Login Failure: the target account name is incorrect. After rebooting the computers, most of them are working, but not all of them. I even rebooted the server. Still nothing. I've been doing research on this forum and ran many diagnosis tools but i still can't find the problem.
On the computer I"m having most trouble with, I removed it from the domain and rejoined the domain but it still doesn't work. Then i tried to change the computer name and i got the same error: (login failure...). So then I removed the computer from the domain and changed the computer name no problem. But when i tried to rejoin the domain, I was unable to join and got the same error (login failure...). I've tried removing the computer from the list of active directory users and computers and it deleted just fine. But when i tried to add the computer back to the list I get this error: "MMC has detected an error in a snapin. It is recommended that you shut down and restart MMC". I'm to the point where i need to ask for help. Please help!!
Steve
I'm having an issue with my domain controller. The office is running windows server 2003 AD DC with DNS, DHCP and file sharing with about 30 workstations connected to it. I got called in because the office was complaining about problems losing network shares randomly. Sometimes, they will reboot and it will be ok, other times, it continues to act up. I got here and checked it out and found several computers that when I tried to access network drives, got the error: Login Failure: the target account name is incorrect. After rebooting the computers, most of them are working, but not all of them. I even rebooted the server. Still nothing. I've been doing research on this forum and ran many diagnosis tools but i still can't find the problem.
On the computer I"m having most trouble with, I removed it from the domain and rejoined the domain but it still doesn't work. Then i tried to change the computer name and i got the same error: (login failure...). So then I removed the computer from the domain and changed the computer name no problem. But when i tried to rejoin the domain, I was unable to join and got the same error (login failure...). I've tried removing the computer from the list of active directory users and computers and it deleted just fine. But when i tried to add the computer back to the list I get this error: "MMC has detected an error in a snapin. It is recommended that you shut down and restart MMC". I'm to the point where i need to ask for help. Please help!!
Steve
Make sure only the domain controllers are listed as the nameserver for the clients. If there are outside server (ISP nameservers) remove them.
Hope you managed to get this sorted. If you're still having trouble let me know and we'll troubleshoot further.
Cheers,
D
Cheers,
D
ASKER
Hi...thanks for the responses. I've not been out to the client's office since i posted the question. It will be this week early. One thing i forgot to mention is that they have 2 DC's on the network, but only should have 1. Second server should have been setup as only a file server, but whoever set it up, did it as a DC.
OK, good luck! Shouldn't be a problem that the 2nd server is DC, unless it's somehow been misconfigured. If necessary should be easy enough to run DCPROMO and revert to just a file server.
Looking back through the symptoms, I would also check for duplicate IP addresses on the network and/or a DHCP pool that overlaps with statically assigned IP addresses.
Looking back through the symptoms, I would also check for duplicate IP addresses on the network and/or a DHCP pool that overlaps with statically assigned IP addresses.
Also check that other DC to see if it has the DNS service running on it. If it doesn't and that server is listed as a DNS server in the DHCP options that would cause problems.
ASKER
Ok, this is what I get when i do nslookup "servername"
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nsl ookup mainserver
*** Can't find server name for address 10.1.10.200: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 10.1.10.200
Name: mainserver.adc.pri
Addresses: 10.1.10.200, 192.168.0.1
C:\Documents and Settings\Administrator>
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nsl
*** Can't find server name for address 10.1.10.200: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 10.1.10.200
Name: mainserver.adc.pri
Addresses: 10.1.10.200, 192.168.0.1
C:\Documents and Settings\Administrator>
ASKER
Ok, I looked up the nslookup error and found the Microsoft document on adding reverse lookup zones and setting a PTR. So I did it and tried nslookup again and got this:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nsl ookup mainserver
Server: mainserver
Address: 10.1.10.200
Name: mainserver.adc.pri
Addresses: 10.1.10.200, 192.168.0.1
C:\Documents and Settings\Administrator>
However, I still get my same "Login Failure...:"error when trying to join the domain. Also, I tried to demote the second DC using DCPromo, but on that computer, I get the same error: Login failure: target accont ....
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>nsl
Server: mainserver
Address: 10.1.10.200
Name: mainserver.adc.pri
Addresses: 10.1.10.200, 192.168.0.1
C:\Documents and Settings\Administrator>
However, I still get my same "Login Failure...:"error when trying to join the domain. Also, I tried to demote the second DC using DCPromo, but on that computer, I get the same error: Login failure: target accont ....
ASKER
Also, I checked the DNS Event viewer and found a warning from today:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 12/23/2009
Time: 9:21:49 AM
User: N/A
Computer: MAINSERVER
Description:
The DNS server encountered error 32 attempting to load zone 10.1.10.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 12/23/2009
Time: 9:21:49 AM
User: N/A
Computer: MAINSERVER
Description:
The DNS server encountered error 32 attempting to load zone 10.1.10.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, here you go.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Temp>dcdiag /c /q
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MAINSERVER failed test frsevent
[MAINSERVER] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
DNS Tests are running and not hung. Please wait a few minutes...
Test results for domain controllers:
DC: mainserver.adc.pri
Domain: adc.pri
TEST: Basic (Basc)
Warning: adapter [00000007] Broadcom BCM5708C NetXtreme II Gig
E (NDIS VBD Client) has invalid DNS server: 10.1.10.1 (<name unavailable>)
Error: The A record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 10.1.10.1 (<name
unavailable>)
TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client):
Error: Missing A record at DNS server 10.1.10.1 :
mainserver.adc.pri
Error: Missing CNAME record at DNS server 10.1.10.1 :
ef5d0124-0c00-4eba-b38e-f5 d72861044d ._msdcs.ad c.pri
Error: Missing DC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.dc._msdcs.adc.p ri
Error: Missing GC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.gc._msdcs.adc.p ri
Error: Missing PDC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.pdc._msdcs.adc. pri
Error: Record registrations cannot be found for all the network a
dapters
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 10.1.10.1 (<name unavailable>)
2 test failures on this DNS server
Name resolution is not functional. _ldap._tcp.adc.pri. failed on
the DNS server 10.1.10.1
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: adc.pri
mainserver PASS FAIL FAIL PASS PASS FAIL n/a
......................... adc.pri failed test DNS
C:\Temp>
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Temp>dcdiag /c /q
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MAINSERVER failed test frsevent
[MAINSERVER] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
DNS Tests are running and not hung. Please wait a few minutes...
Test results for domain controllers:
DC: mainserver.adc.pri
Domain: adc.pri
TEST: Basic (Basc)
Warning: adapter [00000007] Broadcom BCM5708C NetXtreme II Gig
E (NDIS VBD Client) has invalid DNS server: 10.1.10.1 (<name unavailable>)
Error: The A record for this DC was not found
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 10.1.10.1 (<name
unavailable>)
TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client):
Error: Missing A record at DNS server 10.1.10.1 :
mainserver.adc.pri
Error: Missing CNAME record at DNS server 10.1.10.1 :
ef5d0124-0c00-4eba-b38e-f5
Error: Missing DC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.dc._msdcs.adc.p
Error: Missing GC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.gc._msdcs.adc.p
Error: Missing PDC SRV record at DNS server 10.1.10.1 :
_ldap._tcp.pdc._msdcs.adc.
Error: Record registrations cannot be found for all the network a
dapters
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 10.1.10.1 (<name unavailable>)
2 test failures on this DNS server
Name resolution is not functional. _ldap._tcp.adc.pri. failed on
the DNS server 10.1.10.1
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: adc.pri
mainserver PASS FAIL FAIL PASS PASS FAIL n/a
......................... adc.pri failed test DNS
C:\Temp>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the response!
I applied all the changes and re-ran the dcdiag /c /q and this is what i got.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>cd \
C:\>cd temp
C:\Temp>dcdiag /c /q
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MAINSERVER failed test frsevent
An Error Event occured. EventID: 0x00000457
Time Generated: 12/23/2009 21:43:40
(Event String could not be retrieved)
......................... MAINSERVER failed test systemlog
[MAINSERVER] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
DNS Tests are running and not hung. Please wait a few minutes...
C:\Temp>
I applied all the changes and re-ran the dcdiag /c /q and this is what i got.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>cd \
C:\>cd temp
C:\Temp>dcdiag /c /q
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MAINSERVER failed test frsevent
An Error Event occured. EventID: 0x00000457
Time Generated: 12/23/2009 21:43:40
(Event String could not be retrieved)
......................... MAINSERVER failed test systemlog
[MAINSERVER] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
DNS Tests are running and not hung. Please wait a few minutes...
C:\Temp>
ASKER
Ok...Here's what i've done.
I noticed that I was getting a lot of kerberos errors from the second DC, So I did a forceful demote and then removed the servername from the list of DC's on the primary DC. Then I was able to join the domain with the previous DC no problem. Then the Kerberos Errors stopped occuring in the system event viewer. I am unable to test it on a workstation as I am not on site, but I will do this next week Monday. Things are looking up and I thank you for your advice. Please advise if there is anything else I need to be doing here.
Steve
I noticed that I was getting a lot of kerberos errors from the second DC, So I did a forceful demote and then removed the servername from the list of DC's on the primary DC. Then I was able to join the domain with the previous DC no problem. Then the Kerberos Errors stopped occuring in the system event viewer. I am unable to test it on a workstation as I am not on site, but I will do this next week Monday. Things are looking up and I thank you for your advice. Please advise if there is anything else I need to be doing here.
Steve
Hi broncbuster,
that's great news! DCDIAG now looks clear - the frsevent and eventlog errors will continue to pop up for a while as they look back at the previous 24 hours of event logs. Hopefully they should clear up soon.
If you are still having trouble on any workstations, check they have the correct primary DNS server, and give them a reboot.
Have a good Christmas and let me know how things go on Monday.
Cheers,
D
that's great news! DCDIAG now looks clear - the frsevent and eventlog errors will continue to pop up for a while as they look back at the previous 24 hours of event logs. Hopefully they should clear up soon.
If you are still having trouble on any workstations, check they have the correct primary DNS server, and give them a reboot.
Have a good Christmas and let me know how things go on Monday.
Cheers,
D
ASKER
You are Freakin Awesome! How do you know so much?
You're too kind broncbuster! Thanks for the points,
D
D
Troubleshooting steps:
On a workstation that's experiencing the problem, run "nslookup servername", and check that the IP address that is returned is correct
If the IP address is incorrect, check that the client has the correct DNS server address.