jaglin84
asked on
Login Failure, the target account is incorrect *Help!*
Hi all,
Recently, i had to re-do my entire domain when a migration between a windows 2000 server and windows 2008 R2 failed.
What i basically did was to remove the old domain controller and the old domain, and recreated another domain controller and domain. The thing i did was to have the new and old domain have the same name.
For the first few days, everything was fine, users could access shared folders, printers, etc with no issue at all. DNS was fine etc.. ( i am guessing this started when the PCs were renewing DNS entries from the new DC and hence a conflict)
That was the case until yesterday, when things started to act up, a few accounts and computers started having difficulties logging in with the error "login failure, the target account is incorrect. " . I tried removing the affected PCs and PC accounts from the domain and re joined them again but still no joy.
When i tried to rejoin them (the PCs) i too got the exact same error " login failure, the target account is incorrect"
I have verified that the network settings were correct.
I have tried to flushdns to clear dns cache but still no joy.
Trawling through the internet, i seen people resolving this with a simple re join to the domain, but however i am not even able to that as of now.
I think its only a matter of time before all PCs in my domain get affected.
What else can i do to resolve this? I am guessing is the new DNS server of the DC that is probably causing a confusion between the old and new domain.
I ran the command "Nbtstat" and found no conflicts in domain controller or computer name. So i am at a loss here.
Can someone please advise?
At a loss here.
Recently, i had to re-do my entire domain when a migration between a windows 2000 server and windows 2008 R2 failed.
What i basically did was to remove the old domain controller and the old domain, and recreated another domain controller and domain. The thing i did was to have the new and old domain have the same name.
For the first few days, everything was fine, users could access shared folders, printers, etc with no issue at all. DNS was fine etc.. ( i am guessing this started when the PCs were renewing DNS entries from the new DC and hence a conflict)
That was the case until yesterday, when things started to act up, a few accounts and computers started having difficulties logging in with the error "login failure, the target account is incorrect. " . I tried removing the affected PCs and PC accounts from the domain and re joined them again but still no joy.
When i tried to rejoin them (the PCs) i too got the exact same error " login failure, the target account is incorrect"
I have verified that the network settings were correct.
I have tried to flushdns to clear dns cache but still no joy.
Trawling through the internet, i seen people resolving this with a simple re join to the domain, but however i am not even able to that as of now.
I think its only a matter of time before all PCs in my domain get affected.
What else can i do to resolve this? I am guessing is the new DNS server of the DC that is probably causing a confusion between the old and new domain.
I ran the command "Nbtstat" and found no conflicts in domain controller or computer name. So i am at a loss here.
Can someone please advise?
At a loss here.
I have had to hook a machine and server up to a switch all alone before to by pass a similar problem, but it turned out a developer was running a virtual machine AD that was mucking up the works.
ASKER
hi,
Thanks for the reply, i have since disabled DNS on the old server and have set the DHCP service on the new domain controller to make PCs use it as the new DNS server.
The old server also had it's AD component removed, so i don't think it should be fighting control with the new DC.
I have tried using a static IP/DNS setting as well, but still nothing works.
Thanks!
Thanks for the reply, i have since disabled DNS on the old server and have set the DHCP service on the new domain controller to make PCs use it as the new DNS server.
The old server also had it's AD component removed, so i don't think it should be fighting control with the new DC.
I have tried using a static IP/DNS setting as well, but still nothing works.
Thanks!
rebuilt the TCP/IP stack on the client?
HI,
make sure your DHCP server provide the DNS setting for only the new domain controller.
also check Hosts file for old entry for this domain.
How many DCs you have for the new domain?
in computer properties setting , make sure you dont configure primary DNS suffix for this computer.
and check "change primary DNS suffix when domain membership chnages"
make sure your DHCP server provide the DNS setting for only the new domain controller.
also check Hosts file for old entry for this domain.
How many DCs you have for the new domain?
in computer properties setting , make sure you dont configure primary DNS suffix for this computer.
and check "change primary DNS suffix when domain membership chnages"
ASKER
Hi all,
I have only 1 DC for the new domain, I noted something in my DC DNS logs:
I keep getting an Event ID 4007, in which the DNS service can't seem to integrate with the AD.
But i don't understand how this problem could have started only now.
I have tried restarting the DNS service on the DC, but still it doesn't work.
Any ideas on what else i should look into?
I have only 1 DC for the new domain, I noted something in my DC DNS logs:
I keep getting an Event ID 4007, in which the DNS service can't seem to integrate with the AD.
But i don't understand how this problem could have started only now.
I have tried restarting the DNS service on the DC, but still it doesn't work.
Any ideas on what else i should look into?
look over this KB article on how to rebuild the AD dynamic DNS server, as always make sure you have a good and confirmed backup before trying it.
http://support.microsoft.com/kb/294328
http://support.microsoft.com/kb/294328
forgot to add it's for 2000 but should still be a decent guideline.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you REALLY need it online, you might try and grab a simple router, and put it in a new subnet so the two servers don't fight for control.
for a PC disconnect it from all domain, make a 1234 workgroup (any name). reboot it, flushdns. delete or at least move any profile paths out of userprofile storage. make sure the machine can access another in the 1234 workgroup and than on BOTH servers delete the computer account, and join it back to the NEW domain, make sure there are no servers anywhere in the subnet that EVER spoke to the old AD.
might also make sure your machines host files are clean.