Solved

UNC stop working to all server but can still ping the host name - 500 points

Posted on 2013-11-11
43
468 Views
Last Modified: 2013-11-13
Ok so I can ping all the host name and access shared resource if I use the \\tcp-ip- address\

But not the server name?

I get

\\server is not accessable. You might not have permission to use this network resource. Contact the administratorof the serverto find out if your have permission.

Logon Failure: The target account name is incorrect

Any ideas 500 points
0
Comment
Question by:ise438
  • 22
  • 18
  • 2
  • +1
43 Comments
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39639056
when you say not server name do you mean NetBIOS or fqdn
0
 

Author Comment

by:ise438
ID: 39639068
Hmm not sure the server name would be something like \\wanfs
0
 

Author Comment

by:ise438
ID: 39639075
Also just remove a client from the domain and tried to add them again and got the same error message?

Logon Failure: The target account name is incorrect
0
 

Author Comment

by:ise438
ID: 39639111
Also getting event ID 4

On my servers

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.
0
 
LVL 5

Expert Comment

by:warddhooghe
ID: 39639227
If you have more then one AD controller, check replication between them.
This tool might also be useful: Authentication and Access Control Diagnostics 1.0 (x86)
 
http://www.microsoft.com/Downloads/details.aspx?familyid=E90FE777-4A21-4066-BD22-B931F7572E9A&displaylang=en
0
 

Author Comment

by:ise438
ID: 39641267
Ok also the nothing what so ever is appearing in the ACtive Directory Domain and trusts - It show mycompany.co.uk at the top but nothing beneith it?
0
 
LVL 5

Expert Comment

by:warddhooghe
ID: 39641397
can you clarify what you meant exactly with "Also just remove a client from the domain..."

Also did you check the eventlog on your AD?
Did you check date/time/timezones on your server(s) involved?
All servers on latest Service Packs?
Latest Windows updates?

if that doesnt help, supply more details on versions and infrastructure setup. (VLANS/Routers/etc between those machines involved)
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641616
Does it not work with just "\\SERVER\Share", or "\\SERVER.DOMAIN.COM\Share" or both?
0
 

Author Comment

by:ise438
ID: 39641625
Doesn't work with either - I think its lost the trust setting or something...
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641638
It certainly sounds like a DNS/NetBIOS over TCP/IP issue. I take it the computer can log into the domain? Can you log in with a brand-new user account, i.e. one that hasn't logged into the domain before?
0
 

Author Comment

by:ise438
ID: 39641673
Ok how would I test DNS>Netbios? I can ping the server names from the cmd prompt but can't access them from \\servername etc..

Also i've had a couple of people know that can't log on the network and the error is "Trust Relationship between workstation and domain controller is broken"

Any ideas?
0
 

Author Comment

by:ise438
ID: 39641676
VNC doesn't work onnthe hostname either but entering the ip addy does...
0
 

Author Comment

by:ise438
ID: 39641712
Still getting this...

Also getting event ID 4

On my servers

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641730
If the trust between the PC and the domain is broken, removing/re-adding the PC to the domain should fix it. Is the DNS server that active directory is using online and functional? I'm still thinking this is a name resolution problem. The clients should be using that DNS server for their primary DNS server. As you may already know, DNS can be and usually is installed along with active directory. That process enables DNS to host the appropriate SRV records for domain clients and servers to find the things in the domain. Before that, Windows networking relied on NetBIOS-based broadcast resolution. This was controlled on the LAN with a WINS servers. WINS is optional in modern active directory networks, but many communications processes still use broadcasts to do their work. Later version of Windows encapsulate NetBIOS broadcasts in TCP/IP as NetBIOS over TCP/IP (NBT/IP). NBT/IP has to be specifically enabled on Windows XP and later operating systems. This gives the "\\SERVER\Share" that ability to find its target as opposed to "\\SERVER.DOMAIN.COM\Share". Try enabling NBT/IP and see if the problems resolve.

Go to the properties of your NIC.
Choose IP v4 and then click the "Properties" button.
Click the "Advanced..." button.
Choose the "WINS" tab.
Click "Enable NetBIOS over TCP/IP"
OK through the rest of the dialogs and, for the hell of it, reboot the computer.
0
 

Author Comment

by:ise438
ID: 39641758
This bit first - If the trust between the PC and the domain is broken, removing/re-adding the PC to the domain should fix it. Yep Normally but it doesn't at the moment I get "Logon Failure: The target account name is incorrect" so can't add them back to the domain.

Getting as well now:- The Netlogon 5775 error message is logged in the System event log when the Netlogon service on a domain controller cannot deregister an individual resource record. The event description contains the name of this resource record and other DNS parameters that are used for the deregistration attempt, for example:
 

Event Type: error
 Event Source: NETLOGON
 Event Category: None
 Event ID: 5775
 Date: 3/2/2000
 Time: 6:13:09 PM
 User: N/A
 Computer: COMPUTER10

 Description:
 Deregistration of the DNS record 'gc._msdcs.computer.com. 600 IN A 192.168.4.1' failed with the following error:
 DNS bad key.
0
 

Author Comment

by:ise438
ID: 39641766
Also getting Event ID 4000:
The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641781
The PC is looking for the global catalog server there and presumably not finding. Are the "Glue" records present in DNS? Also, were there at any point any failed DCs that were taken offline, but not removed from the directory?
0
 

Author Comment

by:ise438
ID: 39641792
Sorry what are "Glue" records? and yes I think there are some failed DC's that havn't been removed from the directory who do I do that?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641793
The glue records would be listed in DNS as "_msdcs.domain.com"
0
 

Author Comment

by:ise438
ID: 39641802
On the local DC?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641809
On the server which is the DNS server, usually the DC 99% of the time.
0
 

Author Comment

by:ise438
ID: 39641827
Hmm also it still running in Windows 2000 native mode with a PDC emulating server - I can change this now as we are all on 2003 but it won't let me how can I remove the dead servers?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641834
The domain/forest functional level should not pose any problem regarding connectivity. You need to do a metadata cleanup of active directory to remove all instances of the failed DC. IS this the case?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641849
0
 

Author Comment

by:ise438
ID: 39641862
Ok that throw up that the PDC can not be located - Silly question I know how can I tell wht computer PDC is?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641885
Open Active Directory Users and Computers.
From there go right-click the very top object, titled "Active Directory Users and Computers and choose "All Tasks", then "Operations Masters...".
Choose the PDC tab.
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641889
0
 

Author Comment

by:ise438
ID: 39641892
Hmm ok found that via Google but under Operation Master all i've got it ERROR?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641902
Seems as if the operations masters are no longer able to be contacted. Likely they were on the failed/removed DC and not transferred to the remaining DCs.
0
 

Author Comment

by:ise438
ID: 39641918
Yeah so can I transfer the role now?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641934
You can only transfer if the current owner of the role is online and the destination server is online and they can communicate successfully via DNS. If the listed, current owner is not online, the role must be seized.
0
 

Author Comment

by:ise438
ID: 39641947
Ok so I am going to need to seized the role via ntdsutil maybe?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641960
Seem that way. Was there a DC that was removed from the network without removing it from the domain first?
0
 

Author Comment

by:ise438
ID: 39641965
Yep hardware failure but that was ages ago now...
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39641974
That DC's object has to be removed from the directory via meta data cleanup (ntdsutil)
0
 

Author Comment

by:ise438
ID: 39641987
I've just tried that but getting error messages - does it matter where I run ntdsutil from?
0
 

Author Comment

by:ise438
ID: 39642014
Ok i've just force the move of the operation master to a live server but it said it was a non replicating and was I sure what does that mean?

Also you've help me so much to you want to me award you these 500 point and then open another thread so you can keep helping me?
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39642015
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39642030
Let's continue on the issue until the original question is answered.
0
 

Author Comment

by:ise438
ID: 39642089
Ok on one on my DC i've got nothing list in the DNS at all no forward and reverse zones.

and if I try to replicate from that DC I get an error that points me to http://technet.microsoft.com/en-us/library/907c71fa-76a3-450a-9c43-04658af7bf2b
0
 
LVL 27

Accepted Solution

by:
Jason Watkins earned 500 total points
ID: 39642099
On that DC, run "ipconfig /registerdns" from the command line.
0
 

Author Comment

by:ise438
ID: 39645221
Thanks for you help FireBar "ipconfig /registerdns" got me quite a long way - still some issue but I will start a new question. Ponts yours and thanks for help...
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 39645236
Thanks for the points! Glad to help.
0

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now