UNC stop working to all server but can still ping the host name - 500 points

Ok so I can ping all the host name and access shared resource if I use the \\tcp-ip- address\

But not the server name?

I get

\\server is not accessable. You might not have permission to use this network resource. Contact the administratorof the serverto find out if your have permission.

Logon Failure: The target account name is incorrect

Any ideas 500 points
ise438Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Jason WatkinsConnect With a Mentor IT Project LeaderCommented:
On that DC, run "ipconfig /registerdns" from the command line.
0
 
Smith and AndersenCommented:
when you say not server name do you mean NetBIOS or fqdn
0
 
ise438Author Commented:
Hmm not sure the server name would be something like \\wanfs
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
ise438Author Commented:
Also just remove a client from the domain and tried to add them again and got the same error message?

Logon Failure: The target account name is incorrect
0
 
ise438Author Commented:
Also getting event ID 4

On my servers

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.
0
 
warddhoogheCommented:
If you have more then one AD controller, check replication between them.
This tool might also be useful: Authentication and Access Control Diagnostics 1.0 (x86)
 
http://www.microsoft.com/Downloads/details.aspx?familyid=E90FE777-4A21-4066-BD22-B931F7572E9A&displaylang=en
0
 
ise438Author Commented:
Ok also the nothing what so ever is appearing in the ACtive Directory Domain and trusts - It show mycompany.co.uk at the top but nothing beneith it?
0
 
warddhoogheCommented:
can you clarify what you meant exactly with "Also just remove a client from the domain..."

Also did you check the eventlog on your AD?
Did you check date/time/timezones on your server(s) involved?
All servers on latest Service Packs?
Latest Windows updates?

if that doesnt help, supply more details on versions and infrastructure setup. (VLANS/Routers/etc between those machines involved)
0
 
Jason WatkinsIT Project LeaderCommented:
Does it not work with just "\\SERVER\Share", or "\\SERVER.DOMAIN.COM\Share" or both?
0
 
ise438Author Commented:
Doesn't work with either - I think its lost the trust setting or something...
0
 
Jason WatkinsIT Project LeaderCommented:
It certainly sounds like a DNS/NetBIOS over TCP/IP issue. I take it the computer can log into the domain? Can you log in with a brand-new user account, i.e. one that hasn't logged into the domain before?
0
 
ise438Author Commented:
Ok how would I test DNS>Netbios? I can ping the server names from the cmd prompt but can't access them from \\servername etc..

Also i've had a couple of people know that can't log on the network and the error is "Trust Relationship between workstation and domain controller is broken"

Any ideas?
0
 
ise438Author Commented:
VNC doesn't work onnthe hostname either but entering the ip addy does...
0
 
ise438Author Commented:
Still getting this...

Also getting event ID 4

On my servers

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.
0
 
Jason WatkinsIT Project LeaderCommented:
If the trust between the PC and the domain is broken, removing/re-adding the PC to the domain should fix it. Is the DNS server that active directory is using online and functional? I'm still thinking this is a name resolution problem. The clients should be using that DNS server for their primary DNS server. As you may already know, DNS can be and usually is installed along with active directory. That process enables DNS to host the appropriate SRV records for domain clients and servers to find the things in the domain. Before that, Windows networking relied on NetBIOS-based broadcast resolution. This was controlled on the LAN with a WINS servers. WINS is optional in modern active directory networks, but many communications processes still use broadcasts to do their work. Later version of Windows encapsulate NetBIOS broadcasts in TCP/IP as NetBIOS over TCP/IP (NBT/IP). NBT/IP has to be specifically enabled on Windows XP and later operating systems. This gives the "\\SERVER\Share" that ability to find its target as opposed to "\\SERVER.DOMAIN.COM\Share". Try enabling NBT/IP and see if the problems resolve.

Go to the properties of your NIC.
Choose IP v4 and then click the "Properties" button.
Click the "Advanced..." button.
Choose the "WINS" tab.
Click "Enable NetBIOS over TCP/IP"
OK through the rest of the dialogs and, for the hell of it, reboot the computer.
0
 
ise438Author Commented:
This bit first - If the trust between the PC and the domain is broken, removing/re-adding the PC to the domain should fix it. Yep Normally but it doesn't at the moment I get "Logon Failure: The target account name is incorrect" so can't add them back to the domain.

Getting as well now:- The Netlogon 5775 error message is logged in the System event log when the Netlogon service on a domain controller cannot deregister an individual resource record. The event description contains the name of this resource record and other DNS parameters that are used for the deregistration attempt, for example:
 

Event Type: error
 Event Source: NETLOGON
 Event Category: None
 Event ID: 5775
 Date: 3/2/2000
 Time: 6:13:09 PM
 User: N/A
 Computer: COMPUTER10

 Description:
 Deregistration of the DNS record 'gc._msdcs.computer.com. 600 IN A 192.168.4.1' failed with the following error:
 DNS bad key.
0
 
ise438Author Commented:
Also getting Event ID 4000:
The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
0
 
Jason WatkinsIT Project LeaderCommented:
The PC is looking for the global catalog server there and presumably not finding. Are the "Glue" records present in DNS? Also, were there at any point any failed DCs that were taken offline, but not removed from the directory?
0
 
ise438Author Commented:
Sorry what are "Glue" records? and yes I think there are some failed DC's that havn't been removed from the directory who do I do that?
0
 
Jason WatkinsIT Project LeaderCommented:
The glue records would be listed in DNS as "_msdcs.domain.com"
0
 
ise438Author Commented:
On the local DC?
0
 
Jason WatkinsIT Project LeaderCommented:
On the server which is the DNS server, usually the DC 99% of the time.
0
 
ise438Author Commented:
Hmm also it still running in Windows 2000 native mode with a PDC emulating server - I can change this now as we are all on 2003 but it won't let me how can I remove the dead servers?
0
 
Jason WatkinsIT Project LeaderCommented:
The domain/forest functional level should not pose any problem regarding connectivity. You need to do a metadata cleanup of active directory to remove all instances of the failed DC. IS this the case?
0
 
Jason WatkinsIT Project LeaderCommented:
0
 
ise438Author Commented:
Ok that throw up that the PDC can not be located - Silly question I know how can I tell wht computer PDC is?
0
 
Jason WatkinsIT Project LeaderCommented:
Open Active Directory Users and Computers.
From there go right-click the very top object, titled "Active Directory Users and Computers and choose "All Tasks", then "Operations Masters...".
Choose the PDC tab.
0
 
Jason WatkinsIT Project LeaderCommented:
0
 
ise438Author Commented:
Hmm ok found that via Google but under Operation Master all i've got it ERROR?
0
 
Jason WatkinsIT Project LeaderCommented:
Seems as if the operations masters are no longer able to be contacted. Likely they were on the failed/removed DC and not transferred to the remaining DCs.
0
 
ise438Author Commented:
Yeah so can I transfer the role now?
0
 
Jason WatkinsIT Project LeaderCommented:
You can only transfer if the current owner of the role is online and the destination server is online and they can communicate successfully via DNS. If the listed, current owner is not online, the role must be seized.
0
 
ise438Author Commented:
Ok so I am going to need to seized the role via ntdsutil maybe?
0
 
Jason WatkinsIT Project LeaderCommented:
Seem that way. Was there a DC that was removed from the network without removing it from the domain first?
0
 
ise438Author Commented:
Yep hardware failure but that was ages ago now...
0
 
Jason WatkinsIT Project LeaderCommented:
That DC's object has to be removed from the directory via meta data cleanup (ntdsutil)
0
 
ise438Author Commented:
I've just tried that but getting error messages - does it matter where I run ntdsutil from?
0
 
ise438Author Commented:
Ok i've just force the move of the operation master to a live server but it said it was a non replicating and was I sure what does that mean?

Also you've help me so much to you want to me award you these 500 point and then open another thread so you can keep helping me?
0
 
Jason WatkinsIT Project LeaderCommented:
0
 
Jason WatkinsIT Project LeaderCommented:
Let's continue on the issue until the original question is answered.
0
 
ise438Author Commented:
Ok on one on my DC i've got nothing list in the DNS at all no forward and reverse zones.

and if I try to replicate from that DC I get an error that points me to http://technet.microsoft.com/en-us/library/907c71fa-76a3-450a-9c43-04658af7bf2b
0
 
ise438Author Commented:
Thanks for you help FireBar "ipconfig /registerdns" got me quite a long way - still some issue but I will start a new question. Ponts yours and thanks for help...
0
 
Jason WatkinsIT Project LeaderCommented:
Thanks for the points! Glad to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.