?
Solved

Logon Failure: The target account name is incorrect

Posted on 2013-12-06
11
Medium Priority
?
8,992 Views
Last Modified: 2013-12-06
DC at different site is experiencing connectivity issues with our head office site DC.
Our network comprises of 2 sites, 2 DCs (1 at each, both Server 2008 R2)

When attempting to open shares of the head office DC from the branch DC I'm seeing the error...

"\\HQDC1 is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
Logon Failure: The target account name is incorrect."

Other computers can access the server and shares without issue.
I have tried restarting the branch DC but the issue persists.
0
Comment
Question by:antonioking
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39701689
On the DC in the branch office have you made sure that your DNS is correct and also eliminted any firewall that might be on this server? Can you get to the Share via IP Address?

Also check the Shares permissions to ensure that nothing is being blocked from this level.

Will.
0
 

Author Comment

by:antonioking
ID: 39701962
I've flushed the dns on the branch server.
nslookup and ping resolve the correct ip of the head office dc.

I can browse by IP, but not name or Fqdn name.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39701976
If you can do this by IP and not by name then it is a DNS issue somewhere. Run the following commands on your DC's...

Repadmin /replsum
Repadmin /showrepl

DCDiag /v

Check your event logs under DNS to see if there are any error's.

Will.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:antonioking
ID: 39701993
Repadmin /replsum
Both DCS are rejecting requests

Repadmin /showrepl
Ran on each DC, both say the destination server is rejecting requests.

DCdiag /v
Shows a lot of failures. I'll work my way through these and report back.

Unfortunately only a recurring warning in DNS..
ID 4013... which makes sense since the branch DC cannot communicate with the other DC at the moment.
0
 

Author Comment

by:antonioking
ID: 39702003
dcdiag failed 3 tests

KccEvent
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.

Replications
The source server is currently rejecting replication requests.

systemlog
Multiple errors
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39702034
What are some of the error logs in the event viewer? Take a look at the below link which describes some troubleshooting steps to correct this issue.

http://support.microsoft.com/kb/2023007


Will.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39702043
Also check the logs on the branch server to ensure that it was properly promoted. I am assuming that the issues are coming from your head office DC? What DC is the FSMO holder?

Will.
0
 

Author Comment

by:antonioking
ID: 39702048
Thanks for that article.

Head office DC holds all the roles and the branch DC should have been promoted properly as it's been working for the past 11 months,
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39702059
I would then start checking the events and seeing when the error messages started and then see what changes had happend in your environment.

Will.
0
 

Author Comment

by:antonioking
ID: 39702197
The branch DC has registry setting 'DSA not Writeable' set to 4 and event ID 2103 has been logged twice in the Directory Services log.

Microsoft suggest demoting the DC and performing a meta-cleanup.

Is this the only method to resolve the issue?

The server is 4000 miles away!
0
 

Author Closing Comment

by:antonioking
ID: 39702447
Thanks for the article link.
I have force demoted the server, performed a meta-cleanup and promoted it again.

I can now access the shares :)

Now I just gotta re-configure all my replicated folders!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question