[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Connecting Issues to Server "Logon Failure: The target account name is incorrect"

Posted on 2014-03-28
10
Medium Priority
?
2,590 Views
Last Modified: 2014-04-09
As of yesterday, users are having issues trying to connect to the network via the network name. If you type in \\servername or try to open a mapped network drive, you cannot connect but it will work with the IP address. This is happening on Windows XP and 7 machines and the server is a Windows 2008 R2.

Sometimes if you don't do anything, after time it will start working again be itself. Otherwise as of right now if I flush the DNS, register the DNS, and reboot the computer, that will usually fix the problem. It happens to random people at random times.

Any ideas what I can do to fix this? Let me know if you have any questions...thanks!
0
Comment
Question by:itadminnek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962574
Hi,

1. Is the IP configured thorough DHCP server, if yes then what it the lease period time.
2. check the DNS scavenging time.
3. check the DNS server if multiple A records are created against systems
0
 

Author Comment

by:itadminnek
ID: 39962598
The IP address is DHCP but I don't know how to check the setting you are asking about...where in DNS or DHCP do I check these settings?
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 1000 total points
ID: 39962621
r u using router or server for DHCP ?

if its windows server then

 In the DHCP snap-in, select and right-click the scope you want to configure.
Select Properties.
In the Lease duration for DHCP clients box, adjust the lease time for the scope.

for DNS


    Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
    Click the Advanced tab.
    Select the Enable automatic scavenging of stale records check box.

and see the period.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:itadminnek
ID: 39962662
Okay I did this...what should I do now?
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 1000 total points
ID: 39962686
Also, in the DHCP console in the properties of your DHCP scope, make sure that dynamic updates are enabled:

DHCP dynamic upates settings
This will make sure that DNS records are updated automatically when DHCP assigns a new IP address to a workstation.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962695
please share the both DHCP lease and DNS scavenging current setting.
0
 

Author Comment

by:itadminnek
ID: 39962742
hypercat - I have made that change

Santosh - I am confused as to what you are asking...
0
 

Author Comment

by:itadminnek
ID: 39962786
Hey Experts,

This issue happened to me this morning and I went and took a look at the event viewer and this is what is showing right before I rebooting to fix it:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was cifs/n05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was host/n05. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was ldap/N05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Does this help?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962924
0
 

Author Comment

by:itadminnek
ID: 39989099
I have done what you suggested and the issues seems to have gone away...I can't pin point what fixed it so I will split points! Thanks!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question