Solved

Connecting Issues to Server "Logon Failure: The target account name is incorrect"

Posted on 2014-03-28
10
2,395 Views
Last Modified: 2014-04-09
As of yesterday, users are having issues trying to connect to the network via the network name. If you type in \\servername or try to open a mapped network drive, you cannot connect but it will work with the IP address. This is happening on Windows XP and 7 machines and the server is a Windows 2008 R2.

Sometimes if you don't do anything, after time it will start working again be itself. Otherwise as of right now if I flush the DNS, register the DNS, and reboot the computer, that will usually fix the problem. It happens to random people at random times.

Any ideas what I can do to fix this? Let me know if you have any questions...thanks!
0
Comment
Question by:itadminnek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962574
Hi,

1. Is the IP configured thorough DHCP server, if yes then what it the lease period time.
2. check the DNS scavenging time.
3. check the DNS server if multiple A records are created against systems
0
 

Author Comment

by:itadminnek
ID: 39962598
The IP address is DHCP but I don't know how to check the setting you are asking about...where in DNS or DHCP do I check these settings?
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 250 total points
ID: 39962621
r u using router or server for DHCP ?

if its windows server then

 In the DHCP snap-in, select and right-click the scope you want to configure.
Select Properties.
In the Lease duration for DHCP clients box, adjust the lease time for the scope.

for DNS


    Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
    Click the Advanced tab.
    Select the Enable automatic scavenging of stale records check box.

and see the period.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 

Author Comment

by:itadminnek
ID: 39962662
Okay I did this...what should I do now?
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 39962686
Also, in the DHCP console in the properties of your DHCP scope, make sure that dynamic updates are enabled:

DHCP dynamic upates settings
This will make sure that DNS records are updated automatically when DHCP assigns a new IP address to a workstation.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962695
please share the both DHCP lease and DNS scavenging current setting.
0
 

Author Comment

by:itadminnek
ID: 39962742
hypercat - I have made that change

Santosh - I am confused as to what you are asking...
0
 

Author Comment

by:itadminnek
ID: 39962786
Hey Experts,

This issue happened to me this morning and I went and took a look at the event viewer and this is what is showing right before I rebooting to fix it:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was cifs/n05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was host/n05. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was ldap/N05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Does this help?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962924
0
 

Author Comment

by:itadminnek
ID: 39989099
I have done what you suggested and the issues seems to have gone away...I can't pin point what fixed it so I will split points! Thanks!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question