?
Solved

Connecting Issues to Server "Logon Failure: The target account name is incorrect"

Posted on 2014-03-28
10
Medium Priority
?
2,491 Views
Last Modified: 2014-04-09
As of yesterday, users are having issues trying to connect to the network via the network name. If you type in \\servername or try to open a mapped network drive, you cannot connect but it will work with the IP address. This is happening on Windows XP and 7 machines and the server is a Windows 2008 R2.

Sometimes if you don't do anything, after time it will start working again be itself. Otherwise as of right now if I flush the DNS, register the DNS, and reboot the computer, that will usually fix the problem. It happens to random people at random times.

Any ideas what I can do to fix this? Let me know if you have any questions...thanks!
0
Comment
Question by:itadminnek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962574
Hi,

1. Is the IP configured thorough DHCP server, if yes then what it the lease period time.
2. check the DNS scavenging time.
3. check the DNS server if multiple A records are created against systems
0
 

Author Comment

by:itadminnek
ID: 39962598
The IP address is DHCP but I don't know how to check the setting you are asking about...where in DNS or DHCP do I check these settings?
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 1000 total points
ID: 39962621
r u using router or server for DHCP ?

if its windows server then

 In the DHCP snap-in, select and right-click the scope you want to configure.
Select Properties.
In the Lease duration for DHCP clients box, adjust the lease time for the scope.

for DNS


    Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
    Click the Advanced tab.
    Select the Enable automatic scavenging of stale records check box.

and see the period.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:itadminnek
ID: 39962662
Okay I did this...what should I do now?
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 1000 total points
ID: 39962686
Also, in the DHCP console in the properties of your DHCP scope, make sure that dynamic updates are enabled:

DHCP dynamic upates settings
This will make sure that DNS records are updated automatically when DHCP assigns a new IP address to a workstation.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962695
please share the both DHCP lease and DNS scavenging current setting.
0
 

Author Comment

by:itadminnek
ID: 39962742
hypercat - I have made that change

Santosh - I am confused as to what you are asking...
0
 

Author Comment

by:itadminnek
ID: 39962786
Hey Experts,

This issue happened to me this morning and I went and took a look at the event viewer and this is what is showing right before I rebooting to fix it:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was cifs/n05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was host/n05. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was ldap/N05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Does this help?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962924
0
 

Author Comment

by:itadminnek
ID: 39989099
I have done what you suggested and the issues seems to have gone away...I can't pin point what fixed it so I will split points! Thanks!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question