Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Connecting Issues to Server "Logon Failure: The target account name is incorrect"

Posted on 2014-03-28
10
2,256 Views
Last Modified: 2014-04-09
As of yesterday, users are having issues trying to connect to the network via the network name. If you type in \\servername or try to open a mapped network drive, you cannot connect but it will work with the IP address. This is happening on Windows XP and 7 machines and the server is a Windows 2008 R2.

Sometimes if you don't do anything, after time it will start working again be itself. Otherwise as of right now if I flush the DNS, register the DNS, and reboot the computer, that will usually fix the problem. It happens to random people at random times.

Any ideas what I can do to fix this? Let me know if you have any questions...thanks!
0
Comment
Question by:itadminnek
  • 5
  • 4
10 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962574
Hi,

1. Is the IP configured thorough DHCP server, if yes then what it the lease period time.
2. check the DNS scavenging time.
3. check the DNS server if multiple A records are created against systems
0
 

Author Comment

by:itadminnek
ID: 39962598
The IP address is DHCP but I don't know how to check the setting you are asking about...where in DNS or DHCP do I check these settings?
0
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 250 total points
ID: 39962621
r u using router or server for DHCP ?

if its windows server then

 In the DHCP snap-in, select and right-click the scope you want to configure.
Select Properties.
In the Lease duration for DHCP clients box, adjust the lease time for the scope.

for DNS


    Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.
    Click the Advanced tab.
    Select the Enable automatic scavenging of stale records check box.

and see the period.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:itadminnek
ID: 39962662
Okay I did this...what should I do now?
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 39962686
Also, in the DHCP console in the properties of your DHCP scope, make sure that dynamic updates are enabled:

DHCP dynamic upates settings
This will make sure that DNS records are updated automatically when DHCP assigns a new IP address to a workstation.
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962695
please share the both DHCP lease and DNS scavenging current setting.
0
 

Author Comment

by:itadminnek
ID: 39962742
hypercat - I have made that change

Santosh - I am confused as to what you are asking...
0
 

Author Comment

by:itadminnek
ID: 39962786
Hey Experts,

This issue happened to me this morning and I went and took a look at the event viewer and this is what is showing right before I rebooting to fix it:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was cifs/n05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was host/n05. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server n05$. The target name used was ldap/N05.NC.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (NC.COM) is different from the client domain (NC.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

Does this help?
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39962924
0
 

Author Comment

by:itadminnek
ID: 39989099
I have done what you suggested and the issues seems to have gone away...I can't pin point what fixed it so I will split points! Thanks!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question