Our Windows Server 2008 SP2 machine, Crackers
for now, no longer allows access to it's network shares. For example we've been using \\Crackers\withCheese\
as a network drive for years and now when we access it we get a specific error message.
The error message is Logon Failure: The target account name is incorrect.
What we think the issue is
We've cloned our Crackers server, named it CrackersIsDead, and gave it a new IP address. When we tried to access the share at \\CrackersIsDead\withCheese\
it came up correctly. We did a switcheroo and swapped the name/IP address with the 2 machines so the new cloned server became Crackers. At this point, the new Crackers had the same issue again: Logon Failure.
Why can't you just use the IP Address instead
Ohh, well we totally can. \\10.10.10.10\withCheese\
works just fine. The issue with doing this is that our Crackers software has many, many references to \\Crackers\
in their code. While we're able to log on by using this IP address, we lose functionality in many of our features.
What might have caused it
This might have nothing to do with it, but it was right before the issue started so I'm mentioning it. On Thursday, right before this issue started I was modifying Active Directory permissions for our entire domain. I was adding a permission for an Authenticated User at the root of our domain. At some point, I deleted the rule that I created, or so I thought. I later realized there are several instances of Authenticated User permissions under here and they automatically combine the rules if some permissions overlap. So it's likely that I deleted the wrong Authenticated User permission. We later decided to click the Restore Defaults option on this domain, as well as all our OUs under it to reset the permission. However, the Tracker issue persists.
What we've tried
- Removed/Re-added Crackers to domain, cleared Active Directory of all instances of it.
- DNS is properly mapped to the correct IP address. Checked by using nslookup, ping, and even remote desktop. All of these show that Crackers is properly configured with the address we're expecting.
- Contacted Microsoft Support for $500. After an hour of tricks, no progress.
- setspn -x
- doesn't show any duplicate SPNs related to Crackers.
- Used the command:
- netdom.exe resetpwd /s:<server> /ud:<domain\user> /pd:*
- on the machine.
- Did something with Kerberos Distribution Key.
- Manual Active Directory sync between the Domain Controllers.
It feels like there's some kind of corruption with the server name Tracker in our environment. Maybe something that's cached relating to Tracker that we need to get rid of? Not sure if I should be looking on our domain controller, active directory, or dns.
Some cloning software will regenerate SID's but you weren't specific.