# logon failure: the target account name is incorrect



## xjermx (Feb 5, 2009)

We have recently noticed a problem where some Windows XP workstations on our domain are unable to access any data on one of our servers. We have a server that doubles as a Domain Controller and a File Server. We have a secondary Domain Controller on the network.

We have made no recent changes to GPO, DNS, Active Directory structure, or any configuration settings on either Domain Controller.

We have five or six users who sometimes get the following when trying to access a mapped drive to the File Server

\\dc1 is not accessible. you might not have permission to use this
network resource. contact the administrator of this server to find
out if you have access permissions. logon failure: the target
account name is incorrect.

A reboot will usually fix the problem, but sometimes it takes multiple reboots. There are perhaps 60 machines on the domain, but only a few are having this problem.

The problem shows up both on machines that are left on, as well as on machines that are rebooted/shutdown.

Our domain/AD structure is very simple, we have a single localdomain, no child domains, etc.

I’ve attempted to research the problem, and found a ton of hits. I’ve noticed that when one of these workstations is experiencing the problem, they are unable to access \\dc1\ however they are able to access it by IP. They are able to access \\localdomainname\ but not \\localdomainname\sysvol they are unable to access \\dc1\sysvol, but they can access \\dc2\sysvol

There are a number of events in the Event Log on the affected workstations, some are listed below:



Event Type:	Error
Event Source:	Kerberos
Event Category:	None
Event ID:	4
Date: 9/24/2009
Time: 8:03:28 AM
User: N/A
Computer:	CRPADM01
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc1.(localdomainname). This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (localdomainname), and the client realm. Please contact your system administrator.

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1058
Date: 9/24/2009
Time: 8:03:28 AM
User: NT AUTHORITY\SYSTEM
Computer:	CRPADM01
Description:
Windows cannot access the file gpt.ini for GPO cn={1890411B-24F2-454E-939E-3247BE3A98DB},cn=policies,cn=system,DC=(localdomainname),DC=com. The file must be present at the location <\\(localdomainname)\SysVol\(localdomainname)\Policies\{1890411B-24F2-454E-939E-3247BE3A98DB}\gpt.ini>. (Logon Failure: The target account name is incorrect. ). Group Policy processing aborted.

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1030
Date: 9/24/2009
Time: 8:03:28 AM
User: NT AUTHORITY\SYSTEM
Computer:	CRPADM01
Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1006
Date: 9/24/2009
Time: 8:52:59 AM
User: localdomainname\jwilliams
Computer:	CRPADM01
Description:
Windows cannot bind to localdomainname domain. (Local Error). Group Policy processing aborted. 

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10010
Date: 9/23/2009
Time: 10:07:41 AM
User: NT AUTHORITY\SYSTEM
Computer:	CRPADM01
Description:
The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register with DCOM within the required timeout.



Any suggestions for troubleshooting steps to take?


----------



## xjermx (Feb 5, 2009)

I've attempted a number of supposed fixes.

from: http://technet.microsoft.com/en-us/library/cc733987(WS.10).aspx

"klist tickets" gives me the following, from a workstation that had the problem, but worked fine after a reboot.

Server: ldap/DC1.mydomain.com/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 9/24/2009 19:29:32
Renew Time: 10/1/2009 9:29:32

Server: LDAP/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 9/24/2009 19:29:32
Renew Time: 10/1/2009 9:29:32

Server: cifs/[email protected]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 9/24/2009 19:29:32
Renew Time: 10/1/2009 9:29:32


----------

