When trying to logon to the domain from a client PC, I recently got the following error message in Windows:

Logon Failure: The target account name is incorrect.

What was strange was that it was only occurring for one particular user account in Active Directory and not other accounts. When I tried a different account, I was able to log onto the server.

Table of Contents

    You may also receive this error message in other situations, such as when you type the UNC path to a share in Windows Explorer. If you are getting the Logon Failure message, here are a few things you can try to solve the problem.

    Method 1 – Reset Machine Account Passwords using Netdom.exe

    You can run the Netdom command on the domain controller that is responsible for accepting login requests from the PC you are having trouble with.

    First, you need to install the Windows Server Support Tools from the CD-ROM. Once installed, you have to stop the Kerberos Key Distribution Center service and set the Startup Type to Manual.

    Then restart the server and open a command prompt. You have to restart in order to remove the Kerberos ticket cache. You can also remove this by using the KLIST or KerbTray tools.

    Finally, type in the following command at the command prompt:

    netdom resetpwd /s:server /ud:domain\User /pd:*

    The /s:server is the name of another domain controller in which the KDC service is running. That server will be used for setting the machine account password.

    The other two parameters are simply the username and password for a domain administrator account.

    Note that this method basically is fixing a problem with replication between two domain controllers. Sometimes replication can fail because the secret password between the domain controllers gets out of sync.

    Make sure replication between your domain controllers is actually working!

    Method 2 – Fully Qualified Domain Name

    Sometimes, depending on how your DNS is setup on the server, you may have to use the fully qualified domain name (FQDN) of the server rather than just the server name.

    So if you are trying to access a network share using a UNC path name or in a logon script, try using servername.domain.lan and it might end up working fine.

    If this works, you can change the DNS settings so you don’t have to use a FQDN by going to the DNS settings under Advanced TCP/IP Settings when you go to the Properties for the Network card.

    Make sure that the DNS suffix specified in the Append these DNS suffixes (in order) box is correct.

    logon failure

    Method 3 – Delete Old Computer Account

    Another reason you can get the “target account name is incorrect” error is if a domain controller was recently migrated from a parent domain to a child domain.

    In this case, the old computer account for the domain controller may still exist in the child domain. All you would have to do is delete the account from the parent domain and you would be good to go.

    Another way to fix it is to remove the server from the domain and rejoin it back to the domain so that the computer account gets reset.

    Those are pretty much all the reasons I’ve ever seen for this error, so if you are still having problem with Logon Failure, post a comment here and I’ll try to help! Enjoy!

    Leave a Reply

    Your email address will not be published.