User Profile
TheWaterbug
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Re: DCPromo to remove AD DS fails with "Logon Failure: The target account name is incorrect."
Thanks for the reminder. After trying a bunch of different things, I ended up trying an in-place upgrade to Server 2012 R2. After the upgrade finished, not only were the credentials fixed for OldDC, they also were fixed for OldDC2. I did not try running dcpromo, because I am thinking that I may no longer want to demote them if I can upgrade them (testing applications as we speak!), but I was able to browse from both OldDC and OldDC2 to shares on NewDC1 and to NewDC2, whereas previously I could not, and previously browsing to those shares generated the same error that popped up when attempting to finish dcpromo, so I am guessing they had the same root cause.5.7KViews0likes0CommentsRe: DCPromo to remove AD DS fails with "Logon Failure: The target account name is incorrect."
Thanks! The roles have been seized already (see last paragraph). My problem is that I still want to use OldDC on the domain as a non-DC member server. Is there a way to convince this box not to be a DC any more?5.6KViews0likes3CommentsDCPromo to remove AD DS fails with "Logon Failure: The target account name is incorrect."
Good thing this is just my test network! I have a VM clone of my ancientWS 2008 R2("OldDC") running AD DS in a test network along with two spiffy new instances ofWS 2022(NewDC1andNewDC2), both also running AD DS, all onDomain Functional Level 2008 R2. I want to remove AD DS fromOldDC, in preparation for some upgrades, so I randcpromoon it, and when I got to the final step it failed with error: The operation failed because: Managing the network session with NewDC2.MyDomain.pvt failed Logon Failure: The target account name is incorrect." Based onthese instructionsI stopped the KDC service onNewDC1, set Startup to Manual, rebootedNewDC1, and then ran the following onNewDC1: netdom resetpwd /s:NewDC2 /ud:MyDomain\Administrator /pd:* and typed in the same password we've been using for the past few months, and which successfully logged into all 3 machines today.netdomreported success. I rebootedOldDC, logged in with the same password, randcpromo, and I got the same error. I tried browsing fromOldDCto shares onNewDC1andNewDC2, and those fail with a similar error: \\NewDC2 is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Logon Failure: The target account name is incorrect. If I try fromOldDC: net use \\NewDC1 \share that results in: System error 1396 has occurred. Logon Failure: The target account name is incorrect. Curiously, if I type the IPs ofNewDC1andNewDC2into Windows Explorer onOldDC, e.g.\\192.168.0.10or\\192.168.0.6, respectively, I can see the shares and open their contents, includingSYSVOL. This also succeeds: net use \\192.168.0.10 \share OldDC's TCP/IP is set to useNewDC1's IP as its primary DNS server, andnslookup NewDC1andnslookup NewDC2fromOldDCboth return the correct addresses. Browsing fromNewDC1andNewDC2to\\OldDCworks, and I can seeOldDC's shares. I've rebooted all 3 machines many, many times, just in case that might magically fix it, but it didn't. What other options are there for me to fix this? Or do I need to fix? Can I remove AD DS from OldDC some other way? I still want to keep it around as a member of the domain. If I were to upgrade this in place to Server 2012-->Server 2022, would that magically fix the problem? Last week I was on a Zoom call with a consultant who was trying to help me with GPOs for cybersecurity, and based on theintermittent network problems I was having at that time, but which are now fixed, he directed me to seize the roles fromOldDCto eitherNewDC1orNewDC2(can't remember which) usingfsmo maintenance. Could that be the root of the problem?Solved5.8KViews0likes5Comments
Groups
Recent Blog Articles
No content to show