J
Jeremy Lang
So a DC's machine account was corrupted by a misguided attempt to get a
couple Mac OSX 10.3 machines to participate in AD. The (cr)Apples have been
taken off the network (almost with a hammer).
I found a couple MS knowledge base articles that seemed to help, especially
Q329873 which told me to run nltest /sc_change_pwd:%domain name% and reboot.
This had worked like a charm (eventually... there's some kind of caching
mechanism that delays it's working on some systems), but over the weekend
many machines started having the same problem again, though the DC wasn't
having trouble running 'Active Directory users and computers' or dcdiag
today like it did Friday evening. (DCdiag passes every test.)
It manifests with workstations access to this server (even by
\\%servername% ) getting the result:
Logon Failure: The target account name is incorrect. It doesn't happen if
they access it by \\%serverIPaddr% but this is our main fileserver and print
server, so that's obviously not good enough. Doing the nltest thing again
today seems to have fixed it (except on one or two that are still having
problems... caching?) but I need a permanent way to fix this problem.
With further searching today I found Q216393. Looks like exactly what I
need, but netdom will not work as it's supposed to. I don't know if it's
being caused by the real problem or just that it doesn't recognize our
domain name (it's unfortunately single-level, i.e. no .com ending, but had
been working fine). Here's what I get:
The specified domain either does not exist or could not be contacted.
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
I tried adding the trailing period to the domain name, \\%domainname%, and a
couple other things. Anybody have any ideas??
couple Mac OSX 10.3 machines to participate in AD. The (cr)Apples have been
taken off the network (almost with a hammer).
I found a couple MS knowledge base articles that seemed to help, especially
Q329873 which told me to run nltest /sc_change_pwd:%domain name% and reboot.
This had worked like a charm (eventually... there's some kind of caching
mechanism that delays it's working on some systems), but over the weekend
many machines started having the same problem again, though the DC wasn't
having trouble running 'Active Directory users and computers' or dcdiag
today like it did Friday evening. (DCdiag passes every test.)
It manifests with workstations access to this server (even by
\\%servername% ) getting the result:
Logon Failure: The target account name is incorrect. It doesn't happen if
they access it by \\%serverIPaddr% but this is our main fileserver and print
server, so that's obviously not good enough. Doing the nltest thing again
today seems to have fixed it (except on one or two that are still having
problems... caching?) but I need a permanent way to fix this problem.
With further searching today I found Q216393. Looks like exactly what I
need, but netdom will not work as it's supposed to. I don't know if it's
being caused by the real problem or just that it doesn't recognize our
domain name (it's unfortunately single-level, i.e. no .com ending, but had
been working fine). Here's what I get:
The secure channel from %server% to %domain% was not reset.
The specified domain either does not exist or could not be contacted.
The specified domain either does not exist or could not be contacted.
The command failed to complete successfully.
I tried adding the trailing period to the domain name, \\%domainname%, and a
couple other things. Anybody have any ideas??