在尝试从客户端 PC 登录域时,我最近在 Windows 中收到以下错误消息:
Logon Failure: The target account name is incorrect.
奇怪的是,它只发生在Active Directory中的一个特定用户帐户上,而不是其他帐户。当我尝试其他帐户时,我能够登录到服务器。
![](https://lh3.googleusercontent.com/-8RZKirKeAUg/Ym2UfAaVJ9I/AAAAAAABARc/sFQudxaV8kAs7qV-FCvV8C0l5VKDrM2mQCEwYBhgLKuoDABHVOhy7HaBHTEFoXndnnY3DgYpfD2R927W7zb2Q29NpDsp5NqztZ5zYvN49_7vzPbI5UYSDRfEFPhbYzbH7gFkNtrkjzL_sBHSq0liYx4BH0rqUDaQPW6ZJhBRtm7u7clI7hbfy7GKJpqIqB5TjecnpvPyjdFMd8ZZEVbzC0sqYmY6fyzYQOl4-Ku8k93nyOmrGEFaHxvVpLDZDkLqeFH9ljvP_ViU1bp_HNGnpT2jU767Z9v5IkyCAlCXVW0PzQUI4AFsRghmQAqp9ZFk9xG7tTKyoDj2_EfvhIFdSV1lv7u2UmrD8cVWCiJEuF0Y8CZ02pW-UoeaXs00FBD043cH-OxynKJQ4PA_pC2iepontGHzkAzHaa3xnh4bLbKh1Tur2tvkDv_0gdhJlQ1shmKF0ZGJQK8s9JgBrNuLOsN7aDpfmFaPgFR3P093tC3kfvZ7mHfvZRww9KUFVd8ODhjOjw0mwNiUfzJMWEkq2BZwvXfJWsOMd4w2tpe1uOhwswp61Mcve9Dn-Y-ubjfwlDNkoqwlA3iemgqPv82YP3s_MJiQN_0NlzsH29bDNDG-0UUrmoCTJl-A7IYvtJlEnACeZkPAumurts3u9ZvxuHaYqNKijsT4P8ozbpIf-FitnkyqBHL1lu5KiJzDHlbeTBg/s0/8n8NQAlPO9-a3LejNJFC-L2EUYs.png)
在其他情况下,您也可能会收到此错误消息,例如当您在Windows Explorer中键入共享的UNC路径时。如果您收到登录失败(Logon Failure)消息,您可以尝试以下一些方法来解决问题。
方法 1(Method 1) –使用Netdom.exe重置计算机帐户密码(– Reset Machine Account Passwords)
您可以在负责接受来自您遇到问题的 PC 的登录请求的域控制器上运行Netdom命令。(Netdom)
首先,您需要从CD-ROM安装(CD-ROM)Windows Server Support Tools。安装(Once)后,您必须停止Kerberos 密钥分发中心(Kerberos Key Distribution Center)服务并将启动类型(Startup Type)设置为手动( Manual)。
然后重新启动服务器并打开命令提示符。您必须重新启动才能删除Kerberos票证缓存。您也可以使用KLIST或KerbTray工具删除它。
最后,在命令提示符处键入以下命令:
netdom resetpwd /s:server /ud:domain\User /pd:*
/s:serverKDC服务的另一个域控制器的名称。该服务器将用于设置机器帐户密码。
其他两个参数只是域管理员帐户的用户名和密码。
请注意,此方法基本上是解决两个域控制器之间的复制问题。有时(Sometimes)复制可能会失败,因为域控制器之间的密码不同步。
确保(Make)域控制器之间的复制确实有效!
方法 2 (Method 2) – 完全限定(– Fully Qualified Domain)域名
有时,根据服务器上DNS的设置方式,您可能必须使用服务器的完全限定域名 ( FQDN ) 而不仅仅是服务器名称。
因此,如果您尝试使用UNC路径名或登录脚本访问网络共享,请尝试使用servername.domain.lan,它最终可能会正常工作。
如果这可行,您可以更改DNS设置,这样您就不必使用 FQDN,方法是在您转到网卡属性时转到(Properties) Advanced TCP/IP Settings设置下的DNS设置。(DNS)
确保在附加这些(Make)DNS后缀(按顺序)(Append these DNS suffixes (in order) )框中指定的DNS后缀正确。
![登录失败](https://lh3.googleusercontent.com/-u4JERGagt2E/Ym4FFX1Is0I/AAAAAAABOd4/X6EVwCobG1wi5_AyZLybrFTGwbdR4YyWACEwYBhgLKuoDABHVOhz0kpXzHCRcxmoFnMR6GEPIAncSiSw1It9C6dEgGxLoN5sqsqQ601c7ETXPPiFKuullBoZWdgAm4S5x8SAoAUDg_k0b8uXLm36nnczuyUZj6a-weUTfVGv3Bkyz9NpLnPJS-Ali1eQaky_nm2DZKlBj9wkHipuiEORsci9jyPkTPM5vxR2OkiDx59AZCzYxTQ5k3qsOvsLHVMVespUS_9oJ5XbnSkhtpsF5p6TNJSAzR0OuzMzO-doSo5z1DW-mPLRGaI00f5cyx1saOKOLCDuYp4YtJ50-KY0M6oAdG6H26xeR19L8tF2P3U0QBHpqYRlvb2k56kvIeKbSiRjNyJB2sDgJVCnHYGpXDcFC5bIahFvX2wOe-qdwvAqDgc5S63q9ZgT_jdWsWxIkqMYHaIoIgt9eXZg8scvQkQfBd9xARx4YcDPHJq46uOZAP1wdvomJLHIlGmFnLwvQxSKK5vgIpiElrMC2vlgUhh_WFPeRf7ACewam3pObR4w6LH1x-pWB2YSWN-AUhuPVDzu_GStfD5K-vvE1RZTx-CR-BhwRPPJbPR7FZPd5hRHbO7-XFgp3GQmfKW55w8VHkHo13zuMXTpC89L8IA4Iq0jRIDYjK0Lm1jS4rvi8hUghRML7c3GAQc9_LjDsqbiTBg/s0/uE12sCZbOlv5GVJzhbsjYJzNGcI.png)
方法 3 (Method 3) – 删除旧计算机帐户(– Delete Old Computer Account)
您可能会收到“目标帐户名称不正确”错误的另一个原因是域控制器最近从父域迁移到子域。
在这种情况下,域控制器的旧计算机帐户可能仍存在于子域中。您所要做的就是从父域中删除该帐户,然后您就可以开始了。
修复它的另一种方法是从域中删除服务器并将其重新加入域,以便重置计算机帐户。
这些几乎是我所见过的导致此错误的所有原因,因此,如果您仍然遇到Logon Failure问题,请在此处发表评论,我会尽力提供帮助!享受!
Fix “Logon Failure: The Target Account Name is Incorrect” Error
When tryіng to lоgon to the domаin from a сlient PC, I recently got thе following error messagе in Windows:
Logon Failure: The target account name is incorrect.
What was strange was that it was only occurring for one particular user account in Active Directory and not other accounts. When I tried a different account, I was able to log onto the server.
![](https://lh3.googleusercontent.com/-8RZKirKeAUg/Ym2UfAaVJ9I/AAAAAAABARc/sFQudxaV8kAs7qV-FCvV8C0l5VKDrM2mQCEwYBhgLKuoDABHVOhy7HaBHTEFoXndnnY3DgYpfD2R927W7zb2Q29NpDsp5NqztZ5zYvN49_7vzPbI5UYSDRfEFPhbYzbH7gFkNtrkjzL_sBHSq0liYx4BH0rqUDaQPW6ZJhBRtm7u7clI7hbfy7GKJpqIqB5TjecnpvPyjdFMd8ZZEVbzC0sqYmY6fyzYQOl4-Ku8k93nyOmrGEFaHxvVpLDZDkLqeFH9ljvP_ViU1bp_HNGnpT2jU767Z9v5IkyCAlCXVW0PzQUI4AFsRghmQAqp9ZFk9xG7tTKyoDj2_EfvhIFdSV1lv7u2UmrD8cVWCiJEuF0Y8CZ02pW-UoeaXs00FBD043cH-OxynKJQ4PA_pC2iepontGHzkAzHaa3xnh4bLbKh1Tur2tvkDv_0gdhJlQ1shmKF0ZGJQK8s9JgBrNuLOsN7aDpfmFaPgFR3P093tC3kfvZ7mHfvZRww9KUFVd8ODhjOjw0mwNiUfzJMWEkq2BZwvXfJWsOMd4w2tpe1uOhwswp61Mcve9Dn-Y-ubjfwlDNkoqwlA3iemgqPv82YP3s_MJiQN_0NlzsH29bDNDG-0UUrmoCTJl-A7IYvtJlEnACeZkPAumurts3u9ZvxuHaYqNKijsT4P8ozbpIf-FitnkyqBHL1lu5KiJzDHlbeTBg/s0/8n8NQAlPO9-a3LejNJFC-L2EUYs.png)
You may also receive this error message in other situations, such as when you type the UNC path to a share in Windows Explorer. If you are getting the Logon Failure message, here are a few things you can try to solve the problem.
Method 1 – Reset Machine Account Passwords using Netdom.exe
You can run the Netdom command on the domain controller that is responsible for accepting login requests from the PC you are having trouble with.
First, you need to install the Windows Server Support Tools from the CD-ROM. Once installed, you have to stop the Kerberos Key Distribution Center service and set the Startup Type to Manual.
Then restart the server and open a command prompt. You have to restart in order to remove the Kerberos ticket cache. You can also remove this by using the KLIST or KerbTray tools.
Finally, type in the following command at the command prompt:
netdom resetpwd /s:server /ud:domain\User /pd:*
The /s:server is the name of another domain controller in which the KDC service is running. That server will be used for setting the machine account password.
The other two parameters are simply the username and password for a domain administrator account.
Note that this method basically is fixing a problem with replication between two domain controllers. Sometimes replication can fail because the secret password between the domain controllers gets out of sync.
Make sure replication between your domain controllers is actually working!
Method 2 – Fully Qualified Domain Name
Sometimes, depending on how your DNS is setup on the server, you may have to use the fully qualified domain name (FQDN) of the server rather than just the server name.
So if you are trying to access a network share using a UNC path name or in a logon script, try using servername.domain.lan and it might end up working fine.
If this works, you can change the DNS settings so you don’t have to use a FQDN by going to the DNS settings under Advanced TCP/IP Settings when you go to the Properties for the Network card.
Make sure that the DNS suffix specified in the Append these DNS suffixes (in order) box is correct.
![logon failure](https://lh3.googleusercontent.com/-u4JERGagt2E/Ym4FFX1Is0I/AAAAAAABOd4/X6EVwCobG1wi5_AyZLybrFTGwbdR4YyWACEwYBhgLKuoDABHVOhz0kpXzHCRcxmoFnMR6GEPIAncSiSw1It9C6dEgGxLoN5sqsqQ601c7ETXPPiFKuullBoZWdgAm4S5x8SAoAUDg_k0b8uXLm36nnczuyUZj6a-weUTfVGv3Bkyz9NpLnPJS-Ali1eQaky_nm2DZKlBj9wkHipuiEORsci9jyPkTPM5vxR2OkiDx59AZCzYxTQ5k3qsOvsLHVMVespUS_9oJ5XbnSkhtpsF5p6TNJSAzR0OuzMzO-doSo5z1DW-mPLRGaI00f5cyx1saOKOLCDuYp4YtJ50-KY0M6oAdG6H26xeR19L8tF2P3U0QBHpqYRlvb2k56kvIeKbSiRjNyJB2sDgJVCnHYGpXDcFC5bIahFvX2wOe-qdwvAqDgc5S63q9ZgT_jdWsWxIkqMYHaIoIgt9eXZg8scvQkQfBd9xARx4YcDPHJq46uOZAP1wdvomJLHIlGmFnLwvQxSKK5vgIpiElrMC2vlgUhh_WFPeRf7ACewam3pObR4w6LH1x-pWB2YSWN-AUhuPVDzu_GStfD5K-vvE1RZTx-CR-BhwRPPJbPR7FZPd5hRHbO7-XFgp3GQmfKW55w8VHkHo13zuMXTpC89L8IA4Iq0jRIDYjK0Lm1jS4rvi8hUghRML7c3GAQc9_LjDsqbiTBg/s0/uE12sCZbOlv5GVJzhbsjYJzNGcI.png)
Method 3 – Delete Old Computer Account
Another reason you can get the “target account name is incorrect” error is if a domain controller was recently migrated from a parent domain to a child domain.
In this case, the old computer account for the domain controller may still exist in the child domain. All you would have to do is delete the account from the parent domain and you would be good to go.
Another way to fix it is to remove the server from the domain and rejoin it back to the domain so that the computer account gets reset.
Those are pretty much all the reasons I’ve ever seen for this error, so if you are still having problem with Logon Failure, post a comment here and I’ll try to help! Enjoy!