Error while joining machine to domain: Logon Failure: The target account name is incorrect

While rejoining one of my machines to the domain, I saw the following error:

The following error occurred attempting to join the domain

Logon Failure: The target account name is incorrect

which I am sure you can guess, was completely wrong as I’ve being using the domain and the account in question for years. Clearly, something was going on with the domain services.

While looking into the logs of my domain controllers, I noticed one DC with significant number of failures in DNS (in fact to the extent that the service wasn’t loading any zones) and consequently, Directory Service. I also looked into the System log and there were a few Kerberos errors as well.

This felt like a domain trust issue so I ran the command:

NETDOM RESETPWD /Server:<Bad Domain Controller Name> /UserD:<Domain Admin Username> /PasswordD:<Domain Admin Password>

Just also remember to stop the KDC Service (Kerberos Key Distribution Center Service) first as it will probably interfere with username mentioned in the account otherwise. It takes a few seconds but then returns with a success.

Once informed that the password has successfully been reset, I gave the server a reboot. With that, all DNS Zone errors disappeared, DNS management loaded fine and Directory Services also came up.

That looked promising so I retried joining the original machine to the domain, which worked as per normal so I thought of doing a quick note, in case you guys see it.

Hope this helps!

About the Author: Ather Beg

Ather is a Senior Specialist Solutions Architect and works for Amazon Web Services. His focus is on all things related to cloud, technology, storage, virtualization and whatever comes in between. Being in the industry for over 27 years, Ather has been a vExpert for 10 years running and is also vExpert NSX/HCX/CloudProvider. He has also been an official VMware blogger at VMworld EU and US and is one of the founding members and contributor to Open HomeLab Wiki and co-hosts @OpenTechCast as well. Ather’s natural habitat is tech events like VMworld, Cloud (and other) Field Days, VMUGs etc. and he thrives on meeting like-minded people and having a good old chat about technology. He’s friendly and not dangerous at all so please do interact with him whenever you spot him in such surroundings.

4 Comments

Acacio Costa July 10, 2018 at 6:37 PM - Reply

Thanks a lot, made my day
Thabiso Masilo January 29, 2020 at 8:01 AM - Reply

I’ve restarted the netlogon and the laptop managed to rejoin the domain.
optimus May 5, 2020 at 7:57 PM - Reply

Hello,
I have 4 DC in one domain, one of DC is giving same error and in AD events its giving DFSR error 5002, if i create user in Bad DC, it replicates to others, but if create user in others DC, it does not replicate to Bad one.
I tried the above given method, but still replication issue is there
- Ather Beg July 1, 2020 at 8:27 AM - Reply
  
  Hello,
  
  Firstly, apologies for the delayed response and I hope your issue has been resolved already.
  
  While the symptoms might look the same, from what you describe, it could also be a USN hole issue. If so, there are ways to fix but given you have 4 DCs (and presumably, the other three are replicating to each other and have the most up-to-date directory), the easiest and most reliable would be to demote the DC and promote it again back to DC.
  
  Hope this helps!