1

To set up the scenario: One of our techs set one of the domain controllers to use Microsoft time. The time IS correct (including Time Zone) and DOES match the other domain controller's time; it was previously incorrect, however.

Since the change, no users can connect via \\servername\share or \\servername.domainname.com but \\ip\share works fine. I cannot even access it from the other domain controller with which I know both have the same time. The servername DOES resolve to the correct IP address. Also, strangely enough, \\domainname.com works as well which resolves to the same server. Finally Everything that I have tried does resolve to the same, correct IP address.
The error is: login failure: The target account name is incorrect.

I believe it is time related but since the times are correct and match I'm not sure.

Anyone know what might cause this?

Jeff
  • 685
  • 7
  • 17
  • This has DNS written all over it. – DanBig Nov 20 '12 at 16:14
  • DNS resolves correctly.. Also, oddly enough, domainname.com which .resolves to that server also works correctly servername and servername.domainname.com do NOT work. – Jeff Nov 20 '12 at 16:16
  • So DNS doesn't fully resolve then.. Could be a WINS/NetBEUI issue or something. – gparent Nov 20 '12 at 16:37
  • @gparent no, it completely resolves. Everything points to the same IP address. I just can't connect to file shares on some and I'm pretty sure NetBEUI died with server 2000 :P. – Jeff Nov 20 '12 at 16:40
  • It's still intriguing that suddenly, `servername` and `servername.domainname.com` do not resolve. Is this a coincidence? Maybe other things in your network changed too which could be causing the problem (firewall rules, IPs, etc.) – gparent Nov 20 '12 at 16:41
  • @gparent servername and servername.domainname.com DO resolve to the correct IP as expected, I just can't access shares from those two. – Jeff Nov 20 '12 at 16:42
  • Ah, I re-read what you said. Found it a bit confusing the way you phrased it, but I get it now. – gparent Nov 20 '12 at 16:45
  • @Jeff I don't believe this is time related. Windows will tell you that your client machine doesn't match the time of the server if there is a mismatch. – DKNUCKLES Nov 20 '12 at 17:43
  • Try to uninstall and reinstall the "File and Printer Sharing For Microsoft" from your network card by going to your network card properties and click the "File and Printer Sharing For Microsoft" then uninstall then reinstall it, this might work sometimes if you have issue with the file and printer sharing. :) – Moubasher82 Nov 20 '12 at 17:39
  • NetBEUI is a transport protocol. NetBIOS is a communication/name resolution protocol. – joeqwerty Nov 21 '12 at 05:12
  • Does the reverse DNS entry resolve properly? In other words: does the IP-address resolve to the correct host name? – Elias Mårtenson Nov 22 '12 at 02:26
  • When you access a share via the IP instead of the name, you are authenticated via NTLM not Kerberos. What OS? Is this DC the PDC? If you are logged on locally to this DC and try \\localhost\sharename what happens? When you say "time" is the same do you mean the DATE is also the same? Try "w32tm /monitor /domain:" to check time sync across all DC's. – Clayton Nov 26 '12 at 17:17
  • @Craig620 Thanks, it was time related, but they did both match. It was due to a time server glitch by the navy. See my answer below! – Jeff Nov 27 '12 at 18:28

2 Answers2

1

Here is the cause we found:
One server was set to use the Navy Timeserver. Which had a glitch and cause the server to show the year 2000.

"On Monday, November 19, USNO made what was expected to be a routine upgrade. Unfortunately, for 51 minutes, between 21:07:32 - 21:58:56 UTC, the server gave out the year as 2000 instead of 2012. We have resolved the issue that caused this error." (http://tycho.usno.navy.mil/ntp.html, 11/27/2012)

This caused the one domain controller that had this time server to tell the other server it has not been trusted for a long time(long enough for a permanent loss of trust).

Sadly, the only fix was to forcibly demote the domain controller and re-promote it.

Of further note: Using 3 time different time servers would have prevented this; we will be doing this in the future :)

Thanks!

Jeff
  • 685
  • 7
  • 17
  • In Win2003 the time service allows an update of any time range. In 2008, they fixed that so the max allowed correction is 48 hours. This kb describes how to assign a maxOffset value to the time service in Win2003. http://support.microsoft.com/kb/884776 – Clayton Nov 28 '12 at 19:11
1

I had such an issue, I was trying to connect to a shared SAMBA server in my network and I was able to do it only by \\IP address, not by the \\SERVERNAME.

Solved it by removing additional IP addresses that I've added in the advanced section for Properties for Internet Protocol Version 4 (IPV4) Properties (the window with title Advanced TCP/IP Settings). Being lazy, I've added extra IPs to comfortably connect to some routers that I usually reset to factory settings.

Arise
  • 111
  • 2
  • Where did you put and remove the additional IP Addresses? Was it in the client or server? I have the same problem. All of the clients cannot access shared folder using domain name, but they can using IP address. – Oki Erie Rinaldi Mar 09 '17 at 02:05