最近有個Server狀況查詢的排程跑不動了,細查結果是排程要連線某台遠端機器時,發生了錯誤。於是我使用net use \\machineName\ipc$ /user:domainName\account的方式做身份驗證測試,卻得到以下的錯誤訊息:
Logon Failure: The target account name is incorrect.

看到這個錯誤訊息,直覺上是domainName\account有問題,但該帳號卻又可以用來登入Terminal Service無誤。

幾經推敲,發現目標機器不久前換到另一個Domain去了,而排程就是從那天開始出問題的,加上我們發現若使用net use \\192.168.1.1\ipc$ /user:domainName\account可以成功,所以這裡說的target account name指的不是我們登入用的使用者帳號,而是指網域中的電腦帳號??

請網管查了一下,果然換Domain時,舊Domain中該機器的電腦帳號未刪,而我們從舊Domain的Client連線過去時,就會因DC回報這筆舊機器帳號而出問題。請網管將舊機器帳號刪除後,問題就解決了。

* Tech Summary *

Sympton: When connecting to a remote server in another domain, you got a "Logon Failure: The target account name is incorrect" message, but you are sure the username and password are correct.  If you use IP address instead of machine name, you can connect to it successfully.

Cause: The computer account of the remote machine still exists in the domain of your client machine, most of the time, it is a forgotten record after domain moving .  When you try to connect to the remote machine, your domain controller report the out-of-date computer account info to you. (I guess.)

Solution: Ask domain administrator to check and remove the invalid computer account.


Comments

Be the first to post a comment

Post a comment


28 - 26 =