Client PCs cannot open server file shares
What the problem is: Client PCs can ping the server via computer name and resolves to the correct IP. Users can browse the server’s file shares via \\IP_Address or \\FQDN, but not \\computer_name. When browsing via the computer name, the error message that appears is “”Logon failure: the target account name is incorrect”.
What is causing said problem: password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (<domain name>), and the client realm. The Secure Channel was broken between the two Domain Controllers
How to fix Client:
- Checked the DNS pointing from the client.
- Checked if he was able to ping the Domain Controller.
- Went to the One of the Domain Controllers & first reset the Secure Channel with itself. Do the same with the second Domain Controller.
- After that reset the Secure Channel of the Domain Controller with each other.
Commands to reset the secure channel
- net stop kdc
- klist purge
- netdom resetpwd /s:server name /ud:domain name\administrator /pd: administrator passowrd.
- net start kdc.
Leave a Reply
Want to join the discussion?Feel free to contribute!