Client PCs cannot open server file shares

What the problem is: Client PCs can ping the server via computer name and resolves to the correct IP.  Users can browse the server’s file shares via \\IP_Address or \\FQDN, but not \\computer_name.  When browsing via the computer name, the error message that appears is “”Logon failure: the target account name is incorrect”. 

What is causing said problem: password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (<domain name>), and the client realm. The Secure Channel was broken between the two Domain Controllers

How to fix Client:

  1. Checked the DNS pointing from the client.
  2. Checked if he was able to ping the Domain Controller.
  3. Went to the One of the Domain Controllers & first reset the Secure Channel with itself. Do the same with the second Domain Controller.
  4. After that reset the Secure Channel of the Domain Controller with each other.

Commands to reset the secure channel

  • net stop kdc
  • klist purge
  • netdom resetpwd /s:server name /ud:domain name\administrator /pd: administrator passowrd.
  • net start kdc.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply