Microsoft KB Archive/296993

= &quot;Logon failure: the target account name is incorrect&quot; error when promoting domain controllers or creating replicas =

Article ID: 296993

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q296993



SYMPTOMS
When you try to promote domain controllers in new child domains or create replicas, you may receive the following error message:

Logon Failure: The target account name is incorrect

This error may occur when you are promoting a large number of domain controllers for newly created subordinate domains or new trees in the forest while you are logged on with administrative credentials from a different domain.

You may also receive one of the following error messages when you run the Active Directory Installation Wizard (Dcpromo.exe):

The operation failed because the Directory Service failed to create the object CN= ,CN=Partitions,CN=Configuration, DC=2467_19L03ROOT1,DC= ,DC=com Check the event log for possible system errors.

The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.

-or-

The directory service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. &quot;Logon Failure: The target account name is incorrect.&quot;



CAUSE
This issue may occur if the Service Principle Name (SPN) for the domain that is hosting the replica has not been propagated to the domain that contains the account that you use when you run Dcpromo.exe. This propagation may have been delayed because of replication latencies.



RESOLUTION
To resolve this issue, wait for replication to complete before you create Active Directory directory service replicas.

If you cannot wait for replication to complete, use the domain administrator account from the domain that will contain the new replicas. Alternatively, make sure that all domain controllers in the root domain have replicated, and then create the replicas by using the root domain administrator account. To force replication, use tools such as Replmon.exe or Repadmin.exe. Replmon.exe and Repadmin.exe are included in the Windows 2000 Support Tools. For additional information about these tools, click the following article numbers to view the articles in the Microsoft Knowledge Base:

301423 HOW TO: Install the Windows 2000 Support Tools to a Windows 2000 Server-Based Computer

229896 Using Repadmin.exe to Troubleshoot Active Directory Replication



MORE INFORMATION
This issue can also occur while you are logged on as an administrator from the root domain, because a referral ticket must be issued to the child domain before the service ticket can be passed to the child domain. If the referral is requested from a replica in the root that may not have information about the new domain controllers in the child domains, use an administrative account from the child domain. This will allow you to use a service ticket issued by the child domain.

When you review the Dcpromo.log file on grand child domain controllers, it may contain entries similar to the following: mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rootdomaindc1, DC1,DC=companyname,DC=com: received 1325 out of 1472 objects. mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rooddomaindc1, DC=dcpromo,DC=com: received 1472 out of 1472 objects. mm/dd hh:mm:ss [INFO] Replicated the configuration container. mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration, DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors. (8586) mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03GRND1.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 8586 mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 8586 mm/dd hh:mm:ss [ERROR] Failed to install the directory service (8586) mm/dd hh:mm:ss [INFO] The attempted domain controller operation has completed mm/dd hh:mm:ss [INFO] DsRolepSetOperationDone returned 0 Note This sample ticket and the other entries have been wrapped for readability.

When you review the Dcpromoui.log file on grand child domain controllers, it may contain entries similar to the following: dcpromoui 188.4FC 0355      Calling DsRoleGetDcOperationResults dcpromoui 188.4FC 0356      Error 0x0 (!0 => error) dcpromoui 188.4FC 0357      Operation results: dcpromoui 188.4FC 0358      OperationStatus      : 0x218A !0 => error dcpromoui 188.4FC 0359      DisplayString        : The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035A      ServerInstalledSite  : (null) dcpromoui 188.4FC 035B      OperationResultsFlags: 0x0 dcpromoui 188.4FC 035C      Enter ProgressDialog::UpdateText The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035D      Enter State::SetOperationResults Message The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 035E      Enter State::SetOperationResultsFlags 0x0 dcpromoui 188.4FC 035F  Exception caught dcpromoui 188.4FC 0360  catch completed dcpromoui 188.4FC 0361  handling exception dcpromoui 188.4FC 0362  Enter State::ClearHiddenWhileUnattended dcpromoui 188.4FC 0363  Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 188.4FC 0364  Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 188.4FC 0365  Enter EnableConsoleLocking dcpromoui 188.4FC 0366    Enter RegistryKey::Create SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon dcpromoui 188.4FC 0367    Enter RegistryKey::SetValue-DWORD DisableLockWorkstation dcpromoui 188.4FC 0368  Enter State::SetOperationResults result FAILURE dcpromoui 188.4FC 0369  Enter ProgressDialog::UpdateText dcpromoui 188.4FC 036A  Enter State::IsOperationRetryAllowed dcpromoui 188.4FC 036B    true dcpromoui 188.4FC 036C  Enter ComposeFailureMessage dcpromoui 188.4FC 036D    Enter GetErrorMessage 8007218A dcpromoui 188.4FC 036E    Enter State::GetOperationResults Message The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors. dcpromoui 188.4FC 036F    Enter State::GetOperationResultsFlags 0x0 dcpromoui 188.4FC 0370    Enter State::SetFailureMessage The operation failed because:

The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors.

&quot;The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.&quot; dcpromoui 188.4FC 0371  Enter State::GetFailureMessage The operation failed because:

The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors.

&quot;The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.&quot; dcpromoui 188.4FC 0372  MessageBox: Active Directory Installation Failed : The operation failed because:

The Directory Service failed to create the object CN=2467_19L03GRND1 ,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1 ,DC=dcpromo,DC=com. Please check the event log for possible system errors.

&quot;The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.&quot; When you review the Dcpromo.log file on the replica in the child domain, it may contain entries similar to the following: mm/dd hh:mm:ss [INFO] Configuring the local server to host the Directory Service mm/dd hh:mm:ss [INFO] Creating the ntdsa object for this server on dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02 ,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. (1396) mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 1396 mm/dd hh:mm:ss [INFO] NtdsInstall parameters: mm/dd hh:mm:ss [INFO]  Flags: 4 mm/dd hh:mm:ss [INFO]  DitPath: D:\WINDOWS\NTDS mm/dd hh:mm:ss [INFO]  LogPath: D:\WINDOWS\NTDS mm/dd hh:mm:ss [INFO]  SiteName: Default-First-Site-Name mm/dd hh:mm:ss [INFO]  DnsDomainName: 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com mm/dd hh:mm:ss [INFO]  FlatDomainName: mm/dd hh:mm:ss [INFO]  DnsTreeRoot: (NULL) mm/dd hh:mm:ss [INFO]  ReplServerName: dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com mm/dd hh:mm:ss [INFO]  Credentials: 00904130 mm/dd hh:mm:ss [INFO]  pfnUpdateStatus: 748C13D7 mm/dd hh:mm:ss [INFO]  AdminPassword: 00000000 mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 1396 mm/dd hh:mm:ss [ERROR] Failed to install to Directory Service (1396) When you review the Dcpromoui.log file on the replica in the domain, it may contain entries similar to the following: dcpromoui 198.768 0331      Calling DsRoleGetDcOperationResults dcpromoui 198.768 0332      Error 0x0 (!0 => error) dcpromoui 198.768 0333      Operation results: dcpromoui 198.768 0334      OperationStatus      : 0x574 !0 => error dcpromoui 198.768 0335      DisplayString        : The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02 ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration ,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01 .2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 0336      ServerInstalledSite  : (null) dcpromoui 198.768 0337      OperationResultsFlags: 0x0 dcpromoui 198.768 0338      Enter ProgressDialog::UpdateText The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 0339      Enter State::SetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo ,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1 .dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 033A      Enter State::SetOperationResultsFlags 0x0 dcpromoui 198.768 033B  Exception caught dcpromoui 198.768 033C  catch completed dcpromoui 198.768 033D  handling exception dcpromoui 198.768 033E  Enter State::ClearHiddenWhileUnattended dcpromoui 198.768 033F  Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0340  Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0341  Enter EnableConsoleLocking dcpromoui 198.768 0342    Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0343    Enter State::GetRunContext NT5_STANDALONE_SERVER dcpromoui 198.768 0344    Enter RegistryKey::Create SOFTWARE\Microsoft \Windows NT\CurrentVersion\Winlogon dcpromoui 198.768 0345    Enter RegistryKey::SetValue-DWORD DisableLockWorkstation dcpromoui 198.768 0346  Enter State::SetOperationResults result FAILURE dcpromoui 198.768 0347  Enter ProgressDialog::UpdateText dcpromoui 198.768 0348  Enter State::IsOperationRetryAllowed dcpromoui 198.768 0349    true dcpromoui 198.768 034A  Enter ComposeFailureMessage dcpromoui 198.768 034B    Enter GetErrorMessage 80070574 dcpromoui 198.768 034C    Enter State::GetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. dcpromoui 198.768 034D    Enter State::GetOperationResultsFlags 0x0 dcpromoui 198.768 034E    Enter State::SetFailureMessage The operation failed because:

The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica.

&quot;Logon Failure: The target account name is incorrect.&quot; dcpromoui 198.768 034F  Enter State::GetFailureMessage The operation failed because:

The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica.

&quot;Logon Failure: The target account name is incorrect.&quot; dcpromoui 198.768 0350  MessageBox: Active Directory Installation Failed : The operation failed because:

The Directory Service failed to create the server object for CN=NTDS Settings ,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites ,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica.

&quot;Logon Failure: The target account name is incorrect.&quot;

Keywords: kbprb KB296993

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.