"Logon failure: the target account name is incorrect" error when promoting domain controllers or creating replicas

This article was previously published under Q296993
Notice
This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy.
This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
When you try to promote domain controllers in new child domains or create replicas, you may receive the following error message:
Logon Failure: The target account name is incorrect
This error may occur when you are promoting a large number of domain controllers for newly created subordinate domains or new trees in the forest while you are logged on with administrative credentials from a different domain.

You may also receive one of the following error messages when you run the Active Directory Installation Wizard (Dcpromo.exe):
The operation failed because the Directory Service failed to create the object CN=NewDomainName,CN=Partitions,CN=Configuration, DC=2467_19L03ROOT1,DC=ForestRootDomain,DC=comCheck the event log for possible system errors.
The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.
-or-
The directory service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica."Logon Failure: The target account name is incorrect."
CAUSE
This issue may occur if the Service Principle Name (SPN) for the domain that is hosting the replica has not been propagated to the domain that contains the account that you use when you run Dcpromo.exe. This propagation may have been delayed because of replication latencies.
RESOLUTION
To resolve this issue, wait for replication to complete before you create Active Directory directory service replicas.

If you cannot wait for replication to complete, use the domain administrator account from the domain that will contain the new replicas. Alternatively, make sure that all domain controllers in the root domain have replicated, and then create the replicas by using the root domain administrator account. To force replication, use tools such as Replmon.exe or Repadmin.exe. Replmon.exe and Repadmin.exe are included in the Windows 2000 Support Tools. For additional information about these tools, click the following article numbers to view the articles in the Microsoft Knowledge Base:
301423 HOW TO: Install the Windows 2000 Support Tools to a Windows 2000 Server-Based Computer
229896 Using Repadmin.exe to Troubleshoot Active Directory Replication
MORE INFORMATION
This issue can also occur while you are logged on as an administrator from the root domain, because a referral ticket must be issued to the child domain before the service ticket can be passed to the child domain. If the referral is requested from a replica in the root that may not have information about the new domain controllers in the child domains, use an administrative account from the child domain. This will allow you to use a service ticket issued by the child domain.

When you review the Dcpromo.log file on grand child domain controllers, it may contain entries similar to the following:
mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rootdomaindc1,DC1,DC=companyname,DC=com: received 1325 out of 1472 objects.mm/dd hh:mm:ss [INFO] Replicating CN=Configuration,DC=rooddomaindc1,DC=dcpromo,DC=com: received 1472 out of 1472 objects.mm/dd hh:mm:ss [INFO] Replicated the configuration container.mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors. (8586)mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03GRND1.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 8586mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 8586mm/dd hh:mm:ss [ERROR] Failed to install the directory service (8586)mm/dd hh:mm:ss [INFO] The attempted domain controller operation has completedmm/dd hh:mm:ss [INFO] DsRolepSetOperationDone returned 0
Note This sample ticket and the other entries have been wrapped for readability.

When you review the Dcpromoui.log file on grand child domain controllers, it may contain entries similar to the following:
dcpromoui 188.4FC 0355       Calling DsRoleGetDcOperationResultsdcpromoui 188.4FC 0356       Error 0x0 (!0 => error)dcpromoui 188.4FC 0357       Operation results:dcpromoui 188.4FC 0358       OperationStatus      : 0x218A !0 => errordcpromoui 188.4FC 0359       DisplayString        : The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors.dcpromoui 188.4FC 035A       ServerInstalledSite  : (null)dcpromoui 188.4FC 035B       OperationResultsFlags: 0x0dcpromoui 188.4FC 035C       Enter ProgressDialog::UpdateText The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors.dcpromoui 188.4FC 035D       Enter State::SetOperationResultsMessage The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors.dcpromoui 188.4FC 035E       Enter State::SetOperationResultsFlags 0x0dcpromoui 188.4FC 035F   Exception caughtdcpromoui 188.4FC 0360   catch completeddcpromoui 188.4FC 0361   handling exceptiondcpromoui 188.4FC 0362   Enter State::ClearHiddenWhileUnattendeddcpromoui 188.4FC 0363   Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 188.4FC 0364   Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 188.4FC 0365   Enter EnableConsoleLockingdcpromoui 188.4FC 0366     Enter RegistryKey::Create SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogondcpromoui 188.4FC 0367     Enter RegistryKey::SetValue-DWORD DisableLockWorkstationdcpromoui 188.4FC 0368   Enter State::SetOperationResults result FAILUREdcpromoui 188.4FC 0369   Enter ProgressDialog::UpdateText dcpromoui 188.4FC 036A   Enter State::IsOperationRetryAlloweddcpromoui 188.4FC 036B     truedcpromoui 188.4FC 036C   Enter ComposeFailureMessagedcpromoui 188.4FC 036D     Enter GetErrorMessage 8007218Adcpromoui 188.4FC 036E     Enter State::GetOperationResultsMessage The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the event log for possible system errors.dcpromoui 188.4FC 036F     Enter State::GetOperationResultsFlags 0x0dcpromoui 188.4FC 0370     Enter State::SetFailureMessage The operation failed because:The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors."The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context.  Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master."dcpromoui 188.4FC 0371   Enter State::GetFailureMessage The operation failed because:The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors."The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context.  Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master."dcpromoui 188.4FC 0372   MessageBox: Active Directory Installation Failed : The operation failed because:The Directory Service failed to create the object CN=2467_19L03GRND1,CN=Partitions,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com. Please check the eventlog for possible system errors."The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context.  Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master."
When you review the Dcpromo.log file on the replica in the child domain, it may contain entries similar to the following:
mm/dd hh:mm:ss [INFO] Configuring the local server to host the Directory Servicemm/dd hh:mm:ss [INFO] Creating the ntdsa object for this server on dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com.mm/dd hh:mm:ss [INFO] Error - The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica. (1396)mm/dd hh:mm:ss [INFO] NtdsInstall for 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com returned 1396mm/dd hh:mm:ss [INFO] NtdsInstall parameters:mm/dd hh:mm:ss [INFO] 	Flags: 4mm/dd hh:mm:ss [INFO] 	DitPath: D:\WINDOWS\NTDSmm/dd hh:mm:ss [INFO] 	LogPath: D:\WINDOWS\NTDSmm/dd hh:mm:ss [INFO] 	SiteName: Default-First-Site-Namemm/dd hh:mm:ss [INFO] 	DnsDomainName: 2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.commm/dd hh:mm:ss [INFO] 	FlatDomainName: mm/dd hh:mm:ss [INFO] 	DnsTreeRoot: (NULL)mm/dd hh:mm:ss [INFO] 	ReplServerName: dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.commm/dd hh:mm:ss [INFO] 	Credentials: 00904130mm/dd hh:mm:ss [INFO] 	pfnUpdateStatus: 748C13D7mm/dd hh:mm:ss [INFO] 	AdminPassword: 00000000mm/dd hh:mm:ss [INFO] DsRolepInstallDs returned 1396mm/dd hh:mm:ss [ERROR] Failed to install to Directory Service (1396)
When you review the Dcpromoui.log file on the replica in the domain, it may contain entries similar to the following:
dcpromoui 198.768 0331       Calling DsRoleGetDcOperationResultsdcpromoui 198.768 0332       Error 0x0 (!0 => error)dcpromoui 198.768 0333       Operation results:dcpromoui 198.768 0334       OperationStatus      : 0x574 !0 => errordcpromoui 198.768 0335       DisplayString        : The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica.dcpromoui 198.768 0336       ServerInstalledSite  : (null)dcpromoui 198.768 0337       OperationResultsFlags: 0x0dcpromoui 198.768 0338       Enter ProgressDialog::UpdateText The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica.dcpromoui 198.768 0339       Enter State::SetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensure the network credentials provided have sufficient access to add a replica.dcpromoui 198.768 033A       Enter State::SetOperationResultsFlags 0x0dcpromoui 198.768 033B   Exception caughtdcpromoui 198.768 033C   catch completeddcpromoui 198.768 033D   handling exceptiondcpromoui 198.768 033E   Enter State::ClearHiddenWhileUnattendeddcpromoui 198.768 033F   Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 198.768 0340   Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 198.768 0341   Enter EnableConsoleLockingdcpromoui 198.768 0342     Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 198.768 0343     Enter State::GetRunContext NT5_STANDALONE_SERVERdcpromoui 198.768 0344     Enter RegistryKey::Create SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogondcpromoui 198.768 0345     Enter RegistryKey::SetValue-DWORD DisableLockWorkstationdcpromoui 198.768 0346   Enter State::SetOperationResults result FAILUREdcpromoui 198.768 0347   Enter ProgressDialog::UpdateText dcpromoui 198.768 0348   Enter State::IsOperationRetryAlloweddcpromoui 198.768 0349     truedcpromoui 198.768 034A   Enter ComposeFailureMessagedcpromoui 198.768 034B     Enter GetErrorMessage 80070574dcpromoui 198.768 034C     Enter State::GetOperationResultsMessage The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica.dcpromoui 198.768 034D     Enter State::GetOperationResultsFlags 0x0dcpromoui 198.768 034E     Enter State::SetFailureMessage The operation failed because:The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica."Logon Failure: The target account name is incorrect."dcpromoui 198.768 034F   Enter State::GetFailureMessage The operation failed because:The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica."Logon Failure: The target account name is incorrect."dcpromoui 198.768 0350   MessageBox: Active Directory Installation Failed : The operation failed because:The Directory Service failed to create the server object for CN=NTDS Settings,CN=DCPXADS02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=2467_19L03ROOT1,DC=dcpromo,DC=com on server dcpxads01.2467_19L03CHLD1.2467_19L03ROOT1.dcpromo.com. Please ensurethe network credentials provided have sufficient access to add a replica."Logon Failure: The target account name is incorrect."
Properties

Article ID: 296993 - Last Review: 12/06/2015 02:19:33 - Revision: 1.6

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server

  • kbnosurvey kbarchive kbprb KB296993
Feedback