Error message when you try to log on to a Windows-based computer by using an account name that contains an "at" sign (@)

Symptoms

When you try to log on to a Microsoft Windows-based computer by using a user name that contains an "at" sign (@), you receive either of the following error messages:
The system could not log you on. Make sure your user name and domain are correct, then type your password again.
or
The user name or password is incorrect

Cause

This issue occurs if you log on to a Windows-based computer by using an account name that contains an "at" sign (@).

Workaround

To work around this issue follow the steps for your particular version of Windows.

Windows 7, Windows Vista and Windows Server 2008:

To work around this problem, create a new user account that does not contain the "at" sign (@).

If you are trying to log on to a Windows-based computer that has multiple accounts, follow these steps:
  1. Log on to Windows by using an account that does not contain the "at" sign (@)
  2. Create a new user account that does not contain the "at" sign (@).


If your computer has a single account or has multiple accounts and the account(s) name includes the "at" sign (@), follow these steps:
  1. Start the computer in safe mode and create a new user account. To do this, follow these steps:
    1. Restart the computer, and press the F8 key during startup until the Advanced Boot Options screen appears.
    2. On the Advanced Boot Options screen, use the arrow keys to select Safe Mode, and press ENTER.
  2. Click your user account name and then log on to the computer.

    Note When you use Safe Mode, you can log on to the user account that contains the "at" sign (@).
  3. Click Start, click Control Panel and then click User Accounts.
  4. Click Manage another account, click Create a new account, and then type a user account name that does not use the "at" sign (@). Select the account type and then click Create Account.
  5. Restart the computer and then log on to the newly created user account.

    Note If you cannot log on to the system by using the current account, you may have to perform a clean install of Windows to resolve the issue.

Windows Server 2003 and Windows XP

To work around this problem, remove the "at" sign from existing SAM account names. Verify that the "at" sign is not used in new Security Accounts Manager (SAM) account names for user, computer, or service accounts.

If you are trying to log on to a Windows-based computer that has multiple accounts, log on to Windows by using an account that does not contain the "at" sign (@), and then edit the problem account to remove the "at" sign (@) from the account name.

If your computer has a single account or multiple accounts and the account(s) name includes the "at" sign (@), follow these steps:
  1. Start the computer in safe mode. This enables the built-in Administrator account on the computer. To do this, follow these steps:
    1. Restart the computer, and then press the F8 key during startup until the Windows Advanced Options screen appears.
    2. On the Windows Advanced Options screen, use the arrow keys to select Safe Mode, and then press ENTER.
  2. Click Administrator to log on to the computer.
  3. Remove the "at" sign from the problem account name.

    Note If you cannot log on to the system by using the built-in account, you may have to perform a clean install of Windows to resolve the issue.

More Information

This problem may occur if the following conditions are true:
  • The computer uses Service-for-User (S4U) Kerberos authentication.
  • The user account contains an "at" sign (@) in the SAM account name. For example, the account name is sample@bar, @sample, or sample@.
  • The computer uses the user principal name (UPN) logon method. For example, you must type user_name@domain_name.com to log on to the computer.
If these conditions are true, the logon account contains two "at" signs. For example, you must type sample@bar@domain_name.com to log on to the computer.

During S4U Kerberos authentication, the UPN name is parsed from left to right until the first "at" sign is found. The "at" sign acts as a delimiter between the Active Directory directory service logon name and the domain name. When a logon name contains the "at" sign, only the part of the Active Directory logon name that is to the left of the "at" sign is used during authentication.

If your computer is in a workgroup, this problem may occur only with the account name that contains the "at" sign (@).

For more information about how to troubleshoot logon and authentication problems in Microsoft Windows Server 2003, visit the following Microsoft Web site:For more information about logon methods and authentication methods for Microsoft Windows XP Professional, visit the following Microsoft Web site:For more information about how to troubleshoot logon problems in Microsoft Windows 2000 Professional, visit the following Microsoft Web site:
Özellikler

Makale No: 925634 - Son İnceleme: 2 Mar 2010 - Düzeltme: 1

Geri bildirim