Error message when you try to log on by using an account name that contains an at sign (@): The system could not log you on

Error message when you try to log on by using an account name that contains an at sign (@): The system could not log you on

Article ID : 925634
Last Review : November 27, 2007
Revision : 1.7

SYMPTOMS

When you try to log on to a Microsoft Windows-based computer by using a user name that contains an at sign (@), you receive the following error message:

The system could not log you on. Make sure your user name and domain are correct, then type your password again.

Back to the top

CAUSE

This problem may occur if the following conditions are true:

• The computer uses Service-for-User (S4U) Kerberos authentication.
• The user account contains an at sign (@) in the Security Accounts Manager (SAM) account name. For example, the account name is sample@bar.
• The computer uses the user principal name (UPN) logon method. For example, you must type user_name@domain_name.com to log on to the computer.

If these conditions are true, the logon account contains two at signs. For example, you must type sample@bar@domain_name.com to log on to the computer.

During S4U Kerberos authentication, the UPN name is parsed from left to right until the first at sign is found. The at sign acts as a delimiter between the Active Directory directory service logon name and the domain name. When a logon name contains the at sign, only the part of the Active Directory logon name that is to the left of the at sign is used during authentication.

Back to the top

WORKAROUND

To work around this problem, remove the at sign from existing SAM account names.Verify that the at sign is not used in new SAM account names for user, computer, or service accounts.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the Applies to section.

Back to the top

MORE INFORMATION

For more information about how to troubleshoot logon and authentication problems in Microsoft Windows Server 2003, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/en/troubleshooting/logauth.mspx (http://technet2.microsoft.com/windowsserver/en/troubleshooting/logauth.mspx)

For more information about logon methods and authentication methods for Microsoft Windows XP Professional, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb457114.aspx (http://technet.microsoft.com/en-us/library/bb457114.aspx)

For more information about how to troubleshoot logon problems in Microsoft Windows 2000 Professional, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/prork/prcf_omn_uefc.mspx?mfr=true (http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/prork/prcf_omn_uefc.mspx?mfr=true)

Back to the top


APPLIES TO
• Microsoft Windows Server 2003, Standard Edition (32-bit x86)
• Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
• Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
• Microsoft Windows Server 2003, Standard x64 Edition
• Microsoft Windows Server 2003, Enterprise x64 Edition
• Microsoft Windows Server 2003, Datacenter x64 Edition
• Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
• Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
• Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
• Microsoft Windows Server 2003 R2 Standard x64 Edition
• Microsoft Windows Server 2003 R2 Enterprise x64 Edition
• Microsoft Windows XP Professional
• Windows Vista Enterprise 64-bit Edition
• Windows Vista Home Basic 64-bit Edition
• Windows Vista Home Premium 64-bit Edition
• Windows Vista Ultimate 64-bit Edition
• Windows Vista Business
• Windows Vista Business 64-bit Edition
• Windows Vista Enterprise
• Windows Vista Home Basic
• Windows Vista Home Premium
• Windows Vista Ultimate
• Windows Vista Starter
• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard
• Windows Web Server 2008

Back to the top

Keywords: 
kbtshoot kbnetwork kbprb KB925634

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image