NTLM: Target computer name mismatch

Purpose

PDQ Deploy and\or PDQ Inventory report "NTLM: Target computer name mismatch" when scanning or deploying to a computer.

mceclip0.png

Resolution

This error means that PDQ software connected to the computer via NTLM and our computer name verification process failed. The computer that PDQ software wanted to connect to is not the one it ended up connecting to.

This is typically caused by a misconfigured DNS environment, where there may be stale DNS, such as multiple DNS records with the same IP Address. PDQ software uses SMB to connect to the computers, SMB relies on Kerberos and\or NTLM authentication, and that relies on DNS.

Why is PDQ software authenticating to the computers using NTLM?

  • Kerberos authentication failed with "KDC_ERR_S_PRINCIPAL_UNKNOWN", which causes NTLM fallback to occur, and is usually due to a misconfigured DNS environment.
  • The "Test Multiple Addresses in name resolution" option is enabled in PDQ software preferences, this causes it to connect to the computer using their IP Address.
  • PDQ software is connecting to a computer using non-domain credentials, such as LAPS or other local credentials.
  • PDQ software is connecting to a computer that doesn't belong to a domain, such as a workgroup computer.
  • PDQ software is connecting to a computer using an IP Address instead of the FDQN.
  • PDQ software is connecting to a computer that belongs to a different Active Directory forest that has a legacy NTLM trust instead of transitive inter-forest trust.
  • Kerberos (TCP 88) port is being blocked between the PDQ server and Domain Controllers.

See Also

Article - How to troubleshoot Kerberos and NTLM authentication

Article - DNS Troubleshooting

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.