Error message when you log on to a Windows Vista-based or Windows Server 2008-based computer that has the “Allow user name hint” Group Policy setting enabled: “The specified username is invalid”
Consider the following scenario:
- In an Active Directory Domain Services (AD DS) environment, you apply the Allow user name hint Group Policy setting to the Windows Vista-based or Windows Server 2008-based client computers. This Group Policy setting displays the domain name when a user enters the user name.
- A user uses a Smart Card certificate for authentication during logon.
- The Smart Card certificate has a subject name that is presented in the fully distinguished name (also known as DN) format. Additionally, the domain component of the subject name does not match the domain in the network.
In this scenario, when the user tries to join the domain from a Windows Vista-based or Windows Server 2008-based client computer by using the Smart Card certificate, the user cannot join the domain. This problem occurs even though the name of the domain that the user tries to join is presented by the hint. In this case, the user receives the following error message:
The following error occurred attempting to join the domain Domain_Name:
The specified username is invalid.
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB957656.