locked
Windows XP can't join Windows Server 2012 R2 DC

    Question

  • Do you know something about problems to allow the domain join of a Windows XP to a Windows Server 2012 R2 DC?

    I’m receiving the error “There is no user session key for the specified logon session” only with a DC running WS2012 R2 Preview (the forest/domain level is WS2012), in two different domains, with two different Windows XP VMs…

    NetSetup.log content:

    07/16 14:10:14 -----------------------------------------------------------------
    07/16 14:10:14 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
    07/16 14:10:14 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
    07/16 14:10:14 NetpValidateName: name 'contoso.com' is valid for type 3
    07/16 14:10:20 -----------------------------------------------------------------
    07/16 14:10:20 NetpDoDomainJoin
    07/16 14:10:20 NetpMachineValidToJoin: 'CLIENT5'
    07/16 14:10:20 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:20 NetpMachineValidToJoin: status: 0x0
    07/16 14:10:20 NetpJoinDomain
    07/16 14:10:20  Machine: CLIENT5
    07/16 14:10:20  Domain: contoso.com
    07/16 14:10:20  MachineAccountOU: (NULL)
    07/16 14:10:20  Account: contoso\administrator
    07/16 14:10:20  Options: 0x25
    07/16 14:10:20  OS Version: 5.1
    07/16 14:10:20  Build number: 2600
    07/16 14:10:20  ServicePack: Service Pack 3
    07/16 14:10:20 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
    07/16 14:10:20 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
    07/16 14:10:20 NetpValidateName: name 'contoso.com' is valid for type 3
    07/16 14:10:20 NetpDsGetDcName: trying to find DC in domain 'contoso.com', flags: 0x1020
    07/16 14:10:20 NetpDsGetDcName: found DC '\\DC1.contoso.com' in the specified domain
    07/16 14:10:20 NetpJoinDomain: status of connecting to dc '\\DC1.contoso.com': 0x0
    07/16 14:10:20 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:20 NetpGetDnsHostName: Read NV Hostname: CLIENT5
    07/16 14:10:20 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: contoso.com
    07/16 14:10:20 NetpLsaOpenSecret: status: 0xc0000034
    07/16 14:10:20 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:20 NetpLsaOpenSecret: status: 0xc0000034
    07/16 14:10:20 NetpSetMachineAccountPasswordAndTypeEx: SamSetInformationUser for UserSetPasswordInformation failed: 0xc0000202
    07/16 14:10:20 NetpJoinDomain: status of setting machine password: 0x572
    07/16 14:10:20 NetpJoinDomain: initiaing a rollback due to earlier errors
    07/16 14:10:20 NetpLsaOpenSecret: status: 0x0
    07/16 14:10:20 NetpJoinDomain: rollback: status of deleting secret: 0x0
    07/16 14:10:20 NetpJoinDomain: status of disconnecting from '\\DC1.contoso.com': 0x0
    07/16 14:10:20 NetpDoDomainJoin: status: 0x572
    07/16 14:10:20 -----------------------------------------------------------------
    07/16 14:10:20 NetpDoDomainJoin
    07/16 14:10:20 NetpMachineValidToJoin: 'CLIENT5'
    07/16 14:10:20 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:20 NetpMachineValidToJoin: status: 0x0
    07/16 14:10:20 NetpJoinDomain
    07/16 14:10:20  Machine: CLIENT5
    07/16 14:10:20  Domain: contoso.com
    07/16 14:10:20  MachineAccountOU: (NULL)
    07/16 14:10:20  Account: contoso\administrator
    07/16 14:10:20  Options: 0x27
    07/16 14:10:20  OS Version: 5.1
    07/16 14:10:20  Build number: 2600
    07/16 14:10:20  ServicePack: Service Pack 3
    07/16 14:10:20 NetpValidateName: checking to see if 'contoso.com' is valid as type 3 name
    07/16 14:10:20 NetpCheckDomainNameIsValid [ Exists ] for 'contoso.com' returned 0x0
    07/16 14:10:20 NetpValidateName: name 'contoso.com' is valid for type 3
    07/16 14:10:20 NetpDsGetDcName: trying to find DC in domain 'contoso.com', flags: 0x1020
    07/16 14:10:21 NetpDsGetDcName: found DC '\\DC1.contoso.com' in the specified domain
    07/16 14:10:21 NetpJoinDomain: status of connecting to dc '\\DC1.contoso.com': 0x0
    07/16 14:10:21 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:21 NetpGetDnsHostName: Read NV Hostname: CLIENT5
    07/16 14:10:21 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: contoso.com
    07/16 14:10:21 NetpLsaOpenSecret: status: 0xc0000034
    07/16 14:10:21 NetpGetLsaPrimaryDomain: status: 0x0
    07/16 14:10:21 NetpLsaOpenSecret: status: 0xc0000034
    07/16 14:10:21 NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1.contoso.com' for 'CLIENT5$' failed: 0x8b0
    07/16 14:10:21 NetpSetMachineAccountPasswordAndTypeEx: SamSetInformationUser for UserSetPasswordInformation failed: 0xc0000202
    07/16 14:10:21 NetpManageMachineAccountWithSid: status of attempting to set password on '\\DC1.contoso.com' for 'CLIENT5$': 0x572
    07/16 14:10:21 NetpJoinDomain: status of creating account: 0x572
    07/16 14:10:21 NetpJoinDomain: initiaing a rollback due to earlier errors
    07/16 14:10:21 NetpLsaOpenSecret: status: 0x0
    07/16 14:10:21 NetpJoinDomain: rollback: status of deleting secret: 0x0
    07/16 14:10:21 NetpJoinDomain: status of disconnecting from '\\DC1.contoso.com': 0x0
    07/16 14:10:21 NetpDoDomainJoin: status: 0x572
    Tuesday, July 16, 2013 9:45 PM

Answers

  • Hi,

    Based on my research, Services that use Transport Layer Security (TLS) to connect to domain controllers (such as Internet Explorer) will fail to connect.

    To avoid this, disable support for TLS session tickets by using Regedit32.exe (or a script or command) to set the value of theHKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EnableSessionTicket registry key to 0x0002.

    Alternately, you can configure the service to run as a domain user account or a group-managed service account.

    So I would like to suggest you try it and check the result.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Thursday, July 18, 2013 6:47 AM
    Moderator

All replies

  • Can you make sure that the clocks on the XP machine and the Domain Controller are in sync are correctly set including time zone as well?

    I had this issue on one specific OEM machines.


    Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"

    Wednesday, July 17, 2013 7:32 AM
  • They are VMs (DC WS2012 R2 and XP) at the same host. Both VMs are at the same timezone and time/date (only 2 seconds of delay between them).

    This problem occurs only with XP+WS2012R2. I suspect it's some new default security restriction.

    Marcelo

    Wednesday, July 17, 2013 2:00 PM
  • Hi,

    Based on my research, Services that use Transport Layer Security (TLS) to connect to domain controllers (such as Internet Explorer) will fail to connect.

    To avoid this, disable support for TLS session tickets by using Regedit32.exe (or a script or command) to set the value of theHKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\EnableSessionTicket registry key to 0x0002.

    Alternately, you can configure the service to run as a domain user account or a group-managed service account.

    So I would like to suggest you try it and check the result.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Thursday, July 18, 2013 6:47 AM
    Moderator
  • I am seeing the same issue when trying to join a Windows 2003 SP2 server to a domain running W2K12 R2 Preview...

    I get this failure in netsetup.log : NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1' for 'SCCM07$' failed: 0x572

    8/03 14:14:30 NetpDoDomainJoin
    08/03 14:14:30 NetpMachineValidToJoin: 'SCCM07'
    08/03 14:14:30 NetpGetLsaPrimaryDomain: status: 0x0
    08/03 14:14:30 NetpMachineValidToJoin: status: 0x0
    08/03 14:14:30 NetpJoinDomain
    08/03 14:14:30  Machine: SCCM07
    08/03 14:14:30  Domain: DEMO
    08/03 14:14:30  MachineAccountOU: (NULL)
    08/03 14:14:30  Account: demo\administrator
    08/03 14:14:30  Options: 0x27
    08/03 14:14:30  OS Version: 5.2
    08/03 14:14:30  Build number: 3790
    08/03 14:14:30  ServicePack: Service Pack 2
    08/03 14:14:30 NetpValidateName: checking to see if 'DEMO' is valid as type 3 name
    08/03 14:14:30 NetpCheckDomainNameIsValid [ Exists ] for 'DEMO' returned 0x0
    08/03 14:14:30 NetpValidateName: name 'DEMO' is valid for type 3
    08/03 14:14:30 NetpDsGetDcName: trying to find DC in domain 'DEMO', flags: 0x1020
    08/03 14:14:45 NetpDsGetDcName: failed to find a DC having account 'SCCM07$': 0x525
    08/03 14:14:45 NetpDsGetDcName: found DC '\\DC1' in the specified domain
    08/03 14:14:45 NetpJoinDomain: status of connecting to dc '\\DC1': 0x0
    08/03 14:14:45 NetpGetLsaPrimaryDomain: status: 0x0
    08/03 14:14:45 NetpGetDnsHostName: Read NV Hostname: SCCM07
    08/03 14:14:45 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: DEMO.BEZENCON.NET
    08/03 14:14:45 NetpLsaOpenSecret: status: 0xc0000034
    08/03 14:14:45 NetpGetLsaPrimaryDomain: status: 0x0
    08/03 14:14:45 NetpLsaOpenSecret: status: 0xc0000034
    08/03 14:14:46 NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1' for 'SCCM07$' failed: 0x572
    08/03 14:14:46 NetpJoinDomain: status of creating account: 0x572
    08/03 14:14:46 NetpJoinDomain: initiaing a rollback due to earlier errors
    08/03 14:14:46 NetpLsaOpenSecret: status: 0x0
    08/03 14:14:46 NetpJoinDomain: rollback: status of deleting secret: 0x0
    08/03 14:14:46 NetpJoinDomain: status of disconnecting from '\\DC1': 0x0
    08/03 14:14:46 NetpDoDomainJoin: status: 0x572

    Saturday, August 03, 2013 12:21 PM
  • Hi, I have the same problem, I did what you suggested, what else I can do?
    Friday, August 30, 2013 7:31 PM