locked
Unable do domainjoin some Windows 10 (1803) clients RRS feed

  • Question

  • I am having problems with some computer modules that are being installed with W10 1803 not being added to AD. I've added JoinDomain=mydomain.local to customsettings.ini and registry key AllowSingleLabelDnsDomain but it doesn't help. To make things more complicated the computer is successful in joining the domain about 10 % of the time I install the computer. Our mdt server is running the latest ADK and MDT version.  

    Wednesday, August 22, 2018 10:28 AM

Answers

  • It seams as it was a human error on my part when I forgot to copy to Priority= ByLaptop, ByDesktop, ByVM in CustomSettings.ini

    from our old deployment share. ;(



    Friday, August 24, 2018 7:32 AM

All replies

  • Hanspjacobsen, Have you looked at the netsetup.log file in %windir%\debug? LawsonT
    Wednesday, August 22, 2018 12:01 PM
  • Her is part of netsetup.log

    08/22/2018 10:55:14:397 NetpValidateName: checking to see if '*.int' is valid as type 3 name
    08/22/2018 10:55:14:453 NetpCheckDomainNameIsValid [ Exists ] for '*.int' returned 0x0
    08/22/2018 10:55:14:454 NetpValidateName: name '*.int' is valid for type 3
    08/22/2018 10:55:14:454 NetpDsGetDcName: trying to find DC in domain '*.int', flags: 0x40001010
    08/22/2018 10:55:15:730 NetpDsGetDcName: failed to find a DC having account '*-R90QK558$': 0x525, last error is 0x0
    08/22/2018 10:55:15:733 NetpDsGetDcName: status of verifying DNS A record name resolution for '*-ad01.*.int': 0x0
    08/22/2018 10:55:15:733 NetpDsGetDcName: found DC '\\*-ad01.*.int' in the specified domain
    08/22/2018 10:55:15:733 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
    08/22/2018 10:55:15:733 NetpDisableIDNEncoding: using FQDN *.int from dcinfo
    08/22/2018 10:55:15:735 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on '*.int' succeeded
    08/22/2018 10:55:15:735 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
    08/22/2018 10:55:15:748 NetpJoinDomainOnDs: status of connecting to dc '\\*-ad01.*.int': 0x0
    08/22/2018 10:55:15:748 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: *.int
    08/22/2018 10:55:15:749 NetpProvisionComputerAccount:
    08/22/2018 10:55:15:749 lpDomain: *.int
    08/22/2018 10:55:15:749 lpHostName: *-R90QK558
    08/22/2018 10:55:15:749 lpMachineAccountOU: (NULL)
    08/22/2018 10:55:15:749 lpDcName: *-ad01.*.int
    08/22/2018 10:55:15:749 lpMachinePassword: (null)
    08/22/2018 10:55:15:749 lpAccount: *\*
    08/22/2018 10:55:15:749 lpPassword: (non-null)
    08/22/2018 10:55:15:749 dwJoinOptions: 0x1
    08/22/2018 10:55:15:749 dwOptions: 0x40000003
    08/22/2018 10:55:15:753 NetpLdapBind: Verified minimum encryption strength on *-ad01.*.int: 0x0
    08/22/2018 10:55:15:753 NetpLdapGetLsaPrimaryDomain: reading domain data
    08/22/2018 10:55:15:753 NetpGetNCData: Reading NC data
    08/22/2018 10:55:15:754 NetpGetDomainData: Lookup domain data for: DC=*,DC=int
    08/22/2018 10:55:15:754 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=*,DC=int
    08/22/2018 10:55:15:755 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
    08/22/2018 10:55:15:755 NetpCheckForDomainSIDCollision: returning 0x0(0).
    08/22/2018 10:55:15:760 NetpGetComputerObjectDn: Cracking DNS domain name *.int/ into Netbios on \\*-ad01.*.int
    08/22/2018 10:55:15:761 NetpGetComputerObjectDn: Crack results: name = *\
    08/22/2018 10:55:15:761 NetpGetComputerObjectDn: Cracking account name *\*-R90QK558$ on \\*-ad01.*.int
    08/22/2018 10:55:15:761 NetpGetComputerObjectDn: Crack results: Account does not exist
    08/22/2018 10:55:15:762 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x534
    08/22/2018 10:55:15:762 NetpProvisionComputerAccount: LDAP creation failed: 0x534
    08/22/2018 10:55:15:762 ldap_unbind status: 0x0
    08/22/2018 10:55:15:762 NetpJoinCreatePackagePart: status:0x534.
    08/22/2018 10:55:15:762 NetpJoinDomainOnDs: Function exits with status of: 0x534
    08/22/2018 10:55:15:763 NetpJoinDomainOnDs: status of disconnecting from '\\*-ad01.*.int': 0x0
    08/22/2018 10:55:15:764 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on '*.int' returned 0x0
    08/22/2018 10:55:15:764 NetpJoinDomainOnDs: NetpResetIDNEncoding on '*.int': 0x0
    08/22/2018 10:55:15:764 NetpDoDomainJoin: status: 0x534

    Wednesday, August 22, 2018 12:08 PM
  • Can you show me the BDD.log? This can be found in %WINDIR%\TEMP\DeploymentLogs after deployment.
    Wednesday, August 22, 2018 1:25 PM
  • @hanspjacobson,

    In the CustomSettings.ini, is the MachineObjectOU set?

    LawsonT

    Wednesday, August 22, 2018 2:14 PM
  • It turns out that the MachineObjectOU is not being read and computers are being added to the Computer OU and the installation service account did not have rights to add computer objects in that ou.

    We have used this configuration before so I don't understand why it no longer works.

    [ByDesktop]
    Subsection=Desktop-%IsDesktop%

    [ByLaptop]
    Subsection=Laptop-%IsLaptop%

    [ByVM]
    Subsection=VM-%IsVM%

    [Desktop-True]
    MachineObjectOU=OU=Desktop,OU=Win10,OU=Desktops,DC=oslo,DC=int

    [VM-True]
    MachineObjectOU=OU=Desktop,OU=Win10,OU=Desktops,DC=oslo,DC=int


    [Laptop-True]
    MachineObjectOU="OU=Laptop,OU=Win10,OU=Desktops,DC=oslo,DC=int"

    Thursday, August 23, 2018 11:24 AM
  • @hanspjacobsen

    In Laptop-True, remove the " from around OU=Laptop,OU=Win10,OU=Desktops,DC=oslo,DC=int.  Quotes will cause a problem.

    LawsonT

    Thursday, August 23, 2018 2:31 PM
  • It seams as it was a human error on my part when I forgot to copy to Priority= ByLaptop, ByDesktop, ByVM in CustomSettings.ini

    from our old deployment share. ;(



    Friday, August 24, 2018 7:32 AM