none
MDT 2013 Update 2: Windows 10 domain join fails unless secure boot is enabled RRS feed

  • Question

  • We have integrated MDT 2013 Update 2 into our Config Manager 1602 environment and I discovered through testing that an MDT user driven task sequence to deploy Windows 10 will fail to join the domain unless secure boot is enabled in UEFI. All the drivers and applications install correctly.

    Non-MDT task sequences do not fail in this manner, so I am guessing an MDT specific step in the process is causing this. Does anyone have any idea where this is?

    Thursday, June 2, 2016 12:30 PM

All replies

  • Secure Boot is a boot loader security measure. It is difficult to see the correlation between Secure Boot being disabled/enabled and joining a domain.  However, you do not provide any details concerning the error you get when unsuccessfully trying to join the domain.
    Thursday, June 2, 2016 7:16 PM
  • I am 100% confident from my testing at this point that there is a link.

    There is nothing jumping out in smsts.log. I also do not see a ztidomainjoin log file. Any other suggestions as to where to look?


    • Edited by BryanCP Friday, June 3, 2016 3:17 PM
    Friday, June 3, 2016 2:40 PM
  • The netsetup log shows this:

    11/17/2015 07:47:52:306 -----------------------------------------------------------------
    11/17/2015 07:47:52:306 NetpDoDomainJoin
    11/17/2015 07:47:52:306 NetpDoDomainJoin: using new computer names
    11/17/2015 07:47:52:306 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
    11/17/2015 07:47:52:306 NetpMachineValidToJoin: 'WIN-LDTH07NFJ6R'
    11/17/2015 07:47:52:306 NetpMachineValidToJoin: status: 0x0
    11/17/2015 07:47:52:306 NetpJoinWorkgroup: joining computer 'WIN-LDTH07NFJ6R' to workgroup 'WORKGROUP'
    11/17/2015 07:47:52:306 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
    11/17/2015 07:47:52:321 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE]  returned 0x0
    11/17/2015 07:47:52:321 NetpValidateName: name 'WORKGROUP' is valid for type 2
    11/17/2015 07:47:52:352 NetpJoinWorkgroup: status:  0x0
    11/17/2015 07:47:52:352 NetpDoDomainJoin: status: 0x0

    Friday, June 3, 2016 3:16 PM