Usuario
Waik + WDS not joining the domain due to trust relationship
Pregunta
-
Hi,
I'm having issues getting my Win7 image to join the domain via the unattend.xml from my WDS server. It either will not join the domain at all or when it decides to join the domain, i get the trust relationship issue. Any ideas, I've tried just about every combination I could search for. Below is my current unattend file, which does not join the domain. Btw, I've been testing this on a Hyper-V VM if that is any help and please dont say try MDT, I only need it to join the domain, everything else work fine.
thanks in advance,
<?xml version="1.0" encoding="utf-8" ?><servicing />- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><RegisteredOrganization>Bob</RegisteredOrganization><RegisteredOwner>Bob</RegisteredOwner><ShowWindowsLive>false</ShowWindowsLive><TimeZone>Eastern Standard Time</TimeZone><ComputerName>*</ComputerName></component>- <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><RegisteredOrganization>bob</RegisteredOrganization><RegisteredOwner>bob</RegisteredOwner><ShowWindowsLive>false</ShowWindowsLive><TimeZone>Eastern Standard Time</TimeZone><ComputerName>*</ComputerName></component>- <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SkipAutoActivation>true</SkipAutoActivation></component>- <component name="Microsoft-Windows-Security-Licensing-SLC-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SkipAutoActivation>true</SkipAutoActivation></component></settings>- <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><InputLocale wcm:action="modify">en-US</InputLocale><SystemLocale>en-US</SystemLocale><UserLocale>en-US</UserLocale><UILanguage>en-US</UILanguage><UILanguageFallback /></component>- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><HideEULAPage>true</HideEULAPage><NetworkLocation>Work</NetworkLocation><SkipMachineOOBE>true</SkipMachineOOBE><SkipUserOOBE>true</SkipUserOOBE><ProtectYourPC>3</ProtectYourPC><HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE></OOBE><Value>QQBMAHEAcABAADAAegBtAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></AdministratorPassword></DomainAccounts></UserAccounts><RegisteredOrganization>bob</RegisteredOrganization><RegisteredOwner>bob</RegisteredOwner><TimeZone>Eastern Standard Time</TimeZone><BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled></component>- <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><InputLocale>en-US</InputLocale><SystemLocale>en-US</SystemLocale><UILanguage /><UserLocale>en-US</UserLocale><UILanguageFallback>en-US</UILanguageFallback></component>- <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><HideEULAPage>true</HideEULAPage><ProtectYourPC>3</ProtectYourPC><NetworkLocation>Work</NetworkLocation><SkipMachineOOBE>true</SkipMachineOOBE><SkipUserOOBE>true</SkipUserOOBE><HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE></OOBE><Value>QQBMAHEAcABAADAAegBtAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></AdministratorPassword></DomainAccounts></UserAccounts><RegisteredOrganization>BOB</RegisteredOrganization><RegisteredOwner>Environments</RegisteredOwner><TimeZone>Eastern Standard Time</TimeZone><BluetoothTaskbarIconEnabled>false</BluetoothTaskbarIconEnabled></component></settings>- <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SkipRearm>1</SkipRearm></component>- <component name="Microsoft-Windows-Security-Licensing-SLC" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SkipRearm>1</SkipRearm></component></settings>- <component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><AcceptEula>true</AcceptEula><FullName>bob</FullName><Organization>bob</Organization></UserData><EnableFirewall>false</EnableFirewall></component>- <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><AcceptEula>true</AcceptEula><FullName>E-Space</FullName><Organization>BAH-Systems</Organization></UserData><EnableFirewall>false</EnableFirewall></component></settings><cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 7 PROFESSIONAL" xmlns:cpi="urn:schemas-microsoft-com:cpi" /></unattend>
Todas las respuestas
-
You have UnsecureJoin specified. That might not be what you are trying to do. If you specify UnsecureJoin you must also specify MachinePassword, and not specify Domain, Username, or Password. Your MachineObjectOU would need to be specified in distinguished name format. If you want your machine account to end up in the default Computers container, you do not need to specify it with MachineObjectOU.
By removing <UnsecureJoin>true</UnsecureJoin> and <MachineObjectOU>Computers</MachineObjectOU> you may have more success.
Hope that helps!
Thanks,
Allen
SmartDeploy
-
-
I'll assume you are deploying a 64-bit OS, since your answer file only has a Microsoft-Windows-UnattendedJoin section for processorArchitecture="amd64".
The only other thing I see is that you shouldn't have to add Domain Admins to the local Administrators group, that should happen automatically when the domain join is successful.
Based on the random computer name, I'd assume the machine accounts are not pre-existing... Also, the bob.local\sysprep account has the required permissions to be able to join a machine to the domain? Can you successfully join the machine to the domain form within Windows using the bob.local\sysprep account?
Could you post the contents of c:\windows\debug\netsetup.log from the machine where you had this issue?
Thanks,
Allen
SmartDeploy -
Thanks again Deploy7,
I took out the domain users and I still get the trust relationship error. And yes, the bob.local\sysprep account has permissions to add computers to the domain. The account works perfectly for XP installs via wds
Below is the netsetup.log
09/02/2011 11:49:47:030 -----------------------------------------------------------------
09/02/2011 11:49:47:030 NetpDoDomainJoin
09/02/2011 11:49:47:030 NetpMachineValidToJoin: 'BOB-2SE2AGKP1L'
09/02/2011 11:49:47:030 OS Version: 6.1
09/02/2011 11:49:47:030 Build number: 7601 (7601.win7sp1_gdr.110408-1631)
09/02/2011 11:49:47:030 ServicePack: Service Pack 1
09/02/2011 11:49:47:155 SKU: Windows 7 Professional
09/02/2011 11:49:47:155 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
09/02/2011 11:49:47:155 NetpGetLsaPrimaryDomain: status: 0x0
09/02/2011 11:49:47:155 NetpMachineValidToJoin: status: 0x0
09/02/2011 11:49:47:155 NetpJoinDomain
09/02/2011 11:49:47:155 Machine: BOB-2SE2AGKP1L
09/02/2011 11:49:47:155 Domain: bob.local\dns.boblocal
09/02/2011 11:49:47:155 MachineAccountOU: (NULL)
09/02/2011 11:49:47:155 Account: bob.local\sysprep
09/02/2011 11:49:47:155 Options: 0x23
09/02/2011 11:49:47:171 NetpLoadParameters: loading registry parameters...
09/02/2011 11:49:47:171 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
09/02/2011 11:49:47:171 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
09/02/2011 11:49:47:171 NetpLoadParameters: status: 0x2
09/02/2011 11:49:47:171 NetpValidateName: checking to see if 'bob.local' is valid as type 3 name
09/02/2011 11:49:47:296 NetpCheckDomainNameIsValid [ Exists ] for 'bob.local' returned 0x0
09/02/2011 11:49:47:296 NetpValidateName: name 'bob.local' is valid for type 3
09/02/2011 11:49:47:827 NetpJoinDomain: status of connecting to dc '\\dns.bob.local': 0x0
09/02/2011 11:49:47:827 NetpJoinDomainOnDs: Passed DC 'dns.bob.local' verified as DNS name '\\dns.bob.local'
09/02/2011 11:49:47:827 NetpLoadParameters: loading registry parameters...
09/02/2011 11:49:47:827 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
09/02/2011 11:49:47:827 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
09/02/2011 11:49:47:827 NetpLoadParameters: status: 0x2
09/02/2011 11:49:47:843 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dns.bob.local': 0x0
09/02/2011 11:49:47:843 NetpProvisionComputerAccount:
09/02/2011 11:49:47:843 lpDomain: bob.local
09/02/2011 11:49:47:843 lpMachineName: BOB-2SE2AGKP1L
09/02/2011 11:49:47:843 lpMachineAccountOU: (NULL)
09/02/2011 11:49:47:843 lpDcName: dns.bob.local
09/02/2011 11:49:47:843 lpDnsHostName: (NULL)
09/02/2011 11:49:47:843 lpMachinePassword: (null)
09/02/2011 11:49:47:843 lpAccount: bob.local\sysprep
09/02/2011 11:49:47:843 lpPassword: (non-null)
09/02/2011 11:49:47:843 dwJoinOptions: 0x23
09/02/2011 11:49:47:843 dwOptions: 0x40000003
09/02/2011 11:49:48:202 NetpLdapBind: Verified minimum encryption strength on dns.bob.local: 0x0
09/02/2011 11:49:48:202 NetpLdapGetLsaPrimaryDomain: reading domain data
09/02/2011 11:49:48:202 NetpGetNCData: Reading NC data
09/02/2011 11:49:48:218 NetpGetDomainData: Lookup domain data for: DC=bob,DC=local
09/02/2011 11:49:48:218 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=bob,DC=local
09/02/2011 11:49:48:296 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Cracking DNS domain name bob.local/ into Netbios on \\dns.bob.local
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Crack results: name = bob\
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Cracking account name bob\BOB-2SE2AGKP1L$ on \\dns.bob.local
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Crack results: Account does not exist
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Cracking Netbios domain name bob\ into root DN on \\dns.bob.local
09/02/2011 11:49:48:374 NetpGetComputerObjectDn: Crack results: name = DC=bob,DC=local
09/02/2011 11:49:48:405 NetpGetComputerObjectDn: Got DN CN=BOB-2SE2AGKP1L,CN=Computers,DC=bob,DC=local from the default computer container
09/02/2011 11:49:48:421 NetpModifyComputerObjectInDs: Initial attribute values:
09/02/2011 11:49:48:421 objectClass = Computer
09/02/2011 11:49:48:437 SamAccountName = BOB-2SE2AGKP1L$
09/02/2011 11:49:48:437 userAccountControl = 0x1000
09/02/2011 11:49:48:437 DnsHostName = BOB-2SE2AGKP1L.bob.local
09/02/2011 11:49:48:437 ServicePrincipalName = HOST/BOB-2SE2AGKP1L.bob.local RestrictedKrbHost/BOB-2SE2AGKP1L.bob.local HOST/BOB-2SE2AGKP1L RestrictedKrbHost/BOB-2SE2AGKP1L
09/02/2011 11:49:48:437 unicodePwd = <SomePassword>
09/02/2011 11:49:48:437 NetpModifyComputerObjectInDs: Computer Object does not exist in OU
09/02/2011 11:49:48:437 NetpModifyComputerObjectInDs: Attribute values to set:
09/02/2011 11:49:48:437 objectClass = Computer
09/02/2011 11:49:48:437 SamAccountName = BOB-2SE2AGKP1L$
09/02/2011 11:49:48:437 userAccountControl = 0x1000
09/02/2011 11:49:48:437 DnsHostName = BOB-2SE2AGKP1L.bob.local
09/02/2011 11:49:48:437 ServicePrincipalName = HOST/BOB-2SE2AGKP1L.bob.local RestrictedKrbHost/BOB-2SE2AGKP1L.bob.local HOST/BOB-2SE2AGKP1L RestrictedKrbHost/BOB-2SE2AGKP1L
09/02/2011 11:49:48:437 unicodePwd = <SomePassword>
09/02/2011 11:49:49:187 NetpEncodeProvisioningBlob: Encoding provisioning data
09/02/2011 11:49:49:187 NetpInitBlobWin7: Constructing blob...
09/02/2011 11:49:49:187 Blob version: 1
09/02/2011 11:49:49:187 lpDomain: bob.local
09/02/2011 11:49:49:187 lpMachineName: BOB-2SE2AGKP1L
09/02/2011 11:49:49:187 lpMachinePassword: <omitted from log>
09/02/2011 11:49:49:187 DomainDnsPolicy:
09/02/2011 11:49:49:187 Name: bob
09/02/2011 11:49:49:187 DnsDomainName: bob.local
09/02/2011 11:49:49:187 DnsForestName: bob.local
09/02/2011 11:49:49:187 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/02/2011 11:49:49:187 Sid: S-1-5-21-57989841-527237240-725345543
09/02/2011 11:49:49:187 DcInfo:
09/02/2011 11:49:49:187 DomainControllerName: \\dns.bob.local
09/02/2011 11:49:49:187 DomainControllerAddress: \\192.168.0.60
09/02/2011 11:49:49:187 DomainControllerAddressType: 1
09/02/2011 11:49:49:187 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/02/2011 11:49:49:187 DomainName: bob.local
09/02/2011 11:49:49:187 DnsForestName: bob.local
09/02/2011 11:49:49:187 Flags: 0xe00031fd
09/02/2011 11:49:49:187 DcSiteName: Default-First-Site
09/02/2011 11:49:49:187 ClientSiteName: Default-First-Site
09/02/2011 11:49:49:187 Options: 0x40000003
09/02/2011 11:49:49:187 NetpInitBlobWin7: Blob pickling result: 0
09/02/2011 11:49:49:187 NetpEncodeProvisioningBlob: result: 0x0
09/02/2011 11:49:49:187 ldap_unbind status: 0x0
09/02/2011 11:49:49:187 NetpRequestOfflineDomainJoin:
09/02/2011 11:49:49:187 dwProvisionBinDataSize: 960
09/02/2011 11:49:49:187 JoinOptions: 0x23
09/02/2011 11:49:49:187 Options: 0x40000003
09/02/2011 11:49:49:187 lpWindowsPath: C:\Windows
09/02/2011 11:49:49:187 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 960 bytes
09/02/2011 11:49:49:187 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
09/02/2011 11:49:49:187 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
09/02/2011 11:49:49:187 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
09/02/2011 11:49:49:187 Blob version: 1
09/02/2011 11:49:49:187 lpDomain: bob.local
09/02/2011 11:49:49:187 lpMachineName: BOB-2SE2AGKP1L
09/02/2011 11:49:49:187 lpMachinePassword: <omitted from log>
09/02/2011 11:49:49:187 DomainDnsPolicy:
09/02/2011 11:49:49:187 Name: bob
09/02/2011 11:49:49:187 DnsDomainName: bob.local
09/02/2011 11:49:49:187 DnsForestName: bob.local
09/02/2011 11:49:49:187 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/02/2011 11:49:49:187 Sid: S-1-5-21-57989841-527237240-725345543
09/02/2011 11:49:49:187 DcInfo:
09/02/2011 11:49:49:187 DomainControllerName: \\dns.bob.local
09/02/2011 11:49:49:187 DomainControllerAddress: \\192.168.0.60
09/02/2011 11:49:49:187 DomainControllerAddressType: 1
09/02/2011 11:49:49:187 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/02/2011 11:49:49:187 DomainName: bob.local
09/02/2011 11:49:49:187 DnsForestName: bob.local
09/02/2011 11:49:49:187 Flags: 0xe00031fd
09/02/2011 11:49:49:187 DcSiteName: Default-First-Site
09/02/2011 11:49:49:187 ClientSiteName: Default-First-Site
09/02/2011 11:49:49:187 Options: 0x40000003
09/02/2011 11:49:49:187 NetpDoInitiateOfflineDomainJoin
09/02/2011 11:49:49:187 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
09/02/2011 11:49:49:202 NetpInitiateOfflineJoin
09/02/2011 11:49:49:202 lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
09/02/2011 11:49:49:202 dwOptions: 0x40000003
09/02/2011 11:49:49:202 NetpConvertBlobToJoinState: Translating provisioning data to internal format
09/02/2011 11:49:49:202 NetpConvertBlobToJoinState: Selecting version 1
09/02/2011 11:49:49:202 NetpConvertBlobToJoinState: exiting: 0x0
09/02/2011 11:49:49:202 NetpValidateFullJoinState: Validating provisioning data...
09/02/2011 11:49:49:202 NetpValidateFullJoinState: exiting: 0x0
09/02/2011 11:49:49:202 NetpClearFullJoinState: Removing cached state from the registry...
09/02/2011 11:49:49:202 NetpClearFullJoinState: Status of deleting join state key 0x2
09/02/2011 11:49:49:202 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
09/02/2011 11:49:49:202 NetpSaveFullJoinStateInternal: exiting: 0x0
09/02/2011 11:49:49:202 NetpSetComputerNamesOffline: Checking for pending name changes...
09/02/2011 11:49:49:202 SetHostName: TRUE
09/02/2011 11:49:49:202 SetDnsDomain: TRUE
09/02/2011 11:49:49:202 SetNetBiosName: TRUE
09/02/2011 11:49:49:202 SetCurrentValues: TRUE
09/02/2011 11:49:49:202 NetpSetComputerNamesOffline: Setting Hostname to BOB-2SE2AGKP1L
09/02/2011 11:49:49:202 NetpSetComputerNamesOffline: Setting Domain name to bob.local
09/02/2011 11:49:49:202 NetpSetComputerNamesOffline: Setting NetBios computer name to BOB-2SE2AGKP1L
09/02/2011 11:49:49:218 NetpDoInitiateOfflineDomainJoin: status: 0x0
09/02/2011 11:49:49:218 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
09/02/2011 11:49:49:218 NetpJoinDomainOnDs: Setting netlogon cache.
09/02/2011 11:49:49:249 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
09/02/2011 11:49:49:249 NetpJoinDomainOnDs: Function exits with status of: 0x0
09/02/2011 11:49:49:249 NetpJoinDomainOnDs: status of disconnecting from '\\dns.bob.local': 0x0
09/02/2011 11:49:49:249 NetpCompleteOfflineDomainJoin
09/02/2011 11:49:49:249 fBootTimeCaller: FALSE
09/02/2011 11:49:49:249 fSetLocalGroups: TRUE
09/02/2011 11:49:49:249 NetpLsaOpenSecret: status: 0xc0000034
09/02/2011 11:49:49:249 NetpGetLsaPrimaryDomain: status: 0x0
09/02/2011 11:49:49:249 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
09/02/2011 11:49:49:249 NetpLsaOpenSecret: status: 0xc0000034
09/02/2011 11:49:49:515 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
09/02/2011 11:49:49:515 Calling NetpQueryService to get Netlogon service state.
09/02/2011 11:49:49:515 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
09/02/2011 11:49:49:546 NetpSetLsaPrimaryDomain: for 'bob' status: 0x0
09/02/2011 11:49:49:546 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x0
09/02/2011 11:49:49:546 NetpManageLocalGroupsForJoin: Adding groups for new domain, removing groups from old domain, if any.
09/02/2011 11:49:49:546 NetpManageLocalGroups: Populating list of account SIDs.
09/02/2011 11:49:49:765 NetpManageLocalGroupsForJoin: status of modifying groups related to domain 'bob' to local groups: 0x0
09/02/2011 11:49:49:765 NetpManageLocalGroupsForJoin: INFO: No old domain groups to process.
09/02/2011 11:49:49:765 NetpJoinDomainLocal: Status of managing local groups: 0x0
09/02/2011 11:49:49:905 NetpJoinDomainLocal: status of setting ComputerNamePhysicalDnsDomain to 'bob.local': 0x0
09/02/2011 11:49:49:905 NetpJoinDomainLocal: Controlling services and setting service start type.
09/02/2011 11:49:49:905 NetpJoinDomainLocal: Updating W32TimeConfig
09/02/2011 11:49:49:983 [00000b00] NetpGetLsaPrimaryDomain: status: 0x0
09/02/2011 11:49:49:999 NetpUpdateW32timeConfig: 0x0
09/02/2011 11:49:49:999 NetpClearFullJoinState: Removing cached state from the registry...
09/02/2011 11:49:49:999 NetpClearFullJoinState: Status of deleting join state key 0x0
09/02/2011 11:49:49:999 NetpCompleteOfflineDomainJoin: status: 0x0
09/02/2011 11:49:49:999 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
09/02/2011 11:49:49:999 NetpDoDomainJoin: status: 0x0
-
-
-
UnsecureJoin is an offline join. The netsetup.log you posted must have been from an unattend.xml that had UnsecureJoin specified.
-
Thanks Deploy7,
Sorry for the delay, with unsecurejoin set to false, the image does not join the domain at all and I receive the security database/trust relationship error. For some reason, its defaults to an unsecurejoin according to the log. Attached is the log.
thanks for your help so far
09/23/2011 15:15:35:578 -----------------------------------------------------------------
09/23/2011 15:15:35:578 NetpDoDomainJoin
09/23/2011 15:15:35:578 NetpMachineValidToJoin: 'bob-8FN11KA3N3'
09/23/2011 15:15:35:578 OS Version: 6.1
09/23/2011 15:15:35:578 Build number: 7601 (7601.win7sp1_gdr.110408-1631)
09/23/2011 15:15:35:578 ServicePack: Service Pack 1
09/23/2011 15:15:35:734 SKU: Windows 7 Professional
09/23/2011 15:15:35:734 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
09/23/2011 15:15:35:734 NetpGetLsaPrimaryDomain: status: 0x0
09/23/2011 15:15:35:734 NetpMachineValidToJoin: status: 0x0
09/23/2011 15:15:35:734 NetpJoinDomain
09/23/2011 15:15:35:734 Machine: bob-8FN11KA3N3
09/23/2011 15:15:35:734 Domain: bob.local\dns1.bob.local
09/23/2011 15:15:35:734 MachineAccountOU: (NULL)
09/23/2011 15:15:35:734 Account: bob.local\sysprep
09/23/2011 15:15:35:734 Options: 0x23
09/23/2011 15:15:35:749 NetpLoadParameters: loading registry parameters...
09/23/2011 15:15:35:749 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
09/23/2011 15:15:35:749 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
09/23/2011 15:15:35:749 NetpLoadParameters: status: 0x2
09/23/2011 15:15:35:765 NetpValidateName: checking to see if 'bob.local' is valid as type 3 name
09/23/2011 15:15:35:874 NetpCheckDomainNameIsValid [ Exists ] for 'bob.local' returned 0x0
09/23/2011 15:15:35:874 NetpValidateName: name 'bob.local' is valid for type 3
09/23/2011 15:15:36:390 NetpJoinDomain: status of connecting to dc '\\dns1.bob.local': 0x0
09/23/2011 15:15:36:390 NetpJoinDomainOnDs: Passed DC 'dns1.bob.local' verified as DNS name '\\dns1.bob.local'
09/23/2011 15:15:36:390 NetpLoadParameters: loading registry parameters...
09/23/2011 15:15:36:390 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
09/23/2011 15:15:36:390 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
09/23/2011 15:15:36:390 NetpLoadParameters: status: 0x2
09/23/2011 15:15:36:390 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dns1.bob.local': 0x0
09/23/2011 15:15:36:390 NetpProvisionComputerAccount:
09/23/2011 15:15:36:390 lpDomain: bob.local
09/23/2011 15:15:36:390 lpMachineName: bob-8FN11KA3N3
09/23/2011 15:15:36:390 lpMachineAccountOU: (NULL)
09/23/2011 15:15:36:390 lpDcName: dns1.bob.local
09/23/2011 15:15:36:390 lpDnsHostName: (NULL)
09/23/2011 15:15:36:390 lpMachinePassword: (null)
09/23/2011 15:15:36:390 lpAccount: bob.local\sysprep
09/23/2011 15:15:36:390 lpPassword: (non-null)
09/23/2011 15:15:36:390 dwJoinOptions: 0x23
09/23/2011 15:15:36:390 dwOptions: 0x40000003
09/23/2011 15:15:36:546 NetpLdapBind: Verified minimum encryption strength on dns1.bob.local: 0x0
09/23/2011 15:15:36:546 NetpLdapGetLsaPrimaryDomain: reading domain data
09/23/2011 15:15:36:546 NetpGetNCData: Reading NC data
09/23/2011 15:15:36:546 NetpGetDomainData: Lookup domain data for: DC=bob,DC=local
09/23/2011 15:15:36:546 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=bob,DC=local
09/23/2011 15:15:36:609 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Cracking DNS domain name bob.local/ into Netbios on \\dns1.bob.local
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Crack results: name = bob\
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Cracking account name bob\bob-8FN11KA3N3$ on \\dns1.bob.local
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Crack results: Account does not exist
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Cracking Netbios domain name bob\ into root DN on \\dns1.bob.local
09/23/2011 15:15:36:671 NetpGetComputerObjectDn: Crack results: name = DC=bob,DC=local
09/23/2011 15:15:36:687 NetpGetComputerObjectDn: Got DN CN=bob-8FN11KA3N3,CN=Computers,DC=bob,DC=local from the default computer container
09/23/2011 15:15:36:687 NetpModifyComputerObjectInDs: Initial attribute values:
09/23/2011 15:15:36:687 objectClass = Computer
09/23/2011 15:15:36:687 SamAccountName = bob-8FN11KA3N3$
09/23/2011 15:15:36:687 userAccountControl = 0x1000
09/23/2011 15:15:36:687 DnsHostName = bob-8FN11KA3N3.bob.local
09/23/2011 15:15:36:687 ServicePrincipalName = HOST/bob-8FN11KA3N3.bob.local RestrictedKrbHost/bob-8FN11KA3N3.bob.local HOST/bob-8FN11KA3N3
RestrictedKrbHost/bob-8FN11KA3N3
09/23/2011 15:15:36:687 unicodePwd = <SomePassword>
09/23/2011 15:15:36:687 NetpModifyComputerObjectInDs: Computer Object does not exist in OU
09/23/2011 15:15:36:687 NetpModifyComputerObjectInDs: Attribute values to set:
09/23/2011 15:15:36:687 objectClass = Computer
09/23/2011 15:15:36:687 SamAccountName = bob-8FN11KA3N3$
09/23/2011 15:15:36:687 userAccountControl = 0x1000
09/23/2011 15:15:36:687 DnsHostName = bob-8FN11KA3N3.bob.local
09/23/2011 15:15:36:687 ServicePrincipalName = HOST/bob-8FN11KA3N3.bob.local RestrictedKrbHost/bob-8FN11KA3N3.bob.local HOST/bob-8FN11KA3N3
RestrictedKrbHost/bob-8FN11KA3N3
09/23/2011 15:15:36:687 unicodePwd = <SomePassword>
09/23/2011 15:15:37:281 NetpEncodeProvisioningBlob: Encoding provisioning data
09/23/2011 15:15:37:281 NetpInitBlobWin7: Constructing blob...
09/23/2011 15:15:37:281 Blob version: 1
09/23/2011 15:15:37:281 lpDomain: bob.local
09/23/2011 15:15:37:281 lpMachineName: bob-8FN11KA3N3
09/23/2011 15:15:37:281 lpMachinePassword: <omitted from log>
09/23/2011 15:15:37:281 DomainDnsPolicy:
09/23/2011 15:15:37:281 Name: bob
09/23/2011 15:15:37:281 DnsDomainName: bob.local
09/23/2011 15:15:37:281 DnsForestName: bob.local
09/23/2011 15:15:37:281 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/23/2011 15:15:37:281 Sid: S-1-5-21-57989841-527237240-725345543
09/23/2011 15:15:37:281 DcInfo:
09/23/2011 15:15:37:281 DomainControllerName: \\dns1.bob.local
09/23/2011 15:15:37:281 DomainControllerAddress: \\192.168.0.1
09/23/2011 15:15:37:281 DomainControllerAddressType: 1
09/23/2011 15:15:37:281 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/23/2011 15:15:37:281 DomainName: bob.local
09/23/2011 15:15:37:281 DnsForestName: bob.local
09/23/2011 15:15:37:281 Flags: 0xe00031fd
09/23/2011 15:15:37:281 DcSiteName: Default-First-Site
09/23/2011 15:15:37:281 ClientSiteName: Default-First-Site
09/23/2011 15:15:37:281 Options: 0x40000003
09/23/2011 15:15:37:281 NetpInitBlobWin7: Blob pickling result: 0
09/23/2011 15:15:37:281 NetpEncodeProvisioningBlob: result: 0x0
09/23/2011 15:15:37:281 ldap_unbind status: 0x0
09/23/2011 15:15:37:281 NetpRequestOfflineDomainJoin:
09/23/2011 15:15:37:281 dwProvisionBinDataSize: 960
09/23/2011 15:15:37:281 JoinOptions: 0x23
09/23/2011 15:15:37:281 Options: 0x40000003
09/23/2011 15:15:37:281 lpWindowsPath: C:\Windows
09/23/2011 15:15:37:281 NetpDecodeProvisioningBlob: Unpickling provisioning blob with size 960 bytes
09/23/2011 15:15:37:281 NetpDecodeProvisioningBlob: Searching 1 blobs for supported ODJ blob, highest supported version: 1
09/23/2011 15:15:37:281 NetpDecodeProvisioningBlob: Found ODJ blob version: 1
09/23/2011 15:15:37:281 NetpDecodeProvisioningBlob: Selected ODJ blob version: 1
09/23/2011 15:15:37:281 Blob version: 1
09/23/2011 15:15:37:281 lpDomain: bob.local
09/23/2011 15:15:37:281 lpMachineName: bob-8FN11KA3N3
09/23/2011 15:15:37:281 lpMachinePassword: <omitted from log>
09/23/2011 15:15:37:281 DomainDnsPolicy:
09/23/2011 15:15:37:281 Name: bob
09/23/2011 15:15:37:281 DnsDomainName: bob.local
09/23/2011 15:15:37:281 DnsForestName: bob.local
09/23/2011 15:15:37:281 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/23/2011 15:15:37:281 Sid: S-1-5-21-57989841-527237240-725345543
09/23/2011 15:15:37:281 DcInfo:
09/23/2011 15:15:37:281 DomainControllerName: \\dns1.bob.local
09/23/2011 15:15:37:281 DomainControllerAddress: \\192.168.0.1
09/23/2011 15:15:37:281 DomainControllerAddressType: 1
09/23/2011 15:15:37:281 DomainGuid: 883675b8-ee13-4390-aafc-58f627128ea6
09/23/2011 15:15:37:281 DomainName: bob.local
09/23/2011 15:15:37:281 DnsForestName: bob.local
09/23/2011 15:15:37:281 Flags: 0xe00031fd
09/23/2011 15:15:37:281 DcSiteName: Default-First-Site
09/23/2011 15:15:37:281 ClientSiteName: Default-First-Site
09/23/2011 15:15:37:281 Options: 0x40000003
09/23/2011 15:15:37:281 NetpDoInitiateOfflineDomainJoin
09/23/2011 15:15:37:281 NetpDoInitiateOfflineDomainJoin: Setting backup/restore privileges
09/23/2011 15:15:37:312 NetpInitiateOfflineJoin
09/23/2011 15:15:37:312 lpLocalRegistryPath: C:\Windows\system32\config\SYSTEM
09/23/2011 15:15:37:312 dwOptions: 0x40000003
09/23/2011 15:15:37:312 NetpConvertBlobToJoinState: Translating provisioning data to internal format
09/23/2011 15:15:37:312 NetpConvertBlobToJoinState: Selecting version 1
09/23/2011 15:15:37:312 NetpConvertBlobToJoinState: exiting: 0x0
09/23/2011 15:15:37:312 NetpValidateFullJoinState: Validating provisioning data...
09/23/2011 15:15:37:312 NetpValidateFullJoinState: exiting: 0x0
09/23/2011 15:15:37:312 NetpClearFullJoinState: Removing cached state from the registry...
09/23/2011 15:15:37:312 NetpClearFullJoinState: Status of deleting join state key 0x2
09/23/2011 15:15:37:312 NetpSaveFullJoinStateInternal: Injecting provisioning data into image...
09/23/2011 15:15:37:312 NetpSaveFullJoinStateInternal: exiting: 0x0
09/23/2011 15:15:37:312 NetpSetComputerNamesOffline: Checking for pending name changes...
09/23/2011 15:15:37:312 SetHostName: TRUE
09/23/2011 15:15:37:312 SetDnsDomain: TRUE
09/23/2011 15:15:37:312 SetNetBiosName: TRUE
09/23/2011 15:15:37:312 SetCurrentValues: TRUE
09/23/2011 15:15:37:312 NetpSetComputerNamesOffline: Setting Hostname to bob-8FN11KA3N3
09/23/2011 15:15:37:312 NetpSetComputerNamesOffline: Setting Domain name to bob.local
09/23/2011 15:15:37:312 NetpSetComputerNamesOffline: Setting NetBios computer name to bob-8FN11KA3N3
09/23/2011 15:15:37:328 NetpDoInitiateOfflineDomainJoin: status: 0x0
09/23/2011 15:15:37:328 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join
09/23/2011 15:15:37:328 NetpJoinDomainOnDs: Setting netlogon cache.
09/23/2011 15:15:37:374 NetpJoinDomainOnDs: status of setting netlogon cache: 0x0
09/23/2011 15:15:37:374 NetpJoinDomainOnDs: Function exits with status of: 0x0
09/23/2011 15:15:37:374 NetpJoinDomainOnDs: status of disconnecting from '\\dns1.bob.local': 0x0
09/23/2011 15:15:37:390 NetpCompleteOfflineDomainJoin
09/23/2011 15:15:37:390 fBootTimeCaller: FALSE
09/23/2011 15:15:37:390 fSetLocalGroups: TRUE
09/23/2011 15:15:37:390 NetpLsaOpenSecret: status: 0xc0000034
09/23/2011 15:15:37:390 NetpGetLsaPrimaryDomain: status: 0x0
09/23/2011 15:15:37:390 NetpJoinDomainLocal: NetpHandleJoinedStateInfo returned: 0x0
09/23/2011 15:15:37:390 NetpLsaOpenSecret: status: 0xc0000034
09/23/2011 15:15:37:624 NetpJoinDomainLocal: NetpManageMachineSecret returned: 0x0.
09/23/2011 15:15:37:624 Calling NetpQueryService to get Netlogon service state.
09/23/2011 15:15:37:624 NetpJoinDomainLocal: NetpQueryService returned: 0x0.
09/23/2011 15:15:37:656 NetpSetLsaPrimaryDomain: for 'bob' status: 0x0
09/23/2011 15:15:37:656 NetpJoinDomainLocal: status of setting LSA pri. domain: 0x0
09/23/2011 15:15:37:656 NetpManageLocalGroupsForJoin: Adding groups for new domain, removing groups from old domain, if any.
09/23/2011 15:15:37:656 NetpManageLocalGroups: Populating list of account SIDs.
09/23/2011 15:15:37:843 NetpManageLocalGroupsForJoin: status of modifying groups related to domain 'bob' to local groups: 0x0
09/23/2011 15:15:37:843 NetpManageLocalGroupsForJoin: INFO: No old domain groups to process.
09/23/2011 15:15:37:843 NetpJoinDomainLocal: Status of managing local groups: 0x0
09/23/2011 15:15:37:921 NetpJoinDomainLocal: status of setting ComputerNamePhysicalDnsDomain to 'bob.local': 0x0
09/23/2011 15:15:37:921 NetpJoinDomainLocal: Controlling services and setting service start type.
09/23/2011 15:15:37:921 NetpJoinDomainLocal: Updating W32TimeConfig
09/23/2011 15:15:38:046 NetpUpdateW32timeConfig: 0x0
09/23/2011 15:15:38:046 NetpClearFullJoinState: Removing cached state from the registry...
09/23/2011 15:15:38:046 NetpClearFullJoinState: Status of deleting join state key 0x0
09/23/2011 15:15:38:046 NetpCompleteOfflineDomainJoin: status: 0x0
09/23/2011 15:15:38:046 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
09/23/2011 15:15:38:046 NetpDoDomainJoin: status: 0x0
