Ghost Solution Suite

 View Only

  • 1.  GSS2 and issue with joining a Vista machine to the domain.

    Posted Mar 09, 2007 11:38 AM
    I'm having some trouble with joining a Vista machine to the domain when pushing a sysprepped image from an imaging task from the console. In the task I have it running the clone and configuration task steps. When I execute the task the machine images fine and during the configuration step it gets the correct computer name that I specified but fails to join the domain. After the task is complete I can run a task that does just the configuration task step and use the same configuration and it will correctly join the domain.

    Looking at the event log for the task the steps in order are:

    Create machine account
    Prepare configuration
    to GHOSTBOOT partition
    Clone
    Configuration
    To target operating system
    Configuration (This is gives a warning)
    Finish

    The error message given during the configuration step is:
    Failed to join domain (domain). The specified domain either does not exist or could not be contacted.

    Again take out the clone step and run the task again it configures the machine perfectly and it is joined to the domain so I don't believe its something with the machine configuration.

    I'm not sure if I missed something in the sysprep or I something configured incorrectly somewhere in ghost.


  • 2.  RE: GSS2 and issue with joining a Vista machine to the domain.

    Posted Mar 10, 2007 02:47 AM
    The client finishes up the domain-join process by calling the Windows NetJoinDomain() API, when used with Sysprep on Vista, we let Sysprep do its thing and then reboot the client to ensure that the network is all properly set up before trying to join the domain. Something you can take a look at on the client to get some more background on the problem is a logfile written by this API: %WINDOWS%\Debug\NetSetup.Log.

    That may tell us some more about what's going on, but my general intuition is that for some reason Vista is taking an unusually long time to initialize one of the network subsystems after a sysprep, and NetJoinDomain() is failing as a result.

    The problem with this kind of startup-timing-issue is that it can be influenced by the speed of the hardware (and Vista's large memory footprint means that memory size is a big issue in its performance). We may have to try experimenting with waiting for more parts of the system to become ready before calling NetJoinDomain().


  • 3.  RE: GSS2 and issue with joining a Vista machine to the domain.

    Posted Mar 12, 2007 08:47 AM
    Here is the log file:

    03/09/2007 08:04:36:784 -----------------------------------------------------------------
    03/09/2007 08:04:36:784 NetpDoDomainJoin
    03/09/2007 08:04:36:784 NetpMachineValidToJoin: 'LH-4LNGE9U8TRH4'
    03/09/2007 08:04:36:784 OS Version: 6.0
    03/09/2007 08:04:36:784 Build number: 6000
    03/09/2007 08:04:36:831 SKU: Windows Vista? Enterprise
    03/09/2007 08:04:36:831 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
    03/09/2007 08:04:36:831 NetpGetLsaPrimaryDomain: status: 0x0
    03/09/2007 08:04:36:831 NetpMachineValidToJoin: status: 0x0
    03/09/2007 08:04:36:831 NetpJoinDomain
    03/09/2007 08:04:36:831 Machine: LH-4LNGE9U8TRH4
    03/09/2007 08:04:36:831 Domain: ad.test.edu
    03/09/2007 08:04:36:831 MachineAccountOU: (NULL)
    03/09/2007 08:04:36:831 Account: (NULL)
    03/09/2007 08:04:36:831 Options: 0xc1
    03/09/2007 08:04:36:831 NetpLoadParameters: loading registry parameters...
    03/09/2007 08:04:36:831 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
    03/09/2007 08:04:36:831 NetpLoadParameters: status: 0x2
    03/09/2007 08:04:36:831 NetpValidateName: checking to see if 'ad.test.edu' is valid as type 3 name
    03/09/2007 08:04:36:925 NetpCheckDomainNameIsValid for ad.test.edu returned 0x54b, last error is 0x40
    03/09/2007 08:04:36:925 NetpCheckDomainNameIsValid for 'ad.test.edu' returned 0x54b
    03/09/2007 08:04:36:925 NetpDoDomainJoin: status: 0x54b
    03/09/2007 08:11:37:820 -----------------------------------------------------------------
    03/09/2007 08:11:37:820 NetpDoDomainJoin
    03/09/2007 08:11:37:820 NetpMachineValidToJoin: 'IT-VISTAPRD03'
    03/09/2007 08:11:37:820 OS Version: 6.0
    03/09/2007 08:11:37:820 Build number: 6000
    03/09/2007 08:11:37:851 SKU: Windows Vista? Enterprise
    03/09/2007 08:11:37:851 NetpGetLsaPrimaryDomain: status: 0x0
    03/09/2007 08:11:37:851 NetpMachineValidToJoin: status: 0x0
    03/09/2007 08:11:37:851 NetpJoinWorkgroup: joining computer 'IT-VISTAPRD03' to workgroup 'WORKGROUP'
    03/09/2007 08:11:37:851 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
    03/09/2007 08:11:37:851 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' returned 0x0
    03/09/2007 08:11:37:851 NetpValidateName: name 'WORKGROUP' is valid for type 2
    03/09/2007 08:11:37:851 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
    03/09/2007 08:11:38:070 NetpJoinWorkgroup: status: 0x0
    03/09/2007 08:11:38:070 NetpDoDomainJoin: status: 0x0



    The machines I have been testing on are Dell Optiplex gx620s and 745s.


  • 4.  RE: GSS2 and issue with joining a Vista machine to the domain.

    Posted Apr 04, 2007 01:30 PM
    I'm having a similar problem, it appears that the console tries to join the machine with the auto-generated name instead of the intended target name, when this fails, it falls back to "workgroup".
     
    The task creates the object in AD fine with the right name, then when the machine comes up, it auto-generates a name, then the task attempts to join the machine to AD with the auto-name instead of the object it just created, this fails due to a GUID collision. It then seems that the task renames the computer and falls back to a work-group.
     
    The task should rename the machine before attempting to join it to the domain.
     
    I've tried to get this to work everywhich way from sunday, I deleted the object in AD before starting the task, and not, I've elevated the console acct. to Domain Admin, I think I have tried about every possible combination of settings with the same end result.
     
    If I run a configuration task, after the image task completes "with warnings", the machine is joined to domain, no problem.
     
     
     
    Task Log
    -------------------------------------------------------------------------------------------------------------------------------------------
     
    Task warnings:1
    Task process listing
    VE-MOD02 00-11-11-84-04-87 Update DOS system files 4/3/2007 9:53:27 AM Success
    VE-MOD02 00-11-11-84-04-87 Update DOS Network Drivers 4/3/2007 9:53:27 AM Success
    VE-MOD02 00-11-11-84-04-87 Create machine account 4/3/2007 9:53:28 AM Success
    Details for: Create machine account
    VE-MOD02, LDAP://server.domain.EDU//DC=domain,DC=EDU
    AALTEST
    VE-MOD02 00-11-11-84-04-87 Prepare configuration 4/3/2007 9:53:47 AM Success
    VE-MOD02 00-11-11-84-04-87 To Virtual Partition 4/3/2007 9:54:55 AM Success
    VE-MOD02 00-11-11-84-04-87 Clone 4/3/2007 10:01:07 AM Success
    VE-MOD02 00-11-11-84-04-87 Configuration 4/3/2007 10:01:26 AM Success
    VE-MOD02 00-11-11-84-04-87 To target operating system 4/3/2007 10:09:47 AM Success
    VE-MOD02 00-11-11-84-04-87 Configuration 4/3/2007 10:09:47 AM WARNING
    Details for: Configuration
    Failed to join domain domain.edu: The security database on the server does not have a computer account for this workstation trust relationship.
    VE-MOD02 00-11-11-84-04-87 Finish 4/3/2007 10:09:47 AM Success
     
     
    NetSetup.log "Client"
    ----------------------------------------------------------------------------------------------------------------------------------------------
    04/03/2007 11:58:18:609 -----------------------------------------------------------------
    04/03/2007 11:58:18:609 NetpDoDomainJoin
    04/03/2007 11:58:18:625 NetpMachineValidToJoin: 'LH-L7I9ZWZG3F8C'
    04/03/2007 11:58:18:625  OS Version: 6.0
    04/03/2007 11:58:18:625  Build number: 6000
    04/03/2007 11:58:18:671  SKU: Windows Vista™ Enterprise
    04/03/2007 11:58:18:671 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
    04/03/2007 11:58:18:671 NetpGetLsaPrimaryDomain: status: 0x0
    04/03/2007 11:58:18:671 NetpMachineValidToJoin: status: 0x0
    04/03/2007 11:58:18:671 NetpJoinDomain
    04/03/2007 11:58:18:671  Machine: LH-L7I9ZWZG3F8C
    04/03/2007 11:58:18:671  Domain: domain.edu
    04/03/2007 11:58:18:671  MachineAccountOU: (NULL)
    04/03/2007 11:58:18:671  Account: (NULL)
    04/03/2007 11:58:18:671  Options: 0xc1
    04/03/2007 11:58:18:671 NetpLoadParameters: loading registry parameters...
    04/03/2007 11:58:18:671 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
    04/03/2007 11:58:18:671 NetpLoadParameters: status: 0x2
    04/03/2007 11:58:18:671 NetpValidateName: checking to see if 'domain.edu' is valid as type 3 name
    04/03/2007 11:58:19:015 NetpCheckDomainNameIsValid [ Exists ] for 'domain.edu' returned 0x0
    04/03/2007 11:58:19:015 NetpValidateName: name 'domain.edu' is valid for type 3
    04/03/2007 11:58:19:015 NetpDsGetDcName: trying to find DC in domain 'domain.edu', flags: 0x40001010
    04/03/2007 11:58:19:078 [0000007c] NetpGetLsaPrimaryDomain: status: 0x0
    04/03/2007 11:58:20:203 NetpDsGetDcName: failed to find a DC having account 'LH-L7I9ZWZG3F8C$': 0x525, last error is 0x79
    04/03/2007 11:58:20:218 NetpDsGetDcName: status of verifying DNS A record name resolution for 'server.domain.EDU': 0x0
    04/03/2007 11:58:20:218 NetpDsGetDcName: found DC '\\server.domain.EDU' in the specified domain
    04/03/2007 11:58:20:234 NetpJoinDomain: status of connecting to dc '\\server.domain.EDU': 0x0
    04/03/2007 11:58:20:250 NetpGetLsaPrimaryDomain: status: 0x0
    04/03/2007 11:58:20:250 NetpGetDnsHostName: Read NV Hostname: LH-L7I9ZWZG3F8C
    04/03/2007 11:58:20:250 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: domain.EDU
    04/03/2007 11:58:20:265 NetpLsaOpenSecret: status: 0xc0000034
    04/03/2007 11:58:21:031 Failed to validate machine account for LH-L7I9ZWZG3F8C against \\server.domain.EDU: 0xc000018b
    04/03/2007 11:58:21:031 NetpJoinDomain: w9x: status of validating account: 0x6fb
    04/03/2007 11:58:21:031 NetpJoinDomain: initiaing a rollback due to earlier errors
    04/03/2007 11:58:21:031 NetpLsaOpenSecret: status: 0x0
    04/03/2007 11:58:21:343 NetpJoinDomain: rollback: status of deleting secret: 0x0
    04/03/2007 11:58:21:343 [000001d8] NetpGetLsaPrimaryDomain: status: 0x0
    04/03/2007 11:58:21:343 NetpJoinDomain: status of disconnecting from '\\server.domain.EDU': 0x0
    04/03/2007 11:58:21:343 NetpDoDomainJoin: status: 0x6fb
    04/03/2007 11:59:13:484 -----------------------------------------------------------------
    04/03/2007 11:59:13:484 NetpDoDomainJoin
    04/03/2007 11:59:13:484 NetpMachineValidToJoin: 'VE-MOD02'
    04/03/2007 11:59:13:484  OS Version: 6.0
    04/03/2007 11:59:13:484  Build number: 6000
    04/03/2007 11:59:13:484  SKU: Windows Vista™ Enterprise
    04/03/2007 11:59:13:484 NetpGetLsaPrimaryDomain: status: 0x0
    04/03/2007 11:59:13:484 NetpMachineValidToJoin: status: 0x0
    04/03/2007 11:59:13:484 NetpJoinWorkgroup: joining computer 'VE-MOD02' to workgroup 'WORKGROUP'
    04/03/2007 11:59:13:484 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
    04/03/2007 11:59:16:484 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE]  returned 0x0
    04/03/2007 11:59:16:484 NetpValidateName: name 'WORKGROUP' is valid for type 2
    04/03/2007 11:59:16:609 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
    04/03/2007 11:59:16:671 NetpJoinWorkgroup: status:  0x0
    04/03/2007 11:59:16:671 NetpDoDomainJoin: status: 0x0
     
     
    DC Event Log
    ---------------------------------------------------------------------------------------------------------------------------------------------
     
    The session setup from the computer LH-L7I9ZWZG3F8C failed to authenticate. The following error occurred:
    Access is denied.
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
     
    This not a permissions problem or a DNS problem. It looks like a sequencing problem to me.
     
    Thank you for any help with this.
     


  • 5.  RE: GSS2 and issue with joining a Vista machine to the domain.

    Posted Apr 05, 2007 12:15 AM
    Interesting; is that autogenerated name coming from your Sysprep.xml file? It should be the case that if the task is applying a computer name to the machine, that the sysprep.xml file is edited in DOS by the GHConfig.exe program to stop Sysprep from using it's autonaming system. I'm not sure if we need to see your particular sysprep.xml to figure out why that's not happening, but something that may help me is to see the "task scenario" from the console for the task that is failing, so I can see exactly what configuration settings you are applying to the machine.


  • 6.  RE: GSS2 and issue with joining a Vista machine to the domain.

    Posted Apr 23, 2007 11:48 AM
    Here is the task scenario from my task:
     
    Task : push image
    Task steps :
     Clone
     Configuration
    Number of client machines:  1
    Machine names:
     280
    Network Information:
     Data transfer mode: Multicast
     Data throughput limit: Not set
    Clone
     Image definition: Images\vista v16
     Image file location: E:\images\vista16.gho
     Target drive: 1
     Partition restore:  SRC: 1 TRG: 2
    Image info:
     1 - NTFS - 16382.0 - 8537.9
     Image file preserved: No
     Files and directories preserved: 0
    Configuration
     Configuration change type: Default
     Configuration changes per machine:
    280
    Computer Name                   it-vista280 (Default)
    NetBIOS computer name          IT-VISTA280 (Default)
    User                             (No change)
    Computer Description            Vista test box (Default)
    Member of Domain                         AD (Default)
    Add to Active Directory container ClientServices/Vista (Default)
    Move if currently in a container YES (Default)
    IP Address                       (No change)
    Default Gateway                 x.x.x.x (Default)
    DNS Domain                       (No change)
    DNS Server                      x.x.x.x (Default)
    WINS Server                     x.x.x.x,x.x.x.x (Default)
    Novell Netware Client            (No change)