Ghost Solution Suite

 View Only
Expand all | Collapse all

This operation is only allowed for the Primary Domain Controller of the domain.

Migration User

Migration UserAug 06, 2009 03:30 AM

  • 1.  This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 15, 2008 11:37 AM

    Using GSS 2.5, all goes well until the GSS trys to join a PC to our domain. I have admin rights and can create, add and delete computers manually with no problem. but GSS gives this information inside the Event Details:

    Details for : Configuraton 

    Failed to join domain XXX.XX.asu.edu: This operation is only allowed for the Primary Domain Controller of the domain.

    My config set up is no name, apply menber of domain, add to AD, no move, TCP/IP is DHCP



  • 2.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 18, 2008 12:50 AM
    Hi, I am having the exact same issue and am eagerly waiting a solution too :)


  • 3.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 21, 2008 04:25 PM
    Make sure your Ghost Console account (in the Console, Tools/Supported Domain List, it's at the bottom) has the Local Policy "Add workstations to the domain" User Right in the Default Domain Controllers Policy of Group Policies.


  • 4.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 21, 2008 06:33 PM

    hi, i have put a domain admin level user into the console to make sure it wasnt that.

    Also i have used the ghost(Computername) user that the console creates to join a computer manually.

    I have found that the whole operation goes without a hitch if the logon server that the ghost console picks up is also the PDC Emulator of the Domain.

    If the ldap server that it uses to create the accounts is the one that is the PDC Emaulator (which is the same as the logon server) it will work great.

    As soon as it uses the ldap from one of the other DC's it fails. (hence the error message)

    Thanks

    Ben



  • 5.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Sep 05, 2008 01:18 PM

    I have followed your steps.  I deleted the computer object prior to running the Configuration and I still get the error.  I am running only one domain.

     



  • 6.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Sep 08, 2008 11:48 AM
    What is your domain structure?  Running Mixed or Native and what servers?


  • 7.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Sep 09, 2008 01:11 PM
    I just took over this site and did notice that the server is running in Native window 2000.


  • 8.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 07, 2009 06:30 AM

    Did anyone solve this issue? I have been using ghost with no problems, I just upgraded our 4 domain controllers to windows 2008 and now my windows 2003 ghost server is getting the "operation is only allowed from the Primary Domain". What I found was if I keep running the configuration task it will add the pc's to the domain. (Takes about 6 goes) I even tried installing AD on the ghost server but it still fails. Any help would be great. Has any one taken this error up with Symantec?

     

    Thanks,



  • 9.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 07, 2009 10:54 AM

    I have the same probleme here with two 2008 domain controller.  I hope the solution will come soon.

     



  • 10.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 07, 2009 11:55 AM

    I have opened a case with Symantec Tech Support to solve this issue.

    I don't have a solution yet...  If anyone find it before please let me know.

     



  • 11.  RE: This operation is only allowed for the Primary Domain Controller of the domain.



  • 12.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 08, 2009 12:49 AM

    Hi,

     

    I am having the excat same problem and have followed the instructions on modfiying the defualt domain controller policey, this doesnt work.

     

    heres is my previous post: https://forums.symantec.com/syment/board/message?board.id=109&thread.id=19146

     

    any suggestions or help regarding this problem would be very appreicated...

     

    cheers,

     

    aaron

     



  • 13.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 12, 2009 04:12 PM

    Hi,

     

    Could you have a look at Aaron's post (https://forums.symantec.com/syment/board/message?board.id=109&thread.id=19146) and see if the solution works for you? Looks like it is the same issue, can't say for sure without looking at log files.

     

    Krish

     

     



  • 14.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 13, 2009 09:09 PM

    i modfied is found in the defualt domain controller policey: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Access: Named pipes that can be accessed anonymously"

     

    Now I get "Access Denied" in the log file.



  • 15.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 13, 2009 09:28 PM

    Did you manually add into the template, 'lsarpc' and verfiy that 'netlogon' are apart of the services?

     

    Did you try restarting your DC?

     

    cheers,

     

    aaron

     

     



  • 16.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 13, 2009 09:45 PM

    Netlogon was already there. I manually added Lsarpc to the template. Which service are you talking about?



  • 17.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 13, 2009 09:52 PM

    my appolagies, i did mean 'named pipes'.

     

    Might want to check that these named pipes are specified in the domain controller policy template are as follows;

    -COMNAP

    -COMNODE

    -SQL\QUERY

    -LLSRPC

    -BROWSER

    -netlogon

    -samr

    -lsarpc

     

    I also deleted and recreated my Ghost account (tools -> supported domain)

     

    Does that help?

     

    cheers,

     

    aaron


     



  • 18.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Jan 13, 2009 09:58 PM

    I recreated the account and now it works.

     

    Thanks for everyone's help. Much appreciated.



  • 19.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 06, 2009 03:10 AM
    What did you do to resolve this issue was recreating the account the fix?


  • 20.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 06, 2009 03:30 AM


    Did you ever get a solution for this
     


  • 21.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 10, 2009 05:59 AM
    Hi,

    I think this issue is related to domain controllers that are upgraded from 2k3 to 2k8. Do you have upgraded domain controllers?

    Krish 


  • 22.  RE: This operation is only allowed for the Primary Domain Controller of the domain.

    Posted Aug 11, 2009 12:24 PM
    No im having trouble with connecting a 2003 domain Ghost creates the Account in the right ou but when it trys to join the domain it gets the can not connect this fuction is only allowed by the Primary Domain controler