Endpoint Protection

 View Only

  • 1.  RIS image, after SEP install won't join domain

    Posted Jul 08, 2009 10:22 AM
    We use RIS/RIPREP in our environment, and after SEP install on the image, the machine won't automatically join the domain when the image is brought down. We had this problem with older versions of SCS previously but was fixed in the later versions of SCS. Anyone else have this problem? I thought it was the firewall blocking things, but when I look in the firewall logs, I don't see anything.


  • 2.  RE: RIS image, after SEP install won't join domain

    Posted Jul 08, 2009 02:23 PM
    Can you pin down..which component is causing the issue by removing the component one by one rebooting and then testing.
    Most Probably it should be NTP but still can you confirm. 


  • 3.  RE: RIS image, after SEP install won't join domain

    Posted Jul 08, 2009 02:36 PM
    1) Is the SEP install a part of the image or installed after the deployment is done?
    2) Not every rule is logged by default. Create a new package for logging the rules and export it or you can export and import a sar file into the client.


  • 4.  RE: RIS image, after SEP install won't join domain

    Posted Sep 28, 2009 12:59 PM
    I still haven't been able to get machines with SEP (installed with NTP) automatically added to the domain.

    I know we had this issues with older versions of SAV and found this KB.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006060208393848?Open&docid=2004052710203048&nsf=ent-security.nsf&view=docid

    Surely I can't be the only one with SEP installed that does Sysprep/riprep?

    I found a post from about a year ago. I contacted the author, he said he was never able to get it to work.
    https://www-secure.symantec.com/connect/forums/os-image-deployment-and-auto-joining-domain-woes


  • 5.  RE: RIS image, after SEP install won't join domain

    Posted Sep 28, 2009 04:44 PM
    I think it might be because all network connections are set to be blocked until SEP/NTP is fully up-and-running.  The domain join process will occur before that.  You might want to disable NTP in the RIPPREP image and then let the SEPM policies turn it back on.


  • 6.  RE: RIS image, after SEP install won't join domain

    Posted Sep 29, 2009 03:07 PM
    I do have the option "block all traffic until the firewall starts and after the fireweall stops" checked.
    but I also have the "allow initial DHCP and NetBIOS traffic" checked.

    I thought netbios traffic is used when a domainjoin occurs?


  • 7.  RE: RIS image, after SEP install won't join domain

    Posted Sep 29, 2009 03:49 PM
    Hmm, I'd give it a shot with the option "block all traffic until the firewall starts and after the fireweall stops" disabled to see if that helps.  I happend to be able to speak with one of our AD admins here, but the machine will need DNS (53) and RPC (445) for sure to be able to join.  NetBIOS is a different depending on who you ask.

    If it does, I'd maybe have a temporary policy for machines as they are imaged and then move them to a new policy once they're going--assuming your're using a SEPM server.