RIS image, after SEP install won't join domain

bjohn's picture
bjohn
July 8th, 2009

We use RIS/RIPREP in our environment, and after SEP install on the image, the machine won't automatically join the domain when the image is brought down. We had this problem with older versions of SCS previously but was fixed in the later versions of SCS. Anyone else have this problem? I thought it was the firewall blocking things, but when I look in the firewall logs, I don't see anything.

Filed under: , ,
0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
19 weeks 4 days ago

Which Component

Can you pin down..which component is causing the issue by removing the component one by one rebooting and then testing.
Most Probably it should be NTP but still can you confirm. 

Celebrating 2 years as a community member....

0 votes
Sandeep Cheema's picture
Sandeep Cheema
19 weeks 4 days ago

1) Is the SEP install a part

1) Is the SEP install a part of the image or installed after the deployment is done?
2) Not every rule is logged by default. Create a new package for logging the rules and export it or you can export and import a sar file into the client.

0 votes
bjohn's picture
bjohn
7 weeks 6 days ago

I still haven't been able to

I still haven't been able to get machines with SEP (installed with NTP) automatically added to the domain.

I know we had this issues with older versions of SAV and found this KB.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006060208393848?Open&docid=2004052710203048&nsf=ent-security.nsf&view=docid

Surely I can't be the only one with SEP installed that does Sysprep/riprep?

I found a post from about a year ago. I contacted the author, he said he was never able to get it to work.
https://www-secure.symantec.com/connect/forums/os-image-deployment-and-auto-joining-domain-woes

0 votes
snekul's picture
snekul
7 weeks 6 days ago

I think it might be because

I think it might be because all network connections are set to be blocked until SEP/NTP is fully up-and-running.  The domain join process will occur before that.  You might want to disable NTP in the RIPPREP image and then let the SEPM policies turn it back on.

Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa

0 votes
bjohn's picture
bjohn
7 weeks 5 days ago

I do have the option "block

I do have the option "block all traffic until the firewall starts and after the fireweall stops" checked.
but I also have the "allow initial DHCP and NetBIOS traffic" checked.

I thought netbios traffic is used when a domainjoin occurs?

0 votes
snekul's picture
snekul
7 weeks 5 days ago

Hmm, I'd give it a shot with

Hmm, I'd give it a shot with the option "block all traffic until the firewall starts and after the fireweall stops" disabled to see if that helps.  I happend to be able to speak with one of our AD admins here, but the machine will need DNS (53) and RPC (445) for sure to be able to join.  NetBIOS is a different depending on who you ask.

If it does, I'd maybe have a temporary policy for machines as they are imaged and then move them to a new policy once they're going--assuming your're using a SEPM server.

Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa

0 votes