I've been fighting an intermittant issue with machines not joining the domain, and while I think I've located the cause, I haven't been able to find a solution. When the machine failes, the attempt is caputured in the C:\Windows\debug\NetSetup.log file. The part that interested me is italicized below.
06/08/2018 07:16:09:193 NetpProvisionComputerAccount:
06/08/2018 07:16:09:193 lpDomain: domain.root.local
06/08/2018 07:16:09:193 lpHostName: machine
06/08/2018 07:16:09:193 lpMachineAccountOU: (NULL)
06/08/2018 07:16:09:193 lpDcName: controller.domain.root.local
06/08/2018 07:16:09:193 lpMachinePassword: (null)
06/08/2018 07:16:09:193 lpAccount: domain\user
06/08/2018 07:16:09:193 lpPassword: (null)
06/08/2018 07:16:09:193 dwJoinOptions: 0x23
06/08/2018 07:16:09:193 dwOptions: 0x40000003
06/08/2018 07:16:09:193 NetpLdapBind: Verified minimum encryption strength on controller.domain.root.local: 0x0
06/08/2018 07:16:09:193 NetpLdapGetLsaPrimaryDomain: reading domain data
06/08/2018 07:16:09:193 NetpGetNCData: Reading NC data
06/08/2018 07:16:09:193 NetpGetDomainData: Lookup domain data for: DC=domain,DC=root,DC=local
06/08/2018 07:16:09:193 NetpGetDomainData: Failed to find the domain data: 0x6e
On successfull attempts, the line above says non-null. This makes me believe that successfull attempts have a password, while these failed attempts are not sending the account password along, and that is why it is failing.
My question would be why a password would be sent the vast majority of the time, but fail on seemingly random attempts? This machine is a test unit, and has been successfully reimaged dozens of times to test changes to the deployment process. Any help would be appreciated.