WDS Windows XP cannot join domain

  • Thread starter Thread starter randall
  • Start date Start date
R

randall

Hi there

my situation looks like this:
Server 2008 domain controller (standard setup)
with WDS installed (native mode)

syspreped WinXP SP2 image.

everything concerning the deployment works like a charm except the
domain joining process.

during the minisetup it should join the domain but returns with the
message
"The user you have specified is not permitted to join the machine to
the domain"

if i choose to enter the credentials manually at the error message and
i use the exact same user (domainadmin) and password the domain join
works perfectly.

when looking in the netsetup.log i see this:
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpDoDomainJoin
04/30 12:29:09 NetpMachineValidToJoin: 'COMPNAME'
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpMachineValidToJoin: status: 0x0
04/30 12:29:09 NetpJoinDomain
04/30 12:29:09 Machine: COMPNAME
04/30 12:29:09 Domain: DOMAIN.LOCAL
04/30 12:29:09 MachineAccountOU: (NULL)
04/30 12:29:09 Account: (NULL)
04/30 12:29:09 Options: 0x40003
04/30 12:29:09 OS Version: 5.1
04/30 12:29:09 Build number: 2600
04/30 12:29:09 ServicePack: Service Pack 2
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09 NetpDsGetDcName: trying to find DC in domain
'DOMAIN.LOCAL', flags: 0x1020
04/30 12:29:09 NetpDsGetDcName: found DC '\\DC1.DOMAIN.LOCAL' in the
specified domain
04/30 12:29:09 NetpJoinDomain: status of connecting to dc '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpGetDnsHostName: Read NV Hostname: COMPNAME
04/30 12:29:09 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS
domain name: DOMAIN.LOCAL
04/30 12:29:09 NetpLsaOpenSecret: status: 0xc0000034
04/30 12:29:09 NetpManageMachineAccountWithSid: NetUserAdd on '\
\DC1.DOMAIN.LOCAL' for 'COMPNAME$' failed: 0x5
04/30 12:29:09 NetpJoinDomain: status of creating account: 0x5
04/30 12:29:09 NetpJoinDomain: initiaing a rollback due to earlier
errors
04/30 12:29:09 NetpLsaOpenSecret: status: 0x0
04/30 12:29:09 NetpJoinDomain: rollback: status of deleting secret:
0x0
04/30 12:29:09 NetpJoinDomain: status of disconnecting from '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpDoDomainJoin: status: 0x5

this is the relevant part of the sysprep.inf

[Identification]
JoinDomain=domain.local
DoOldStyleDomainJoin=Yes
DomainAdmin=administrator
DomainAdminPassword=password

any hints?

and Yes i am using the domain admin account and it gives me 0x5
(access denied)

thanks in advance
 
Hi Randall

I had exactly the same problem. Because of netlogon events 5805 and 5722 I
found the KB-Article 942564 with the solution in it:
Change the Default Domain Controllers Policy with "Allow cryptography
algorithms compatible with Windows NT 4.0"
After I changed that, everything worked.


randall said:
Hi there

my situation looks like this:
Server 2008 domain controller (standard setup)
with WDS installed (native mode)

syspreped WinXP SP2 image.

everything concerning the deployment works like a charm except the
domain joining process.

during the minisetup it should join the domain but returns with the
message
"The user you have specified is not permitted to join the machine to
the domain"

if i choose to enter the credentials manually at the error message and
i use the exact same user (domainadmin) and password the domain join
works perfectly.

when looking in the netsetup.log i see this:
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpDoDomainJoin
04/30 12:29:09 NetpMachineValidToJoin: 'COMPNAME'
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpMachineValidToJoin: status: 0x0
04/30 12:29:09 NetpJoinDomain
04/30 12:29:09 Machine: COMPNAME
04/30 12:29:09 Domain: DOMAIN.LOCAL
04/30 12:29:09 MachineAccountOU: (NULL)
04/30 12:29:09 Account: (NULL)
04/30 12:29:09 Options: 0x40003
04/30 12:29:09 OS Version: 5.1
04/30 12:29:09 Build number: 2600
04/30 12:29:09 ServicePack: Service Pack 2
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09 NetpDsGetDcName: trying to find DC in domain
'DOMAIN.LOCAL', flags: 0x1020
04/30 12:29:09 NetpDsGetDcName: found DC '\\DC1.DOMAIN.LOCAL' in the
specified domain
04/30 12:29:09 NetpJoinDomain: status of connecting to dc '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpGetDnsHostName: Read NV Hostname: COMPNAME
04/30 12:29:09 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS
domain name: DOMAIN.LOCAL
04/30 12:29:09 NetpLsaOpenSecret: status: 0xc0000034
04/30 12:29:09 NetpManageMachineAccountWithSid: NetUserAdd on '\
\DC1.DOMAIN.LOCAL' for 'COMPNAME$' failed: 0x5
04/30 12:29:09 NetpJoinDomain: status of creating account: 0x5
04/30 12:29:09 NetpJoinDomain: initiaing a rollback due to earlier
errors
04/30 12:29:09 NetpLsaOpenSecret: status: 0x0
04/30 12:29:09 NetpJoinDomain: rollback: status of deleting secret:
0x0
04/30 12:29:09 NetpJoinDomain: status of disconnecting from '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpDoDomainJoin: status: 0x5

this is the relevant part of the sysprep.inf

[Identification]
JoinDomain=domain.local
DoOldStyleDomainJoin=Yes
DomainAdmin=administrator
DomainAdminPassword=password

any hints?

and Yes i am using the domain admin account and it gives me 0x5
(access denied)

thanks in advance
 
Back
Top