Re: RIS built Machines won't join the domain after upgrading to W2
- From: "TIMM" <TIMM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Nov 2005 05:06:03 -0800
SP1 introduced additonal RPC and SAMR security and during the upgrade SP1
adds new entries to NULL Session Pipes. However if you set the " Network
access: Named Pipes that can be accessed anonymously" Group policy then the
updates that SP1 will be over written and thus the workstation will not have
the ability to access SAMR in order to confirm a workstation account exists
in AD.
To fix this problem, set the following registry key
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\lanmanserver\parameters\NullSessionPipes" and or Group Policy should include the following entries.
COMNAP
COMNODE
SQL\QUERY
SPOOLSS
LLSRPC
EPMAPPER
LOCATOR
TrkWks
TrkSvr
Browser
Netlogon
LSArpc
samr
Please let me know if this resolves your problem
Good luck!
Tim
"gherkin" wrote:
> Thanks for the advice TIMM. I have removed SP1 and RIS builds work fine. I
> notice in the book of SP1 there is a section about modifications to the SAMR
> and LSAR protocols.
>
> When my builds run successfully without SP1 you get the following lines in
> the netsetup.log: -
>
> 09/13 13:44:54 NetpJoinDomain: w9x: status of validating account: 0x0
>
> The w9x is presumably a reference to old style domain joining. The book of
> SP1 states that if the SAMR and LSAR modifications stop your code working you
> will need to modify your code.
>
> Could this mean that the Sysprep\RIS\Riprep needs patching, or is it a
> problem that slipped under the testing radar?
>
>
> "TIMM" wrote:
>
> > Bruce,
> > My Sif file has always been %machinedomain% however I will try hardcoding it
> > in the SIF file to see if it resolves the problem. However is seems to be a
> > communication issue with the domain controllers. I downgraded the Domain
> > controller running RIS. The build works fine when the workstation resolves
> > the Pre SP1 domain controller, but fails if it resolves to the SP1 server
> > when it attempts to join the domain. I suspect it is additional security for
> > anymous connections.
> >
> > Tim
> > "Bruce Musgrove" wrote:
> >
> > >
> > > [Identification]
> > > JoinDomain=%MACHINEDOMAIN%
> > >
> > > In your sif file possibly?
> > >
> > > Something similar happened to me after one of my updates (maybe after
> > > mofiying the SIF ile using the answer file wizard) and
> > > "JoinDomain=my.domain.org" had changed to "
> > > "JoinDomain=%MACHINEDOMAIN%"
> > >
> > >
> > > "TIMM" <TIMM@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:B23195B0-3C7C-48B7-82F1-1FFFD1BCD815@xxxxxxxxxxxxxxxx
> > > > I forgot to mention that the Setuperr.log reports the following
> > > > Error:
> > > > Netsetup:Join domain XXXXXXXX in full unattended mode failed. Setup will
> > > > proceed to add the workstation to the default domain.
> > > >
> > > > However I am able to add the workstation to the damain if I login locally
> > > > and then add the workstation to the domain.
> > > >
> > > > Tim
> > > >
> > > > "TIMM" wrote:
> > > >
> > > > > After upgrading to W2k3 sp1, XP sp2 pc's built via RIS fail to join the
> > > the
> > > > > domain even though the workstation account are being created by RIS
> > > during
> > > > > the built process. Prior to the upgrade over 300 pc's had been deployed
> > > via
> > > > > RIS and this issue is occuring on multiple servers. Rolling back SP1
> > > does
> > > > > seem to resolve the issue. Also RIS is running on domain controllers.
> > > > >
> > > > > Any assistance or recommendations would be appreciated
> > >
> > >
> > >
.
- Follow-Ups:
- References:
- Prev by Date: Re: RIS Server 2003 SP1 and XPSP2 issues
- Next by Date: Re: RIS Server 2003 SP1 and XPSP2 issues
- Previous by thread: Re: RIS built Machines won't join the domain after upgrading to W2
- Next by thread: Re: RIS built Machines won't join the domain after upgrading to W2
- Index(es):
Relevant Pages
|
