Re: RIS domain join problem
- From: "gherkin" <gherkin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Nov 2005 06:01:02 -0800
Bingo! It works now I have addedd the extra entries to that key.
It appears that the policy had been set previoulsy but when the policy was
removed the settings remained in the registry. I notice the registry key
HKLM\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess
is set to 1. Is this turned on by default by SP1 or is it that if the group
policy setting is set to not defined any settings placed there by previous
policies are not specifically removed unless you select diabled?
Thanks.
"TIMM" wrote:
> SP1 introduced additonal RPC and SAMR security and during the upgrade SP1
> adds new entries to NULL Session Pipes. However if you set the " Network
> access: Named Pipes that can be accessed anonymously" Group policy then the
> updates that SP1 will be over written and thus the workstation will not have
> the ability to access SAMR in order to confirm a workstation account exists
> in AD.
>
> To fix this problem, set the following registry key
> "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\lanmanserver\parameters\NullSessionPipes" and or Group Policy should include the following entries.
>
> COMNAP
> COMNODE
> SQL\QUERY
> SPOOLSS
> LLSRPC
> EPMAPPER
> LOCATOR
> TrkWks
> TrkSvr
> Browser
> Netlogon
> LSArpc
> samr
>
> Please let me know if this resolves your problem
>
> Good luck!
> Tim
>
>
> "TIMM" wrote:
>
> > I am having exactly the same problem and was wondering if you ever found a
> > solution.
> >
> > "Alle" wrote:
> >
> > > "Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx> wrote in
> > > message news:ulPYT%23msFHA.464@xxxxxxxxxxxxxxxxxxxxxxx
> > > > "Alle" <alle_swoner2@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > > news:431c14b5$0$363$cc9e4d1f@xxxxxxxxxxxxxxxxxxxxxx
> > > >>
> > > >> Thanks for your reply. However, I always start unattended installs myself
> > > >> using the main administrator account.
> > > >>
> > > >> Is there anything else that could cause this problem?
> > > >
> > > > Hello Alle,
> > > >
> > > > it might be possible that a specific useraccount is configured in the
> > > > unattended-script to join computers to the domain, then you need to make
> > > > sure that this one has the sufficient rights.
> > > >
> > > > Otherwise check the security eventlog of every DC, it should tell you
> > > > which account was denied access to join a computer to the domain.
> > >
> > > Hi,
> > >
> > > We only have one DC and I've had a look through it's security event log,
> > > however I cannot see any domain join failures listed at all. The entire
> > > security log contains only "success audit"s, and I've checked the filter to
> > > make sure it shows failures, but still none are displayed.
> > >
> > > Is this normal behaviour? Is there a setting somewhere to turn on logging
> > > for domain join activity?
> > >
> > > Also checked the unattended script, but it doesn't mention a specific
> > > account for domain joins.
> > >
> > > Alle
> > >
> > >
> > >
.
- References:
- Re: RIS domain join problem
- From: TIMM
- Re: RIS domain join problem
- Prev by Date: Re: RIS domain join problem
- Next by Date: Re: ADAM Backup and Restore
- Previous by thread: Re: RIS domain join problem
- Next by thread: Re: Add Printer
- Index(es):
Relevant Pages
|
