RE: RIS builds fail to join the domain after upgrade to windows 20
- From: "gherkin" <gherkin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Nov 2005 06:01:04 -0800
Bingo! It works now I have addedd the extra entries to that key.
It appears that the policy had been set previoulsy but when the policy was
removed the settings remained in the registry. I notice the registry key
HKLM\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess
is set to 1. Is this turned on by default by SP1 or is it that if the group
policy setting is set to not defined any settings placed there by previous
policies are not specifically removed unless you select diabled?
Thanks.
"TIMM" wrote:
> SP1 introduced additonal RPC and SAMR security and during the upgrade SP1
> adds new entries to NULL Session Pipes. However if you set the " Network
> access: Named Pipes that can be accessed anonymously" Group policy then the
> updates that SP1 will be over written and thus the workstation will not have
> the ability to access SAMR in order to confirm a workstation account exists
> in AD.
>
> To fix this problem, set the following registry key
> "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\lanmanserver\parameters\NullSessionPipes" and or Group Policy should include the following entries.
>
> COMNAP
> COMNODE
> SQL\QUERY
> SPOOLSS
> LLSRPC
> EPMAPPER
> LOCATOR
> TrkWks
> TrkSvr
> Browser
> Netlogon
> LSArpc
> samr
>
> Please let me know if this resolves your problem
>
> Good luck!
> Tim
>
>
> "gherkin" wrote:
>
> > I have upgraded my dev system to SP1 on all the infrastructure servers. After
> > doing this the RIS builds fall over when joining the domain. I get the
> > message: -
> >
> > The user you have specified is not permitted to join the machine to the
> > domain.
> >
> >
> > The following is from the netsetup.log: -
> >
> > 11/25 10:42:43 NetpDoDomainJoin
> > 11/25 10:42:43 NetpMachineValidToJoin: 'COMPUTER1'
> > 11/25 10:42:43 NetpGetLsaPrimaryDomain: status: 0x0
> > 11/25 10:42:43 NetpMachineValidToJoin: status: 0x0
> > 11/25 10:42:43 NetpJoinDomain
> > 11/25 10:42:43 Machine: COMPUTER1
> > 11/25 10:42:43 Domain: mydomain.co.uk
> > 11/25 10:42:43 MachineAccountOU: (NULL)
> > 11/25 10:42:43 Account: (NULL)
> > 11/25 10:42:43 Options: 0x40041
> > 11/25 10:42:43 OS Version: 5.1
> > 11/25 10:42:43 Build number: 2600
> > 11/25 10:42:43 ServicePack: Service Pack 2
> > 11/25 10:42:43 NetpValidateName: checking to see if 'mydomain.co.uk' is
> > valid as type 3 name
> > 11/25 10:42:43 NetpValidateName: 'mydomain.co.uk' is not a valid NetBIOS
> > domain name: 0x7b
> > 11/25 10:42:43 NetpCheckDomainNameIsValid [ Exists ] for 'mydomain.co.uk'
> > returned 0x0
> > 11/25 10:42:43 NetpValidateName: name 'mydomain.co.uk' is valid for type 3
> > 11/25 10:42:43 NetpDsGetDcName: trying to find DC in domain
> > 'mydomain.co.uk', flags: 0x1020
> > 11/25 10:42:43 NetpDsGetDcName: found DC '\\mydc01.mydomain.co.uk' in the
> > specified domain
> > 11/25 10:42:43 NetpJoinDomain: status of connecting to dc
> > '\\mydc01.mydomain.co.uk': 0x0
> > 11/25 10:42:43 NetpGetLsaHandle: LsaOpenPolicy on \\mydc01.mydomain.co.uk
> > failed: 0xc0000022
> > 11/25 10:42:43 NetpGetLsaPrimaryDomain: status: 0xc0000022
> > 11/25 10:42:43 NetpJoinDomain: initiaing a rollback due to earlier errors
> > 11/25 10:42:43 NetpJoinDomain: status of disconnecting from
> > '\\mydc01.mydomain.co.uk': 0x0
> > 11/25 10:42:43 NetpDoDomainJoin: status: 0x5
> >
> >
> > Does SP1 introduce enhanced security that may have caused this problem?
> >
.
- References:
- Prev by Date: Re: Users profiles getting to big - Server 2003
- Next by Date: correo
- Previous by thread: RE: RIS builds fail to join the domain after upgrade to windows 2003 S
- Next by thread: OT: Where do I get the Cisco 1700 software?
- Index(es):
Relevant Pages
|
