Ghost Solution Suite

  • Private Community
 View Only

  • 1.  Can't login to domain, or machine failed to join

    Posted Apr 11, 2008 11:17 AM
    My ghost event log gives this:
     
    Wake on Lan - Success
    Create Machine Account - Success
    Prepare configuration - Success
    To virtual partition - Success
    Clone - Success
    Configuration - Success
    To target operating system - Success
    Configuration - Warning
    (Details for: Configuration, Failed to join Domain 'mydomain' : Domain does not exist or cannot contact this domain (roughly translated from dutch)
    Finish - Success
     
    The ghost user has all the right to put machines on the domain, also when I log on to the machine I can put it on the domain manually. It also has put the machine in the active directory but when I check the properties of that name its empty (does not see which OS, version etc).
     
    I have created the image from another PC with the following options: Clone, Configuration, Use Wake on Lan and most important I think: Remove image from domain while taking this image.
     
    After these errors I decided to make the image again with the same parameters but I did not enable the function: Remove image from domain. This time Success at every step, but the PC is left in a state where I can only log in to a local account - domain logins result in an error message saying the PC can't connect to the domain because the DC is down or the computer account was not found. (thread about this)
     
    The sysprep part about the domain looks like this:
    [Identification]
        JoinDomain='domain'
        DomainAdmin='user'
        DomainAdminPassword='password'
     
    My netsetup file on the client looks like this when I use the first option (remove machine from domain before taking image)
    04/11 17:06:13 -----------------------------------------------------------------
    04/11 17:06:13 NetpDoDomainJoin
    04/11 17:06:13 NetpMachineValidToJoin: 'Machine name'
    04/11 17:06:13 NetpGetLsaPrimaryDomain: status: 0x0
    04/11 17:06:13 NetpMachineValidToJoin: status: 0x0
    04/11 17:06:13 NetpJoinDomain
    04/11 17:06:13  Machine: Machine Name
    04/11 17:06:13  Domain: DOMAIN
    04/11 17:06:13  MachineAccountOU: (NULL)
    04/11 17:06:13  Account: (NULL)
    04/11 17:06:13  Options: 0xc1
    04/11 17:06:13  OS Version: 5.1
    04/11 17:06:13  Build number: 2600
    04/11 17:06:13  ServicePack: Service Pack 2
    04/11 17:06:13 NetpValidateName: checking to see if 'DOMAIN' is valid as type 3 name
    04/11 17:06:15 NetpCheckDomainNameIsValid for DOMAIN returned 0x54b
    04/11 17:06:15 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN' returned 0x54b
    04/11 17:06:15 NetpDoDomainJoin: status: 0x54b
    If I use the second option (don't remove machine from domain before taking image) then no new lines get added in the netsetup files (also stated in thread)
     
    I have googled the error 0x45b and found some pointers to DNS problems. Some thing about the AD zone type must be set to Primary and not Active Directory-Integrated, else the records from the text file are not uploaded to the DNS server. Im not sure how to do this and if this is my problem, so any help is appreciated.

     


  • 2.  RE: Can't login to domain, or machine failed to join

    Posted Apr 11, 2008 03:32 PM
    Are you using the Configuration tab in your push task?  And in the Configuration tab, are you using the Default "Use previous machine configuration"?  If so, don't.  Yes, you should be able to, and I've had both good and bad results from using it, I don't know why.

    Instead, create a new configuration and specify it.  Go to Configuration Resources -> Configurations, and make a New Configuration.  Make sure you select the right OS (in my case 2000/XP).  The only change I make is in the Workgroup/Domain membership section, where I check "Apply Member of" and then select the radio box for Domain, and select my domain.  Everything else in all other spots is left unchecked, so I use whatever is already in the image.

    Then go back to your push-image task, select the Configuration tab, and select "Template" and then find the configuration thing you just made.

    I personally don't bother with Sysprep.  All my machines are identical so I don't worry about adding drivers, etcetc.  And I don't worry about "official" MS methods or not :)  I trust Ghostwalker enough to change names, change SIDs, and with no driver changes, I'm ok with the Configuration tab part of my push-image task adding the machine to the domain.

    Also, are you adding the computer into the default Computer container or some other OU/Container?  If so, first see if you can just add the computer to the domain, when the computer is just in the normal Computer container.  There have been some oddball issues in other threads about adding a system to something other than the basic Computer container.  I don't have that problem (I use Computer container) so I didn't really read much on that, but you can find it via Search threads.

    Another thing to check on is in the Domain Controller, make sure you've Delegated the task.  Again, it should have been setup but it never hurts to check.  On your DC, right-click on your domain and select Delegate Control.  Go through the Wizard, and specify the user that you said has the authority to add machines to the domain, when you setup the Ghost console.   Make sure it has the "Join a computer to the domain" checked.  Or Create a custom task to delegate, and give it authority to manipulate objects of Computer object type so you can add/delete/move/rename objects as needed using this specific user.

    Good luck!
    PH



  • 3.  RE: Can't login to domain, or machine failed to join

    Posted Apr 14, 2008 05:35 AM
    Thanks for the reply Paul, I have been working with your suggestions and this is how I got so far.
     
    I was using the default configuration before and tried to make a custom one with just OS and membership of a domain. This still produced the same error as before. Second I forwarded the machine to the default computer container (instead of our computer/recourses/workstations etc). It did get added in the directory, but without any information and still didnt get added on the domain. Finally I rechecked my domain controller and made sure the task was delegated. I have double checked this by adding the machine manually to the domain by using the ghost user account. My netsetup logs still gives the same errors as in the message posted above. In the end my computers still do not get added to the domain, so any more suggestions or pointers about DNS zonetype would be appreciated.


  • 4.  RE: Can't login to domain, or machine failed to join

    Posted Apr 14, 2008 06:10 AM
    Ahh good news, I did manage to solve it eventually. I read here that the problem might be that I was using the workgroup name instead of the netbios name of the domain. In the machine settings I just changed the name to the netbios name and used Default configuration settings. When I did that it worked like a charm. Paul thanks for the reply, this problem is solved!