Guest Operating Systems

  • 1.  XP virtual Machin can't join domain

    Posted Dec 21, 2023 07:21 AM

    Hi All, 

     

    i hope i'am in the right forums. 

     

    i'am facinfg big issue, i use vmware workstation 16 with an XP virtual machine which i usually give a name to that machine , then add it to the domain. 

    since domain controller server were upgraded , i'am no longer able to add xp machine to domain, i tried changing from bridged to NAT, give a static ip address plus the dns server address, i tried to renew SID also, 

     

    if i underestand well, it is because of SMB protocle which is disabled in the server , that is why it can't work, 

     

    my question is , is there another way to do this , i mean add xp machine to domain by bypassing that smb protocl or anything else ? 

    it is reaaly blocking me , even i trid ping the domain controller it respond ,

     

    thank you very much in advance

     
     


  • 2.  RE: XP virtual Machin can't join domain
    Best Answer

    Posted Dec 21, 2023 11:19 AM

    Hi there ,

     

    This is probably not the appropriate place to discuss this because it's not really a VMware issue.

     

    Having that out of the way, you should know that a number of things have changed with the newer OS and Active Directory which means that joining WinXP to these is becoming more difficult. The first you have mentioned is that SMBv1 is not installed (disabled) with some of the latest OS versions.

     

    This is relatively easy to fix however the next issue will be Kerberos. WinXP lived in the days of RC4 encryption for tokens from the KDC. This has been disabled with newer OSes and the default is now AES encryption. 

     

    I'm not going to post a link but in your WinXP SP3 machine, you are going to need to install a hotfix to allow WinXP to use AES and the one you are looking for is: KB969442

     

    Obviously, the above is highly recommended to avoid given the age of WinXP and the compromises you are making to security for the domain, however if you enable SMBv1 and install the hotfix in Windows XP, it should work. There might be a limit on the Domain and Forest Functional Level as well, so I'd probably ensure you are not beyond 2008 R2 for this - I haven't confirmed or denied this however.

     

    All standard warranties and disclaimers apply. Any guarantees are null invoid at this point. 

     

    Kind regards.



  • 3.  RE: XP virtual Machin can't join domain

    Posted Dec 21, 2023 01:03 PM

    first of all let me thank for your support and specially your explanation. 

    regarding my question, sorry i already post it elswhere and they redirect me here. 

     

    after reading what you said , i think i will put priority to security, and try to find a way to make my application works  on newer OS instead of XP, because unfortunately the concerned application works good on xp and also stable . 

     

    this will take lot of time but at least it doesn't risk our infrastructure . 

     

    thank you very much



  • 4.  RE: XP virtual Machin can't join domain

    Posted Dec 22, 2023 03:10 AM

    In my opinion, a very wise choice. PM if you want a second opinion or pair of eyes on getting the application to run in something newer than Windows XP. I make no promises but happy to try and help.

     

    Kind regards.