I recently had some problems, well earlier as well, with computers not joining the domain during a task sequence. Usually this is caused by missing or incorrect network drivers. But not this time. And as usual everybody just says, check the logs for the error message...
Well, you need to know what logs and what to look for then...
Anyway, in my case this time it was due to a wrong password. I am 100% sure that the password for the DJA (Domain Join Account) was typed correctly both in AD and on the SCCM server. I used this password: sccmD0m@!n It just refused to join/rejoin the computer to the domain.
Log entry in SCCM (Status Message Queries -> All Status Message):
The task sequence execution engine successfully completed the action (Apply Network Settings) in the group (Install Operating System) with exit code 0
Action output: ==============================[ OSDNetSettings.exe ]===========================
Command line: "osdnetsettings.exe" configure
Setting %SystemRoot% to "C:\Windows"
Loading existing answer file "C:\Windows\panther\unattend\unattend.xml"
Configuring global network settings
Join type: 0
Joining domain: sccm.com
Getting namespace "Microsoft-Windows-UnattendedJoin" for architecture "x86"
DNS domain:
DNS domain search order:
IP filter sec enabled: falseNo adapters found in environment. Performing global configuration only.Writing configuration information to C:\Windows\panther\unattend\unattend.xml
Successfully saved configuration information to C:\Windows\panther\unattend\unattend.xml
Configuring "OSDNetSettings.exe finalize" to run onfirst boot
OSDNetSettings finished: 0x00000000.
As I said, this time it was not drivers, cause the computer have network access during this step. So over to the next log then, over to the failing client.
Go to: C:\Windows\debug
Locate the netsetup.log file open it and look for error messages, in my case I found this message:
01/25/2012 21:03:49:557 -----------------------------------------------------------------
01/25/2012 21:03:49:557 NetpDoDomainJoin
01/25/2012 21:03:49:557 NetpMachineValidToJoin: 'SCCM_BUILD_X32'
01/25/2012 21:03:49:557 OS Version: 6.1
01/25/2012 21:03:49:557 Build number: 7601 (7601.win7sp1_gdr.111025-1505)
01/25/2012 21:03:49:557 ServicePack: Service Pack 1
01/25/2012 21:03:49:588 SKU: Windows 7 Enterprise
01/25/2012 21:03:49:588 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/25/2012 21:03:49:588 NetpGetLsaPrimaryDomain: status: 0x0
01/25/2012 21:03:49:588 NetpMachineValidToJoin: status: 0x0
01/25/2012 21:03:49:588 NetpJoinDomain
01/25/2012 21:03:49:588 Machine: SCCM_BUILD_X32
01/25/2012 21:03:49:588 Domain: sccm.com\dc.sccm.com
01/25/2012 21:03:49:588 MachineAccountOU: (NULL)
01/25/2012 21:03:49:588 Account: sccm.com\dja
01/25/2012 21:03:49:588 Options: 0x23
01/25/2012 21:03:49:588 NetpLoadParameters: loading registry parameters...
01/25/2012 21:03:49:588 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/25/2012 21:03:49:588 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/25/2012 21:03:49:588 NetpLoadParameters: status: 0x2
01/25/2012 21:03:49:588 NetpValidateName: checking to see if 'sccm.com' is valid as type 3 name
01/25/2012 21:03:49:806 NetpCheckDomainNameIsValid [ Exists ] for 'sccm.com' returned 0x0
01/25/2012 21:03:49:806 NetpValidateName: name 'sccm.com' is valid for type 3
01/25/2012 21:03:49:994 NetUseAdd to \\dc.sccm.com\IPC$ returned 132601/25/2012 21:03:49:994 NetpJoinDomain: status of connecting to dc '\\dc.sccm.com': 0x52e
01/25/2012 21:03:49:994 NetpJoinDomainOnDs: Function exits with status of: 0x52e
01/25/2012 21:03:49:994 NetpDoDomainJoin: status: 0x52e
01/25/2012 21:03:55:001 -----------------------------------------------------------------
The 1326 error means that the username is unkown or the password is bad. You can guess whats wrong in my case... BTW: a 1355 error means that the domain name cant be contacted or it can be misspelled (hence it cant be contacted)
After I changed the password to a more simple one, yes, one that I REALLY can spell correctly, I got this log entry: Shortened a lot, but here is the essential lines:
01/24/2012 23:24:45:129 NetpClearFullJoinState: Status of deleting join state key 0x0
01/24/2012 23:24:45:129 NetpCompleteOfflineDomainJoin: status: 0x0
01/24/2012 23:24:45:129 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
01/24/2012 23:24:45:129 NetpDoDomainJoin: status: 0x0
I really look forward to the "Test" button that is promised in SCCM 2012
Google searches used:
netjoindomain returned 1326 sccm
sccm cant rejoin computer to domain
no adapters found in environment. performing global configuration only
Still no such button in SCCM :(
ReplyDelete