VMware Cloud Community
DGI_Drift
Contributor
Contributor
Jump to solution

Windows Server 2008 R2 Template will not join domain

Hi.

I have made some Windows Server 2008 R2 template at our esx 4 update 1 hosts.

My isue is that these servers will not join the domain with the customization I have made. I know I use the right user (with proper rights) because I use the same user on other templates.

Do anyone else have this problem?

What do I do wrong?

Reply
0 Kudos
1 Solution

Accepted Solutions
lanalyzer
Enthusiast
Enthusiast
Jump to solution

Hi All,

Have you guys tried to enter the Domain not using the NetBIOS name? In other words ... please try entering the FQDN for the domain.

Also make sure that the login is entered with the UPN and not the pre-Windows 2000 format , in other words: username@FQDN instead of DOMAIN\User

Thanks!

View solution in original post

Reply
0 Kudos
20 Replies
AnatolyVilchins
Jump to solution

The reason for Microsoft recommending that

you use use ISA to publish OWA to the Internet is to overcome the

"counterintuituve" feeling you're having re: exposing a server on the

LAN directly to the Internet (at least, at layer 3).

I wouldn't put my backend server hosting the other Exchange roles

into the DMZ, if for no other reason than I don't think I'd want to

expose my firewall device to all the Outlook client traffic from

computers on the LAN.

If you're not comfortable with exposing the server hosting OWA and

ActiveSync at layer 3, grab some open source HTTP proxy and put it in

place between the Internet and the LAN to proxy HTTP into OWA.

from http://serverfault.com/questions/104613/where-to-put-exchange-2007-server-roles-in-the-network

Starwind Software Developer

www.starwindsoftware.com

Kind Regards, Anatoly Vilchinsky
Reply
0 Kudos
DGI_Drift
Contributor
Contributor
Jump to solution

???

What have this to do with my question?:)

Reply
0 Kudos
AntonVZhbankov
Immortal
Immortal
Jump to solution

Check password for joining domain, and there should be network connectivity (including correct DNS) during joining domain.


---

MCSA, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
Igwah
Enthusiast
Enthusiast
Jump to solution

Hi,

Can you ping the domain controllers using their FQDN? If so, can you telnet to the DC on some of the AD ports such as 53 (DNS) 389 (LDAP) and 445 (SMB)?

The above tests should rule out network connectivity and firewall issues. Next step is to check the account you're using to join the domain. If that's fine then I'd re-sid the machine and try again

Reply
0 Kudos
DGI_Drift
Contributor
Contributor
Jump to solution

Thanks for the answers:)

When I deploy the server I know it have network connection.

I also know that the user I use in the customization is OK (because I use this on other templates windows 2003 server and it works), and I can join the server to the domain with the same user, after the deploying is finished.

I can ping DC with FQDN and telnet to all the ports you say.

In the Customization wizard it is an option that says "Generate New Security ID (SID)" that I have marked on. So I guess that is OK?

Some other suggestions?:)

Reply
0 Kudos
Igwah
Enthusiast
Enthusiast
Jump to solution

what error message do you get?

Only other suggestion without an error message is to check in AD for an already existing computer account with the same name as the VM you are trying to join to the domain. If it exists remove it & try again.

Reply
0 Kudos
DGI_Drift
Contributor
Contributor
Jump to solution

Thanks again:)

Is no similar name in AD.

I don't get any error messages, so I'm stuck:(

The only thing is that it wil not join the domain when the customization is going on. Maybe the hole customization is f....? I have tried to make you aswell, but no changes.

It seems that it can't activate windows ether. Although I have license. I use a MAK license.

Maybe it's something new you have to do in VC to customize Windows Server 2008 R2?

Reply
0 Kudos
Igwah
Enthusiast
Enthusiast
Jump to solution

oh okay. What happens if you manually try to join it to the domain after you deploy the template?

I've had a similar activation issue before with a MAK key. I resolved it by re-entering the license key, so I'd try that. As a side note, I've also had issues in Vista where when I was behind a proxy ser ver (Bluecoat in this instance) I couldn't activate and I had to get on the phone to get it activated.

Reply
0 Kudos
DGI_Drift
Contributor
Contributor
Jump to solution

I can join the domain after deployment without any problems:)

And if I re-entering the same MAK key, I can activate without any problems.

The only problem is that this should have been done in the customization/deployment of the server:)

Reply
0 Kudos
Igwah
Enthusiast
Enthusiast
Jump to solution

One last thing I'd suggest, if you're customizing using an existing template, is to try stepping through the customization wizard manually and see if it makes a difference. A possible workaround for the activation issue could be to create a script to use in the "Run Once" step of the wizard which activates windows online (e.g. ) however it's not an ideal solution.

Alternatively try copying the CAB for 2008 r2 sysprep to your vCenter server again and see if it makes a difference.

Sorry I can't be of more help, hopefully someone else can.

Reply
0 Kudos
trurodh
Enthusiast
Enthusiast
Jump to solution

Has anyone come up with an answer as to why the 2008 R2 server will not join the domain during the customization process? There is nothing stating errors in the c:\windows\temp\vmware-imc folder. It appears that everything runs successfully. I wonder if there is somehting with the 64 bit R2 that causes the issue? I am going to keep digging, if anyone has come across this and has solved or opened a case please post. Thanks!

Rod

Reply
0 Kudos
androidtopp
Contributor
Contributor
Jump to solution

I know this isn't of much help, but Rod, I'm having the exact same issue with a Server 2008 R2 x64 template and a guest customization. If I use the exact credentials as specified in the customization, I can join the domain, no problems. Obviously, that's a solution, but I'd much rather this work from beginning to end rather than require manual intervention post deployment.

I have yet to try with a Server 2008 x64 template (building as we speak) but I'll reply to myself when I determine if that works or not.

Thanks,

Andrew

Reply
0 Kudos
lanalyzer
Enthusiast
Enthusiast
Jump to solution

Hi All,

Have you guys tried to enter the Domain not using the NetBIOS name? In other words ... please try entering the FQDN for the domain.

Also make sure that the login is entered with the UPN and not the pre-Windows 2000 format , in other words: username@FQDN instead of DOMAIN\User

Thanks!

Reply
0 Kudos
Zipzerip
Contributor
Contributor
Jump to solution

Hi,

i had the same problem with Windows Server 2008 64Bit.

With FQDN for the domain and UPN for User (username@FQDN) it works fine.

Thank you lanalyzer.

Reply
0 Kudos
trurodh
Enthusiast
Enthusiast
Jump to solution

Thanks Lanalyzer. Using the username@FQDN worked for me.

Reply
0 Kudos
DGI_Drift
Contributor
Contributor
Jump to solution

Thanks a lot:) It made my day:p

Reply
0 Kudos
ghallford
Contributor
Contributor
Jump to solution

Confirmed that you must you the UPN login of username@domainupn and not DOMAIN\username for me as well Smiley Happy

Thanks!

Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

Remmeber that different Microsoft OS's require different means of domain credential presentation when authenticating to a domain.

All Vista and Windows 7/2008 systems do the following:

Username: myusername@mydomain.local
Domain: mydomain.local

Windows 2003/XP/2000 follow this procedure

Username: MYDOMAIN\myusername
Domain: MYDOMAIN

So when using your customization wizard check the login format.

In addition if there is not enough time delay to kick sysprep off.

You can review the unattended log here for errors.
c:\windows\panther\unattendgc\setupact.log

Reply
0 Kudos
cruxlab
Contributor
Contributor
Jump to solution

My issue was a computer account with the sam name already existed in ActiveDirectory.

Reply
0 Kudos