Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- VMware Technology Network
- :
- Cloud & SDDC
- :
- ESXi
- :
- ESXi Discussions
- :
- ESXi 4.1 U1: Windows 2003 Template - Domain Join I...
VMware Cloud Community
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ESXi 4.1 U1: Windows 2003 Template - Domain Join Issues
I setup a Customization File that includes a provision for automatically joining the VM to the domain as part of deploying the VM from a template. This works fine, except for the fact that it generates a CNF (duplicate, conflicting) record for the computer object. I tried to do the following to fix the issue:
1. Manually specify multiple different domain controllers in the DNS settings on the VM adapter
2. Validating that the time sync on the template and all other settings within the template itself
3.. Verified that the service account used by the domain join portion of the customization file is using the correct password (it is, since it is able to connect to the DC and create the computer object)
I read in another thread (which I do not have a link to right now) that some people had success by modifying the default replication frequency for the domain controllers. I do not want to do this, and I don't see why this should be necessary. As a side note, the customization file will change the name of the VM template to match the name supplied during the Deploy From Template wizard.
Below is the NetSetup.LOG output results. The relevant parts are in bold:
12/30 17:40:40 -----------------------------------------------------------------
12/30 17:40:40 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:40:40 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
12/30 17:40:40 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
12/30 17:40:40 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:40:40 -----------------------------------------------------------------
12/30 17:40:40 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:40:40 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
12/30 17:40:40 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
12/30 17:40:40 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:40:40 -----------------------------------------------------------------
12/30 17:40:40 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:40:40 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
12/30 17:40:40 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
12/30 17:40:40 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:40:40 -----------------------------------------------------------------
12/30 17:40:40 NetpDoDomainJoin
12/30 17:40:40 NetpMachineValidToJoin: 'TEMPLATEWIN2K3'
12/30 17:40:40 NetpGetLsaPrimaryDomain: status: 0x0
12/30 17:40:40 NetpMachineValidToJoin: status: 0x0
12/30 17:40:40 NetpJoinWorkgroup: joining computer 'TEMPLATEWIN2K3' to workgroup 'WORKGROUP'
12/30 17:40:40 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:40:40 NetpCheckNetBiosNameNotInUse: for 'WORKGROUP' returned: 0x858
12/30 17:40:40 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x858
12/30 17:40:40 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:40:40 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
12/30 17:40:40 NetpControlServices: open service 'NETLOGON' failed: 0x424
12/30 17:40:40 NetpJoinWorkgroup: status: 0x0
12/30 17:40:40 NetpDoDomainJoin: status: 0x0
12/30 17:41:05 -----------------------------------------------------------------
12/30 17:41:05 NetpValidateName: checking to see if 'TEMPLATEWIN2K3' is valid as type 1 name
12/30 17:41:05 NetpCheckNetBiosNameNotInUse for 'TEMPLATEWIN2K3' [MACHINE] returned 0x0
12/30 17:41:05 NetpValidateName: name 'TEMPLATEWIN2K3' is valid for type 1
12/30 17:41:10 -----------------------------------------------------------------
12/30 17:41:10 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:41:10 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
12/30 17:41:10 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:41:10 -----------------------------------------------------------------
12/30 17:41:10 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:41:10 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
12/30 17:41:10 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:41:10 -----------------------------------------------------------------
12/30 17:41:10 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:41:10 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
12/30 17:41:10 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:41:10 -----------------------------------------------------------------
12/30 17:41:10 NetpDoDomainJoin
12/30 17:41:10 NetpMachineValidToJoin: 'TEMPLATEWIN2K3'
12/30 17:41:10 NetpGetLsaPrimaryDomain: status: 0x0
12/30 17:41:10 NetpMachineValidToJoin: status: 0x0
12/30 17:41:10 NetpJoinWorkgroup: joining computer 'TEMPLATEWIN2K3' to workgroup 'WORKGROUP'
12/30 17:41:10 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
12/30 17:41:10 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
12/30 17:41:10 NetpValidateName: name 'WORKGROUP' is valid for type 2
12/30 17:41:10 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
12/30 17:41:10 NetpJoinWorkgroup: status: 0x0
12/30 17:41:10 NetpDoDomainJoin: status: 0x0
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpDoDomainJoin
01/10 15:07:50 NetpMachineValidToJoin: 'VMTEST19'
01/10 15:07:50 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:07:50 NetpMachineValidToJoin: status: 0x0
01/10 15:07:50 NetpJoinWorkgroup: joining computer 'VMTEST19' to workgroup 'WORK`GROUP'
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
01/10 15:07:50 NetpJoinWorkgroup: status: 0x0
01/10 15:07:50 NetpDoDomainJoin: status: 0x0
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 -----------------------------------------------------------------
01/10 15:07:50 NetpDoDomainJoin
01/10 15:07:50 NetpMachineValidToJoin: 'VMTEST19'
01/10 15:07:50 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:07:50 NetpMachineValidToJoin: status: 0x0
01/10 15:07:50 NetpJoinWorkgroup: joining computer 'VMTEST19' to workgroup 'WORKGROUP'
01/10 15:07:50 NetpValidateName: checking to see if 'WORKGROUP' is valid as type 2 name
01/10 15:07:50 NetpCheckNetBiosNameNotInUse for 'WORKGROUP' [ Workgroup as MACHINE] returned 0x0
01/10 15:07:50 NetpValidateName: name 'WORKGROUP' is valid for type 2
01/10 15:07:50 NetpSetLsaPrimaryDomain: for 'WORKGROUP' status: 0x0
01/10 15:07:50 NetpJoinWorkgroup: status: 0x0
01/10 15:07:50 NetpDoDomainJoin: status: 0x0
01/10 15:10:30 -----------------------------------------------------------------
01/10 15:10:30 NetpDoDomainJoin
01/10 15:10:30 NetpMachineValidToJoin: 'VMTEST19'
01/10 15:10:30 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:30 NetpMachineValidToJoin: status: 0x0
01/10 15:10:30 NetpJoinDomain
01/10 15:10:30 Machine: VMTEST19
01/10 15:10:30 Domain: MYDOMAIN.COM
01/10 15:10:30 MachineAccountOU: (NULL)
01/10 15:10:30 Account: ServerJoinDomain
01/10 15:10:30 Options: 0x23
01/10 15:10:30 OS Version: 5.2
01/10 15:10:30 Build number: 3790
01/10 15:10:30 ServicePack: Service Pack 2
01/10 15:10:30 NetpValidateName: checking to see if 'MYDOMAIN.COM' is valid as type 3 name
01/10 15:10:30 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN.COM' returned 0x0
01/10 15:10:30 NetpValidateName: name 'MYDOMAIN.COM' is valid for type 3
01/10 15:10:30 NetpDsGetDcName: trying to find DC in domain 'MYDOMAIN.COM', flags: 0x1020
01/10 15:10:35 NetpDsGetDcName: failed to find a DC having account 'VMTEST19: 0x525
01/10 15:10:35 NetpDsGetDcName: found DC '\\DC09.MYDOMAIN.COM' in the specified domain
01/10 15:10:36 NetpJoinDomain: status of connecting to dc '\\DC09.MYDOMAIN.COM': 0x0
01/10 15:10:36 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:36 NetpGetDnsHostName: Read NV Hostname: vmtest19
01/10 15:10:36 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: MYDOMAIN.COM
01/10 15:10:36 NetpLsaOpenSecret: status: 0xc0000034
01/10 15:10:36 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:36 NetpLsaOpenSecret: status: 0xc0000034
01/10 15:10:36 NetpJoinDomain: status of creating account: 0x0
01/10 15:10:38 NetpLdapBind: ldap_bind failed on \\DC09.MYDOMAIN.COM: 86: Auth Unknown
01/10 15:10:38 ldap_unbind status: 0x0
01/10 15:10:38 NetpSetDnsHostNameAndSpn: NetpLdapBind failed: 0x52b
01/10 15:10:38 NetpJoinDomain: status of setting DnsHostName and SPN: 0x52b
01/10 15:10:38 NetpJoinDomain: initiaing a rollback due to earlier errors
01/10 15:10:38 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:38 NetpManageMachineAccountWithSid: status of disabling account 'VMTEST19on '\\DC09.MYDOMAIN.COM': 0x0
01/10 15:10:38 NetpJoinDomain: rollback: status of deleting computer account: 0x0
01/10 15:10:38 NetpLsaOpenSecret: status: 0x0
01/10 15:10:38 NetpJoinDomain: rollback: status of deleting secret: 0x0
01/10 15:10:38 NetpJoinDomain: status of disconnecting from '\\DC09.MYDOMAIN.COM': 0x0
01/10 15:10:38 NetpDoDomainJoin: status: 0x52b
01/10 15:10:38 -----------------------------------------------------------------
01/10 15:10:38 NetpDoDomainJoin
01/10 15:10:38 NetpMachineValidToJoin: 'VMTEST19'
01/10 15:10:38 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:38 NetpMachineValidToJoin: status: 0x0
01/10 15:10:38 NetpJoinDomain
01/10 15:10:38 Machine: VMTEST19
01/10 15:10:38 Domain: MYDOMAIN.COM
01/10 15:10:38 MachineAccountOU: (NULL)
01/10 15:10:38 Account: ServerJoinDomain@MYDOMAIN.COM
01/10 15:10:38 Options: 0x23
01/10 15:10:38 OS Version: 5.2
01/10 15:10:38 Build number: 3790
01/10 15:10:38 ServicePack: Service Pack 2
01/10 15:10:38 NetpValidateName: checking to see if 'MYDOMAIN.COM' is valid as type 3 name
01/10 15:10:38 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN.COM' returned 0x0
01/10 15:10:38 NetpValidateName: name 'MYDOMAIN.COM' is valid for type 3
01/10 15:10:38 NetpDsGetDcName: trying to find DC in domain 'MYDOMAIN.COM', flags: 0x1020
01/10 15:10:43 NetpDsGetDcName: failed to find a DC having account 'VMTEST19: 0x525
01/10 15:10:43 NetpDsGetDcName: found DC '\\DC02.MYDOMAIN.COM' in the specified domain
01/10 15:10:44 NetpJoinDomain: status of connecting to dc '\\DC02.MYDOMAIN.COM': 0x0
01/10 15:10:44 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:44 NetpGetDnsHostName: Read NV Hostname: vmtest19
01/10 15:10:44 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: MYDOMAIN.COM
01/10 15:10:44 NetpLsaOpenSecret: status: 0xc0000034
01/10 15:10:44 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:44 NetpLsaOpenSecret: status: 0xc0000034
01/10 15:10:44 NetpJoinDomain: status of creating account: 0x0
01/10 15:10:44 NetpGetComputerObjectDn: Cracking DNS domain name MYDOMAIN.COM/ into Netbios on \\DC02.MYDOMAIN.COM
01/10 15:10:44 NetpGetComputerObjectDn: Crack results: name = MYDOMAIN\
01/10 15:10:44 NetpGetComputerObjectDn: Cracking account name MYDOMAIN\VMTEST19$ on \\DC02.MYDOMAIN.COM
01/10 15:10:44 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=VMTEST19,CN=Computers,DC=MYDOMAIN-nemc,DC=com
01/10 15:10:44 NetpModifyComputerObjectInDs: Initial attribute values:
01/10 15:10:44 DnsHostName = vmtest19.MYDOMAIN.COM
01/10 15:10:44 ServicePrincipalName = HOST/vmtest19.MYDOMAIN.COM HOST/VMTEST19
01/10 15:10:44 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
01/10 15:10:44 DnsHostName =
01/10 15:10:44 ServicePrincipalName =
01/10 15:10:44 NetpModifyComputerObjectInDs: Attribute values to set:
01/10 15:10:44 DnsHostName = vmtest19.MYDOMAIN.COM
01/10 15:10:44 ServicePrincipalName = HOST/vmtest19.MYDOMAIN.COM HOST/VMTEST19
01/10 15:10:44 ldap_unbind status: 0x0
01/10 15:10:44 NetpJoinDomain: status of setting DnsHostName and SPN: 0x0
01/10 15:10:44 NetpGetLsaPrimaryDomain: status: 0x0
01/10 15:10:44 NetpSetLsaPrimaryDomain: for 'MYDOMAIN' status: 0x0
01/10 15:10:44 NetpJoinDomain: status of setting LSA pri. domain: 0x0
01/10 15:10:44 NetpJoinDomain: status of managing local groups: 0x0
01/10 15:10:44 NetpJoinDomain: status of setting netlogon cache: 0x0
01/10 15:10:44 NetpJoinDomain: status of setting ComputerNamePhysicalDnsDomain to 'MYDOMAIN.COM': 0x0
01/10 15:10:45 NetpUpdateW32timeConfig: 0x0
01/10 15:10:45 NetpJoinDomain: status of disconnecting from '\\DC02.MYDOMAIN.COM': 0x0
01/10 15:10:45 NetpDoDomainJoin: status: 0x0
------
I tried googling the "Auth Unknown" error that it is throwing back but I didn't come up with any results. I do not want to manually modify the LMHOSTS file on the template just to force it to join the domain using a particular domain controller.
Any ideas?
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Have a look with this article discuss about the virtual machine created from an active domain controller may exhibit unexpected behavior.check if its resolve ur issue
http://kb.vmware.com/kb/1006996
Best regards, BharatR--VCP4-Certification #: 79230, If you find this information useful, please award points for "correct" or "helpful".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That article is for virtualizing a domain controller. I am merely joining a member server to the domain, that has been deployed from a Customization Template through VMware.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The workaround solution:
- Disable UAC
- Modify the c:\windows\system32\drivers\etc\LMHOSTS.sam file. Add in the following line to the end of the file:
- 10.10.10.10 DOMAINCONTROLLERNAMEHERE #PRE #DOM:DOMAINFQDN
- Copy the RecreateLMHOSTS.ps1 file into the template VM, onto c:\windows\system32
- Create a new Specifications File
- On the "Run Once" step of the customization file creation process, enter these settings:
o c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "& {Set-ExecutionPolicy Unrestricted}
o c:\windows\system32\WindowsPowerShell\v1.0\powershell.exe c:\windows\system32\RecreateLMHOSTS.ps1
RecreateLMHOSTS.ps1:
(Get-Content C:\windows\system32\drivers\etc\lmhosts.sam) |
Foreach-Object {$_ -replace "10.10.10.10 DOMAINCONTROLLERNAMEHERE #PRE #DOM:DOMAINFQDN", "# 10.10.10.10 DOMAINCONTROLLERNAMEHERE #PRE #DOM:DOMAINFQDN "} |
Set-Content C:\windows\system32\drivers\etc\lmhosts.sam
I am not able to reproduce this issue on either Windows 2003 or Windows 2008 (non-R2) server templates.