Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, June 11, 2014 12:08 AM
We are using SCCM 2012SP1 and having problems joining 1 specific model of laptop to the domain (HP 6560) which at first led me to think it was drivers but I had a constant ping going to our DC from an open command prompt on the machine as it imaged on this last attempt so I know it had network access. From the 1355 error what I can find is this is usually caused by not providing the full domain name but I grabbed the unattend.xml and it clearly shows the full domain
<component name="Microsoft-Windows-UnattendedJoin" language="neutral" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Username>theusername</Username>
<Domain>pacific</Domain>
<Password>thepassword</Password>
</Credentials>
<MachineObjectOU>OU=Admin,OU=10,OU=Branches,DC=pacific,DC=local</MachineObjectOU>
<JoinDomain>pacific.local</JoinDomain>
</Identification>
</component>
When I go look at the C:\windows\panther\setupact.log I see this
[Shell Unattend] Exiting 'specialize' pass with status 0x001f1000
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Begin
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Loading input parameters...
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: AccountData = [NULL]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: UnsecureJoin = [NULL]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: MachinePassword = [secret not logged]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: JoinDomain = [pacific.local]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: JoinWorkgroup = [NULL]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Domain = [pacific]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Username = [theusername]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Password = [secret not logged]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: MachineObjectOU =[OU=Admin,OU=10,OU=Branches,DC=pacific,DC=local]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: DebugJoin = [NULL]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: DebugJoinOnlyOnThisError = [NULL]
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Checking that auto start services have started.
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Joining domain [pacific.local]...
2014-06-02 14:30:40, Info [DJOIN.EXE] Unattended Join: Calling DsGetDcName for pacific.local...
2014-06-02 14:30:40, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:30:45, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:30:50, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:30:55, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:37:31, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:37:36, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
2014-06-02 14:37:41, Error [DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1355]
2014-06-02 14:37:41, Error [DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x54b
2014-06-02 14:37:41, Info [DJOIN.EXE] Unattended Join: Exit, returning 0x0
I manually tried djoin and if I only provide pacific as the domain it gives and error of the domain does not exist or cannot be contacted. If I use pacific.local it works.
So my question is how the heck do I fix this since it appears to be passing the correct values and it does have network access?
We are using Task Sequences and UDI I have looked through both and cannot find anywhere that it uses only the short name.
All replies (4)
Wednesday, June 11, 2014 2:39 AM
Not necessarily. 1355 = "The specified domain either does not exist or could not be contacted." This is a name resolution issue. This could be because the system does not have the proper NIC drivers, doesn't have the proper DNS configuration, doesn't have a proper IP address, or a number of other things.
Jason | http://blog.configmgrftw.com
Wednesday, June 11, 2014 4:14 AM
Not necessarily what? I did say I was pinging the DC in a command window on the system I was imaging the whole time during the image and join stages so I'm not sure how this could be a driver issue? I was pinging by name as well so doubt it's a lookup issue. After the failed join the system reboots and has network access as well. I fact it goes on to install a whole bunch of software packages. This seems unlikely to be a driver issue? How would I troubleshoot it as such since everything appears to be working?
Wednesday, June 11, 2014 5:33 AM
Did you ping the DC or the domain (pacific and pacific.local)? The latter has to work too.
Torsten Meringer | http://www.mssccmfaq.de
Wednesday, June 11, 2014 1:18 PM
I doubt you were pinging during the domain join stage as that actually happens during Windows Setup which happens during the Setup Windows and ConfigMgr task (and not the Apply Network Settings task which merely updates the unattend.xml). Thus, just because you were pining during the WinPE phase of the TS is meaningless because the drivers in the boot image have nothing to do with drivers in the image deployed which is where Windows Setup is initiated from.
You should be able to push Shift-F10 during Windows Setup however and check network connectivity at that time. After the task sequence finished though, did you check device manager and did you check for connectivity then as these would both be indicative of what was available during Windows Setup also.
Finally, yes it's possible there's something else going on, I just listed common possibilities. Others include a slow network, STP, and other network idiosyncrasies. And as Torsten pointed out, pinging a DC is the second half of joining a domain, the client has to find the domain first thus you need to be able to ping pacific.local first.
Jason | http://blog.configmgrftw.com