Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, June 15, 2018 8:29 AM
Hi
I have a problem with task sequence, with domain join.
We have multiple OU's and in one we face issue where workstations are not added to domain.
It seems that on this OU we have some ACL misconfigured, but I did duble check and permission are set the same.
Debug log says :
06/14/2018 12:17:11:365
06/14/2018 12:17:11:365 NetpDoDomainJoin
06/14/2018 12:17:11:365 NetpDoDomainJoin: using new computer names
06/14/2018 12:17:11:365 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
06/14/2018 12:17:11:365 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
06/14/2018 12:17:11:365 NetpMachineValidToJoin: 'BOR00002VM'
06/14/2018 12:17:11:365 NetpMachineValidToJoin: status: 0x0
06/14/2018 12:17:11:365 NetpJoinDomain
06/14/2018 12:17:11:365 HostName: bor00002vm
06/14/2018 12:17:11:365 NetbiosName: BOR00002VM
06/14/2018 12:17:11:365 Domain: contoso.xxx\DC-BOR.contoso.xxx
06/14/2018 12:17:11:365 MachineAccountOU: BOR
06/14/2018 12:17:11:365 Account: contoso\SCCM_AD_Join
06/14/2018 12:17:11:365 Options: 0x23
06/14/2018 12:17:11:365 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
06/14/2018 12:17:11:365 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
06/14/2018 12:17:11:365 NetpJoinDomainOnDs: status of connecting to dc '\DC-BOR.contoso.xxx': 0x0
06/14/2018 12:17:11:365 NetpJoinDomainOnDs: Passed DC 'DC-BOR.contoso.xxx' verified as DNS name '\DC-BOR.contoso.xxx'
06/14/2018 12:17:11:396 NetpDsGetDcName: status of verifying DNS A record name resolution for 'DC-BOR.contoso.xxx': 0x0
06/14/2018 12:17:11:396 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: contoso.xxx
06/14/2018 12:17:11:396 NetpProvisionComputerAccount:
06/14/2018 12:17:11:396 lpDomain: contoso.xxx
06/14/2018 12:17:11:396 lpHostName: bor00002vm
06/14/2018 12:17:11:396 lpMachineAccountOU: BOR
06/14/2018 12:17:11:396 lpDcName: DC-BOR.contoso.xxx
06/14/2018 12:17:11:396 lpMachinePassword: (null)
06/14/2018 12:17:11:396 lpAccount: contoso\SCCM_AD_Join
06/14/2018 12:17:11:396 lpPassword: (non-null)
06/14/2018 12:17:11:396 dwJoinOptions: 0x23
06/14/2018 12:17:11:396 dwOptions: 0x40000003
06/14/2018 12:17:11:411 NetpLdapBind: Verified minimum encryption strength on DC-BOR.contoso.xxx: 0x0
06/14/2018 12:17:11:411 NetpLdapGetLsaPrimaryDomain: reading domain data
06/14/2018 12:17:11:411 NetpGetNCData: Reading NC data
06/14/2018 12:17:11:411 NetpGetDomainData: Lookup domain data for: DC=contoso,DC=staples-solutions,DC=com
06/14/2018 12:17:11:411 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=contoso,DC=staples-solutions,DC=com
06/14/2018 12:17:11:411 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
06/14/2018 12:17:11:411 NetpCheckForDomainSIDCollision: returning 0x0(0).
06/14/2018 12:17:11:411 NetpGetComputerObjectDn: Cracking DNS domain name contoso.xxx/ into Netbios on \DC-BOR.contoso.xxx
06/14/2018 12:17:11:411 NetpGetComputerObjectDn: Crack results: name = contoso\
06/14/2018 12:17:11:411 NetpGetComputerObjectDn: Cracking account name contoso\BOR00002VM$ on \DC-BOR.contoso.xxx
06/14/2018 12:17:11:411 NetpGetComputerObjectDn: Crack results: Account does not exist
06/14/2018 12:17:11:411 NetpGetComputerObjectDn: ldap_compare_s failed: 0x22 0x57
06/14/2018 12:17:11:411 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x57
06/14/2018 12:17:11:411 NetpProvisionComputerAccount: LDAP creation failed: 0x57
06/14/2018 12:17:11:411 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
06/14/2018 12:17:11:427 ldap_unbind status: 0x0
06/14/2018 12:17:11:427 NetpJoinCreatePackagePart: status:0x57.
06/14/2018 12:17:11:427 NetpJoinDomainOnDs: Function exits with status of: 0x57
06/14/2018 12:17:11:427 NetpJoinDomainOnDs: status of disconnecting from '\DC-BOR.contoso.xxx': 0x0
06/14/2018 12:17:11:427 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
06/14/2018 12:17:11:427 NetpDoDomainJoin: status: 0x57
What did I miss, ony one can tell me what error 0x22 0x57 means ?
THX
All replies (6)
Friday, June 15, 2018 8:49 AM ✅Answered
Hi,
Machineobjectou looks a bit of, it should be entered like this, OU=Laptops,OU=Computers,OU=Test,DC=demiranda,DC=nu
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
Friday, June 15, 2018 1:16 PM
As Jörgen points out, you definitely need to specify the entire distinguished name for the OU. Additionally, when specifying an OU, you must use the FQDN of the domain and not just the NetBIOS domain name.
Jason | https://home.configmgrftw.com | @jasonsandys
Thursday, August 23, 2018 12:57 PM
Thank You for such quick answer, unfortunatly my company have multiple sites so in my case it's not that easy that I can point to single OU.
Thursday, August 23, 2018 1:52 PM
No one said that your issue has anything to do with multiple OUs, your explicit issue is that the format you are using to specify the OU is incorrect and needs to be the full DN of the OU.
That is no ways means that you are restricted to a single OU either as there are many ways to dynamically set the OU.
Jason | https://home.configmgrftw.com | @jasonsandys
Sunday, June 16, 2019 5:50 PM
where should I do this?
can some one help on this urgently
Prashanth Kumar System Center Administrator
Sunday, June 16, 2019 8:04 PM
Without knowing anything about what you're doing, no one can help you here. Tagging onto a year old post and not describing anything about your issue or scenario isn't going get you much help as we have no idea how to help you.
Also, if you need immediate assistance, then you should seek paid for assistance like a support case with Microsoft or a consultant that can directly help you.
Jason | https://home.configmgrftw.com | @jasonsandys