Join Domain - request AD computer cert - no MAC Server!

Hello,
I was able to join MAC Lion systems to the domain using the .mobileconfig file and now that I have upgraded to Mountain Lion I am trying to find the proper way to join these systems.  It looks like there is a nice easy method, but that appears to require Mountain Lion server.
Does anyone know how ot request a cert for a Mountain Lion system from a MS CA for a domain certificate?
The article I found only seems to Mountain Lion server:  http://support.apple.com/kb/HT5357
I don't see any profile/payload manager on the Mountain Lion macbook pro, so is this doc only good for servers?

Here is what I found helpful:
802.1x EAP-TLS Machine Authentication in Mt. Lion with AD Certificates
http://www.afp548.com/2012/11/20/802-1x-eaptls-machine-auth-mtlion-adcerts/
How to request a certificate from a Microsoft Certificate Authority using DCE/RPC and the Active Directory Certificate profile payload:
http://support.apple.com/kb/HT5357
I tripped up here becase my CA was named differently than the computer name.  If you open a command prompt on the windows CA and type the command certutil –cainfo you should see several peices of information that will make filling out The name of the CA straight forward.  You should use the Sanitized CA short name (DS name) for The name of the CA:
and certutil –cainfo will clearly show you that value.
One other thing to pay close attension to is you should use the Template name and not the Template display name for the Certificate Template field.  These can be different (see below).
Good luck!

Similar Messages

  • Bridge Mac server with Windows possible?

    Hello Everyone,
    Well I was tossed a big issue on my lap. Our servers are running Windows Server 2003 with a domain name of nt_domain which you could tell off the back it has an invaild character with the _ . A gentlemen before me found a bandaid of using this program called Likewise which allowed the Mac's to join the domain with the illegal character. He left me with an image of 10.7 with the Mac already configured. Well the new iMac's do not support 10.7 which my image is now worthless and 10.8 doesnt seem to like the Likewise program. The program gets an error when trying to join the domain and completely locks me out of the Mac and I mean LOCKS ME OUT because no reset password method works which forces me to reload the OS. I have no idea what to do because our network team doesn't seem to care about the issue so they will no change the domain name. We have a Mac Server 10.6 and I was told that I could make my own domain on the server and bridge it to the Windows domain so the users could still have access to the network drives. Any suggestions????
    Thanks

    You probably have inadvertently set up SACL's.
    In server admin
    Select the server.
    Click the Access button at the top.
    Click the services button.
    Make sure that all services are available for all users.
    Or if you're keen, make sure that you have allowed access to SMB for the users in question.

  • Join computer in Domain and how to get Internet access in Joined domain computer

    Dear System Admins,
    Actually I am new to this forum and I need help. Let me explain you my scenario. Ours is a small company and I have configured Cisco router with dedicated Public IP. So the private IP default gateway is 192.168.50.254 and DNS is 218.56.43.22 "DNS is
    given by ISP". Now what I did is I have configured IP address to server 192.168.50.1/24. Default Gateway IPv4 address 192.168.50.254 DNS 218.56.43.22 on Windows domain server computer. Internet is up on Windows Server. Also I have setup Active directory
    successfully. Now I want Windows 7 computer to Join the domain and also it should be able to access to Internet. Let me know how to configure Windows 7 network properties and how to join domain. Please explain me in simple way step by step process. Thank you.

    Dear Arnav,
    I have configured DNS as  218.56.43.22 in windows server computer which has given by our ISP and
    internet is available in  server. For users who wants top join domain. I have configured IP details are as follows. 
    1. Windows 2008 Server IP details
    192.168.50.1
    255.255.255.0
    192.168.50.254
    DNS: 218.56.43.22 <--- Given by ISP with Dedicated Public IP
    Now comes the Windows 7 computer which has to be join in domain for that how should I have to configure Network properties of Windows 7 computer? let me know. Windows 7 IP details are as fallows:
    IPV4 address 192.168.50.2
    Subnet Mask 255.255.255.0
    Default GW   192.168.50.254
    What about DNS? What should I configure in DNS box network properties  for Windows 7 user. Shall I enter Windows Server IP details 192.168.50.1 or "DNS 218.56.43.22 <----which is given by ISP" . Let me know further procedure in order
    to "Windows 7 user join the domain as well as user should be able to access the Internet. At present I have only installed active directory in  widnows 2008 server. Whats Next? please feel free to ask me. Thank you.

  • Joining to domain on same computer account name

    Hi, 
    I have a critical server. I need to reinstall it with clean installation an same name. I don't have permissions to delete computer account from AD, but I have permissions to add to domain. If I remove server from domain reinstall it and will join to domain
    with same name. Does this can cause any issues? Do I have to delete server computer account before joining to domain?
    thank you, 

    Hi
    If you are reinstalling server and do not want to delete the existing computer account, you'll get error "Computer account usually exists already, and security on that account does not allow you to join — usually because the computer was joined
    previously by using different computer account credentials."(Assuming you did not joined it to domain in present case). So you must first delete the existing account or get full permissions on the account.
    If you receive the error "Failure to create a computer account," it usually means that either the account already exists or that there are insufficient access rights available to the user who is trying to join. Table 10.8 shows the error codes
    that come under this category.
    Table   10.8    "
    Failure to create a computer account " Error Codes
    Description
    Actual Error
    Error Code
    Computer account usually exists already, and security on that account does not allow you to join — usually because the computer was joined previously by using different computer account credentials.
    ERROR_ACCESS_DENIED
    5
    The user has joined so many computers that he has exceeded the default per user computer quota (by default, 10).
    ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED
    8557
    The specified user already exists.
    ERROR_USER_EXISTS
    2224
    Also pls refer the article for in-depth details :
    Join and Authentication Issues
    http://technet.microsoft.com/en-us/library/cc961817.aspx
    Hope this helps. :)
    Thanks

  • OVM Server takes long time to boot up - gets stuck for minutes after joining domain

    Server takes a long time to reboot. Seems to get stuck for 8-10 minutes every time after joining domain.
    See below extract from /var/log/messages:-
    Feb 1 16:39:49 svrshir441 kernel: OCFS2 1.8.0
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000E5144BF336A244A4 ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,4) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB00000500000328DE591E03F0DB ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,2) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB000005000024F2772BB88DAA6A ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,5) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000B8721C8850D2C515 ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,1) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000EE77A2D3C8C7383B ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,0) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain 0004FB0000050000B96BA1B4B79D765E ( 0 1 2 ) 3 nodes
    Feb 1 16:39:49 svrshir441 kernel: ocfs2: Mounting device (252,3) on (node 1, slot 2) with ordered data mode.
    Feb 1 16:39:49 svrshir441 kernel: o2dlm: Joining domain ovm ( 0 1 2 ) 3 nodes
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_BRM_status_show: BRM attribute is only forwarpdrive
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_host_trace_buffer_show: host_trace_buffer is not registered
    Feb 1 16:47:22 svrshir441 kernel: mpt2sas0: _ctl_host_trace_buffer_size_show: host_trace_buffer is not registered
    Feb 1 16:47:22 svrshir441 kernel: qla2xxx [0000:30:00.0]-1020:7: **** Failed mbx[0]=4006
    No idea why it seems to pause for 8 minutes.

    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:162) cluster debug: {'/sys/kernel/debug/o2dlm': [], '/sys/kernel/debug/o2net': ['connected_n
    odes', 'stats', 'sock_containers', 'send_tracking'], '/sys/kernel/debug/o2hb': ['0004FB0000050000E5144BF336A244A4', 'failed_regions'
    , 'quorum_regions', 'live_regions', 'livenodes'], 'service o2cb status': 'Driver for "configfs": Loaded\nFilesystem "configfs": Moun
    ted\nStack glue driver: Loaded\nStack plugin "o2cb": Loaded\nDriver for "ocfs2_dlmfs": Loaded\nFilesystem "ocfs2_dlmfs": Mounted\nCh
    ecking O2CB cluster "8cd10008859eaf59": Online\n  Heartbeat dead threshold: 61\n  Network idle timeout: 60000\n  Network keepalive d
    elay: 2000\n  Network reconnect delay: 2000\n  Heartbeat mode: Global\nChecking O2CB heartbeat: Active\n  0004FB0000050000E5144BF336
    A244A4 /dev/dm-4\nNodes in O2CB cluster: 0 1 2 \n'}
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:162) cluster debug: {'/sys/kernel/debug/o2dlm': [], '/sys/kernel/debug/o2net': ['connected_n
    odes', 'stats', 'sock_containers', 'send_tracking'], '/sys/kernel/debug/o2hb': ['0004FB0000050000E5144BF336A244A4', 'failed_regions'
    , 'quorum_regions', 'live_regions', 'livenodes'], 'service o2cb status': 'Driver for "configfs": Loaded\nFilesystem "configfs": Moun
    ted\nStack glue driver: Loaded\nStack plugin "o2cb": Loaded\nDriver for "ocfs2_dlmfs": Loaded\nFilesystem "ocfs2_dlmfs": Mounted\nCh
    ecking O2CB cluster "8cd10008859eaf59": Online\n  Heartbeat dead threshold: 61\n  Network idle timeout: 60000\n  Network keepalive d
    elay: 2000\n  Network reconnect delay: 2000\n  Heartbeat mode: Global\nChecking O2CB heartbeat: Active\n  0004FB0000050000E5144BF336
    A244A4 /dev/dm-4\nNodes in O2CB cluster: 0 1 2 \n'}
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:270) Trying to mount /dev/mapper/360080e500036115200000b315294458d to /poolfsmnt/0004fb00000
    50000e5144bf336a244a4
    [2015-02-01 16:38:23 9555] DEBUG (ocfs2:295) /dev/mapper/360080e500036115200000b315294458d mounted to /poolfsmnt/0004fb0000050000e51
    44bf336a244a4
    [2015-02-01 16:38:24 10441] INFO (notificationserver:213) NOTIFICATION SERVER STARTED
    [2015-02-01 16:38:24 10443] INFO (remaster:140) REMASTER SERVER STARTED
    [2015-02-01 16:38:24 10444] INFO (monitor:23) MONITOR SERVER STARTED
    [2015-02-01 16:38:24 10447] INFO (ha:89) HA SERVER STARTED
    [2015-02-01 16:38:24 10448] INFO (stats:26) STAT SERVER STARTED
    [2015-02-01 16:38:24 10451] INFO (xmlrpc:307) Oracle VM Agent XMLRPC Server started.
    [2015-02-01 16:38:24 10451] INFO (xmlrpc:316) Oracle VM Server version: {'release': '3.2.8', 'date': '201404161506', 'build': '736'}
    , hostname: svrshir441, ip: 10.90.17.41
    [2015-02-01 16:38:24 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:38:24 10441] DEBUG (notificationserver:239) Connected to manager.
    [2015-02-01 16:38:25 10441] INFO (notificationserver:267) Service started.
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdb-7:0:0:0 (unde
    f:0x20470080e5361152:360080e500036115200000b315294458d)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdh-9:0:0:0 (acti
    ve:0x20460080e5361152:360080e500036115200000b315294458d)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdd-7:0:0:2 (unde
    f:0x20470080e5361152:360080e500036115200000b36529447cb)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdj-9:0:0:2 (acti
    ve:0x20460080e5361152:360080e500036115200000b36529447cb)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdf-7:0:0:4 (unde
    f:0x20470080e5361152:360080e500036115200000b39529448ba)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdl-9:0:0:4 (acti
    ve:0x20460080e5361152:360080e500036115200000b39529448ba)
    [2015-02-01 16:38:25 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdc-7:0:0:1 (acti
    ve:0x20470080e5361152:360080e500037683a00000b1652944694)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdi-9:0:0:1 (unde
    f:0x20460080e5361152:360080e500037683a00000b1652944694)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sde-7:0:0:3 (acti
    ve:0x20470080e5361152:360080e500037683a00000b18529448bf)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdk-9:0:0:3 (unde
    f:0x20460080e5361152:360080e500037683a00000b18529448bf)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdg-7:0:0:5 (acti
    ve:0x20470080e5361152:360080e500037683a00000b1a529449ac)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_SD] sdm-9:0:0:5 (unde
    f:0x20460080e5361152:360080e500037683a00000b1a529449ac)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-5 (360080e5000
    36115200000b39529448ba)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-1 (360080e5000
    36115200000b36529447cb)
    [2015-02-01 16:38:26 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-0 (360080e5000
    37683a00000b1652944694)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-2 (360080e5000
    37683a00000b18529448bf)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-3 (360080e5000
    37683a00000b1a529449ac)
    [2015-02-01 16:38:27 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:25 {STORAGE} [ADD_DM] dm-4 (360080e5000
    36115200000b315294458d)
    [2015-02-01 16:38:29 10444] DEBUG (monitor:36) Cluster state changed from [Unknown] to [DLM_Ready]
    [2015-02-01 16:38:29 10444] INFO (notification:47) Notification sent: {CLUSTER} {MONITOR} Cluster state changed from [Unknown] to [D
    LM_Ready]
    [2015-02-01 16:38:29 10441] INFO (notificationserver:139) Sending notification: {CLUSTER} {MONITOR} Cluster state changed from [Unkn
    own] to [DLM_Ready]
    [2015-02-01 16:38:33 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:33 {NETWORK} net : ADD : eth4 (1)
    [2015-02-01 16:38:36 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:36 {NETWORK} net : ADD : eth5 (1)
    [2015-02-01 16:38:39 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:39 {NETWORK} net : ADD : eth6 (0)
    [2015-02-01 16:38:42 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:42 {NETWORK} net : ADD : eth7 (1)
    [2015-02-01 16:38:45 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:45 {NETWORK} net : ADD : eth0 (1)
    [2015-02-01 16:38:48 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:48 {NETWORK} net : ADD : eth1 (1)
    [2015-02-01 16:38:51 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:51 {NETWORK} net : ADD : eth2 (0)
    [2015-02-01 16:38:54 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:54 {NETWORK} net : ADD : eth3 (1)
    [2015-02-01 16:38:57 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:38:57 {NETWORK} net : ADD : bond0 (1)
    [2015-02-01 16:39:00 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:00 {NETWORK} net : ADD : bond1 (1)
    [2015-02-01 16:39:03 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:03 {NETWORK} net : ADD : bond1.590 (1)
    [2015-02-01 16:39:06 10441] INFO (notificationserver:139) Sending notification: Feb  1 16:39:06 {NETWORK} net : ADD : bond1.90 (1)
    [2015-02-01 16:40:56 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) None&c=8&s=
    1422808694292&lb=p&t=2&p=%3Ccom.oracle.odof.OdofIdentifier%3E%3Clong%3E943%3C%2Flong%3E%3C%2Fcom.oracle.odof.OdofIdentifier%3E%2Ccom
    pareTo%2Cjava.lang.Object%2CNone%2C5'
    [2015-02-01 16:41:05 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:41:26 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:41:47 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:05 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:26 10441] ERROR (notificationserver:124) Error sending stats notification: 'Invalid URL Request (send) https://10.
    90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1767abc
    [2015-02-01 16:42:26 10441] INFO (notificationserver:276) Service stopped.
    [2015-02-01 16:42:26 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:42:29 10441] ERROR (notificationserver:244) Error initializing notification server: 'Invalid URL Request (send) https
    ://10.90.17.43:7002/ovm/core/OVMManagerCoreServlet&c=1&s=-1&lb=p&t=2&p=e02400aa0010ffffffffffffff200008%2Cc58171c45d024e7c9de519aaf1
    767abc'
    [2015-02-01 16:42:45 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:42:59 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:43:05 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:43:25 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:43:32 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:43:45 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:02 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:44:05 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:25 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:32 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:44:46 10448] ERROR (notification:44) Unable to send notification: (111, 'Connection refused')
    [2015-02-01 16:44:53 11242] DEBUG (service:76) call start: discover_server
    [2015-02-01 16:44:54 11242] DEBUG (service:76) call complete: discover_server
    [2015-02-01 16:45:02 10441] DEBUG (notificationserver:237) Trying to connect to manager.
    [2015-02-01 16:45:02 10441] DEBUG (notificationserver:239) Connected to manager.
    [2015-02-01 16:45:03 10441] INFO (notificationserver:267) Service started.
    [2015-02-01 16:47:22 11455] DEBUG (service:76) call start: get_api_version
    [2015-02-01 16:47:22 11455] DEBUG (service:76) call complete: get_api_version
    [2015-02-01 16:47:22 11456] DEBUG (service:76) call start: discover_server
    [2015-02-01 16:47:22 11456] DEBUG (service:76) call complete: discover_server
    [2015-02-01 16:47:22 11470] DEBUG (service:76) call start: discover_hardware
    [2015-02-01 16:47:23 11470] DEBUG (service:76) call complete: discover_hardware
    [2015-02-01 16:47:23 11497] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:47:23 11497] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:47:24 11498] DEBUG (service:76) call start: discover_storage_plugins
    [2015-02-01 16:47:24 11498] DEBUG (service:76) call complete: discover_storage_plugins
    [2015-02-01 16:47:24 11501] DEBUG (service:74) call start: discover_physical_luns('',)
    [2015-02-01 16:47:25 11501] DEBUG (service:76) call complete: discover_physical_luns
    [2015-02-01 16:47:25 11523] DEBUG (service:74) call start: discover_physical_luns('360080e500036115200000b315294458d 360080e50003611
    5200000b36529447cb 360080e500037683a00000b1652944694 360080e500036115200000b39529448ba 360080e500037683a00000b18529448bf 360080e5000
    36115200000b315294458d 360080e500037683a00000b1a529449ac 360080e500036115200000b36529447cb 360080e500037683a00000b1652944694 360080e
    500036115200000b39529448ba 360080e500037683a00000b18529448bf 360080e500037683a00000b1a529449ac',)
    [2015-02-01 16:47:25 11523] DEBUG (service:76) call complete: discover_physical_luns
    [2015-02-01 16:47:26 11545] DEBUG (service:76) call start: discover_repository_db
    [2015-02-01 16:47:26 11545] DEBUG (service:76) call complete: discover_repository_db
    [2015-02-01 16:47:26 11546] DEBUG (service:74) call start: storage_plugin_listMountPoints('oracle.ocfs2.OCFS2.OCFS2Plugin', {'status
    ': '', 'admin_user': '', 'admin_host': '', 'uuid': '0004fb000009000090ee9ab5a5966c67', 'total_sz': 0, 'admin_passwd': '******', 'fre
    e_sz': 0, 'name': '0004fb000009000090ee9ab5a5966c67', 'access_host': '', 'storage_type': 'FileSys', 'alloc_sz': 0, 'access_grps': []
    , 'used_sz': 0, 'storage_desc': ''})
    [2015-02-01 16:47:26 11546] INFO (storageplugin:109) storage_plugin_listMountPoints(oracle.ocfs2.OCFS2.OCFS2Plugin)
    [2015-02-01 16:47:27 11546] DEBUG (service:76) call complete: storage_plugin_listMountPoints
    [2015-02-01 16:47:27 11573] DEBUG (service:76) call start: get_yum_config
    [2015-02-01 16:47:27 11573] DEBUG (service:76) call complete: get_yum_config
    [2015-02-01 16:47:27 11574] DEBUG (service:76) call start: discover_cluster
    [2015-02-01 16:47:27 11574] DEBUG (service:76) call complete: discover_cluster
    [2015-02-01 16:48:53 11703] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:48:53 11703] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:48:53 11704] DEBUG (service:74) async call start: start_vm('0004fb00000300001e5b01d4a4cb6426', '0004fb0000060000eff93
    af0676e8c83')
    [2015-02-01 16:48:53 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-eff9-3af0676e8c83 {START
    [2015-02-01 16:48:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-eff9-3af0676e8c83 {VNC}
    5900
    [2015-02-01 16:48:54 11706] DEBUG (base:269) async call complete: func: start_vm pid: 11706 status: 0 output:
    [2015-02-01 16:48:54 11706] INFO (notification:47) Notification sent: {ASYNC_PROC} exit PID 11706
    [2015-02-01 16:48:54 10441] INFO (notificationserver:139) Sending notification: {ASYNC_PROC} exit PID 11706
    [2015-02-01 16:48:55 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000eff93af0676e8c83 {SSLVNC} 6
    900
    [2015-02-01 16:48:55 11958] DEBUG (service:74) call start: configure_vm_ha('0004fb00000300001e5b01d4a4cb6426', '0004fb0000060000eff9
    3af0676e8c83', True)
    [2015-02-01 16:48:56 11958] DEBUG (service:76) call complete: configure_vm_ha
    [2015-02-01 16:48:56 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000eff93af0676e8c83 {SSLTTY} 7
    900
    [2015-02-01 16:50:01 12075] DEBUG (service:76) call start: discover_network
    [2015-02-01 16:50:01 12075] DEBUG (service:76) call complete: discover_network
    [2015-02-01 16:50:01 12076] DEBUG (service:74) async call start: start_vm('0004fb0000030000ba5b6d02faa88c44', '0004fb0000060000fd7d7
    ad27e9d7b63')
    [2015-02-01 16:50:02 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {START
    [2015-02-01 16:50:02 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VNC}
    5901
    [2015-02-01 16:50:02 12078] DEBUG (base:269) async call complete: func: start_vm pid: 12078 status: 0 output:
    [2015-02-01 16:50:02 12078] INFO (notification:47) Notification sent: {ASYNC_PROC} exit PID 12078
    [2015-02-01 16:50:03 10441] INFO (notificationserver:139) Sending notification: {ASYNC_PROC} exit PID 12078
    [2015-02-01 16:50:03 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000fd7d7ad27e9d7b63 {SSLVNC} 6
    901
    [2015-02-01 16:50:04 12516] DEBUG (service:74) call start: configure_vm_ha('0004fb0000030000ba5b6d02faa88c44', '0004fb0000060000fd7d
    7ad27e9d7b63', True)
    [2015-02-01 16:50:04 12516] DEBUG (service:76) call complete: configure_vm_ha
    [2015-02-01 16:50:04 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb0000060000fd7d7ad27e9d7b63 {SSLTTY} 7
    902
    [2015-02-01 16:50:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VMAPI
    } VMAPIEvent {"VMAPIEvent":{"severity":5,"subsystem":"OVMSvcSS","process":"OVMSvc","type":"system","payload":{"type":"alive","alive"
    :{"hostname":"GIS-DB-SVR1","domainName":"gloscc.gov.uk","osType":"Windows","osVersion":"Windows Server 2008 R2 Service Pack 1","kern
    elVersion":"6.1.7601.18700","arch":"AMD64","guestType":"PVHVM","guestDriverVersion":"3.2.2.0","vmapiVersion":"100"}}}}
    [2015-02-01 16:50:54 10441] INFO (notificationserver:139) Sending notification: {DOMAIN} 0004fb00-0006-0000-fd7d-7ad27e9d7b63 {VMAPI
    } VMAPIEvent {"VMAPIEvent":{"severity":5,"subsystem":"OVMSvcSS","process":"OVMSvc","type":"system","payload":{"type":"IPChange","IPC
    hange":{"intrface":"Oracle VM Virtual Ethernet Adapter","mac":"0021f6000001","ipv4info":{"ipinfo":[{"address":"10.90.0.66","netmask"
    :"255.255.255.0","gateway":"","mtu":1500,"speed":1000000000}]},"ipv6info":{"ipinfo":[{"address":"fe80::993f:d5f4:599d:fa4%14","netma
    sk":"255.255.255.0","gateway":"","mtu":1500,"speed":1000000000}]}}}}}

  • Windows 8.1 joining domain

    Fails to join domain with error:
    Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.
    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "hali88.org":
    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)
    The query was for the SRV record for _ldap._tcp.dc._msdcs.hali88.org
    Common causes of this error include the following:
    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured
    to use DNS servers with the following IP addresses:
    10.10.10.1
    - One or more of the following zones do not include delegation to its child zone:
    hali88.org
    org
    . (the root zone
    Joining domain with Windows 7 64bit works fine.

    WIN7
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : HP-AST0000467
       Primary Dns Suffix  . . . . . . . : hali88.org
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : hali88.org
    Ethernet adapter Local Area Connection:
       Connection-specific DNS Suffix  . : hali88.org
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 6C-3B-E5-30-4F-6A
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::b811:b004:6a95:1628%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.164(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, March 17, 2014 9:40:49 AM
       Lease Expires . . . . . . . . . . : Tuesday, March 25, 2014 9:40:51 AM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.65
       DHCPv6 IAID . . . . . . . . . . . : 275528677
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-E0-0E-D7-6C-3B-E5-30-4F-6A
       DNS Servers . . . . . . . . . . . : 192.168.1.65
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Tunnel adapter isatap.hali88.org:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : hali88.org
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 12:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 9:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    WIN81
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : AST0000466
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    Wireless LAN adapter Local Area Connection* 11:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
       Physical Address. . . . . . . . . : 1A-D2-24-31-BD-CC
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    Ethernet adapter Bluetooth Network Connection:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 48-D2-24-32-03-86
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    Ethernet adapter Ethernet:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
       Physical Address. . . . . . . . . : 00-8C-FA-6C-5A-43
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::9578:3910:989:e14d%4(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.10.10.3(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, March 17, 2014 6:46:24 AM
       Lease Expires . . . . . . . . . . : Tuesday, March 18, 2014 6:46:24 AM
       Default Gateway . . . . . . . . . : 10.10.10.1
       DHCP Server . . . . . . . . . . . : 10.10.10.1
       DHCPv6 IAID . . . . . . . . . . . : 251694330
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-A6-E2-6D-00-8C-FA-6C-5A-43
       DNS Servers . . . . . . . . . . . : 10.10.10.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    Wireless LAN adapter Wi-Fi:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Qualcomm Atheros AR956x Wireless Network Adapter
       Physical Address. . . . . . . . . : 48-D2-24-31-BD-CC
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{3137AE13-57A6-47D2-9B53-D70D67F464FC}:
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Local Area Connection* 2:
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:34e3:39b1:b49c:ea41(Preferred)
       Link-local IPv6 Address . . . . . : fe80::34e3:39b1:b49c:ea41%9(Preferred)
       Default Gateway . . . . . . . . . : ::
       DHCPv6 IAID . . . . . . . . . . . : 150994944
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-A6-E2-6D-00-8C-FA-6C-5A-43
       NetBIOS over Tcpip. . . . . . . . : Disabled
    NSLOOKUP:
    WIN7 SYSTEM:
    Default Server: haliserv2.hali88.org
    Address: 192.168.1.65
    WIN81 system:
    DNS request timed out
    Default server: Unknown
    Address: 10.10.10.1
    Active Directory entries verified.
    AST0000466
    User and password verified.
    DCDIAG WIN81
    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "haliserv2.hali88.org":
    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)
    The query was for the SRV record for _ldap._tcp.dc._msdcs.haliserv2.hali88.org
    Common causes of this error include the following:
    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured
    to use DNS servers with the following IP addresses:
    10.10.10.1
    - One or more of the following zones do not include delegation to its child zone:
    haliserv2.hali88.org
    hali88.org
    org
    . (the root zone)

  • Domain Controlling: Windows XP Machine to Mac OSX Server

    We have a Mac OSX 10.6 Server and it runs our DNS and we want it to serve as a PDC, We are trying to connect a windows computer to it. When setting the windows computer to the specified domain it prompts for the Username and Password which is correctly entered and accepted, however it loads an error afterwards saying "specified domain does not exist or could not be contacted".
    Any idea's? Would this be something to do with an SRV record?
    It is the correct username and password as it definately aithenticates - When we type an incorrect password it tells us that it is incorrect. Also, the network firewall is open.
    Any response appreciated,
    Thanks.

    Hi Guys,
    Here is more info on my SMB configuration, I still can't join a Windows XP machine to OS X Server 10.5.3 PDC. Hope this configuration helps in anyway.
    smb:realm = "GRIDIRON01.OT.GRIDIRONINTERNAL.COM"
    smb:logon drive = "H:"
    smb:logon path = "\\%N\profiles\%u"
    smb:workgroup = "pctopia"
    smb:wins support = yes
    smb:map to guest = "Never"
    smb:enable print services = "yes"
    smb:wins server = emptyarray
    smb:security = "USER"
    smb:server string = "gridiron01"
    smb:ntlm auth = "yes"
    smb:netbios name = "gridiron01"
    smb:max smbd processes = 0
    smb:os level = 65
    smb:preferred master = yes
    smb:add user script = "/usr/bin/opendirectorypdbconfig -c createuseraccount -r %u -n /LDAPv3/127.0.0.1"
    smb:lanman auth = "yes"
    smb:domain logons = yes
    smb:domain master = yes
    smb:use spnego = yes
    smb:use kerberos keytab = yes
    smb:adminCommands:homes = yes
    smb:adminCommands:serverRole = "primarydomaincontroller"
    smb:adminCommands:ldapRole = "1.1 - hosting a master LDAP directory server\n"
    smb:auth methods = "odsam"
    smb:dos charset = "CP437"
    smb:enable disk services = "yes"
    smb:log level = 1
    smb:add machine script = "/usr/bin/opendirectorypdbconfig -c createcomputeraccount -r %u -n /LDAPv3/127.0.0.1"

  • Windows 8.1 Pro has error while joining domain, while windows 7 pro has no problem to join in the same network

    I am having the same issue as posted in http://social.technet.microsoft.com/Forums/windows/en-US/6ea57e5f-6e9d-49bd-9dd7-832ea84c0276/windows-81-pro-will-not-join-domain?forum=w8itpronetworking
    There are a few other people have the same issues.  However there was no real solution provided although the post was marked as answered.  I am posting it here again and hopefully I can get some help to solve this issue.
    We got two new PCs, one with windows 7 and the other with windows 8.1 Pro.  In the same network with domain, the windows 7 pc has no problem at all to join the domain.  However the windows 8.1 Pro won't join the domain. On the windows 8.1 Pro computer,
    I can ping the other computers in the network.  The error message says:
    An Active Directory Domain Controller (AD DC) for the domain "cmi" could not be contacted. ...
    In my case, the domain name is "CMI".  I am sure the DNS setting is correct.  What did I do wrong?  Any help is greatly appreciated.  Thanks.

    I tried the solution in that article.
    In HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters folder, there is no
    NeutralizeNT4Emulator.  So I followed the instructions and created one, and set the value to 1. Then I restarted the computer and tried to join the domain again.  I got the same error.  Below is more from the netsetup log file:
    06/04/2014 21:36:37:256 -----------------------------------------------------------------
    06/04/2014 21:36:37:256 NetpValidateName: checking to see if 'XPS8700' is valid as type 1 name
    06/04/2014 21:36:40:256 NetpCheckNetBiosNameNotInUse for 'XPS8700' [MACHINE] returned 0x0
    06/04/2014 21:36:40:256 NetpValidateName: name 'XPS8700' is valid for type 1
    06/04/2014 21:36:40:256 -----------------------------------------------------------------
    06/04/2014 21:36:40:256 NetpValidateName: checking to see if 'XPS8700' is valid as type 5 name
    06/04/2014 21:36:40:256 NetpValidateName: name 'XPS8700' is valid for type 5
    06/04/2014 21:36:40:256 -----------------------------------------------------------------
    06/04/2014 21:36:40:256 NetpValidateName: checking to see if 'cmi' is valid as type 3 name
    06/04/2014 21:36:40:272 NetpCheckDomainNameIsValid for cmi returned 0x54b, last error is 0x0
    06/04/2014 21:36:40:272 NetpCheckDomainNameIsValid [ Exists ] for 'cmi' returned 0x54b
    ----------------below is the error message from the pop up window
    Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
    The domain name "cmi" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.
    If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.
    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "cmi":
    The query was for the SRV record for _ldap._tcp.dc._msdcs.cmi
    The following domain controllers were identified by the query:
    cmi-dc2.cmi
    cmi-dc1.cmi
    However no domain controllers could be contacted.
    Thanks.

  • Windows 8.1 Pro Will Not Join Domain

    Hello,
    I know this a bit lengthy, but hopefully all the details will better help you guys understand my problem.
    We just purchased an HP Pavilion Windows 8.1 laptop for our office along with the Windows 8.1 Pro Pack upgrade. When I went to install the pro upgrade, it accepted my key and started the upgrade process, but before the install completed, an error was generated
    that stated "Something went wrong. " No error code was generated. I restarted the laptop, it did some updates, and when I logged back in, I checked under the computer properties and noticed that the OS version was changed to Windows 8.1 Pro with
    Media Center, so I assumed that it installed. I checked for corrupted files in the command prompt and no corrupted files were found.
    So, the next thing I tried to do was join the laptop to our domain. I have joined XPs, Vistas, and 7s with no problems, but for some reason, Windows 8.1 does not want to join the domain. Just to be clear, I have the laptop plugged in via ethernet and the
    wifi off, I checked that the DNS of the laptop matched the DNS of the server, and all firewalls have been disabled. It seems to find the domain, but when it asks for the credentials to join the server, it returns an error stating that the domain could not
    be contacted or information was entered incorrectly. I know I am entering the correct credentials because, just to test, I created a new user account on a different machine and used the credentials to join the server. I pinged the server from the laptop and
    vice-versa, and all packets were received with no errors, so I know that they are "seeing" each other. Also, If I join the laptop to a Workgroup instead of the domain, I am able to access the server using the same credentials that it will not accept
    when attempting to join the domain.
    I am baffled. Any help or suggestions will be much appreciated. Thanks!

    I had exactly the same issue as above.  When I rebooted my machine, it now shows that the upgrade to Pro Pack with media center is installed.
    Haven't tried adding to a domain yet...  will post an update when/if it fails.  No reply means it joined fine after rebooting it from a failed attempt as above.   I suspect that this had something to do with the fact that I had just logged
    on to the machine and ran setup for the first time.
    Reboot after setting up the computer for the first time, then proceed with the upgrade to 8.1 Pro Pack and I suspect that this issue won't occur.  

  • Domain Users are allowed by default to join domain

    Hi everyone !
    Recently i install Windows Server 2012 Standard
    Configure Active Directory Domain Services
    Create simple user "test1"
    then i go to windows 7 client and join domain with this "test1" user.
    and i shocked how is it possible that a simple domain user which is not a part of any domain admin or admin group and can join or rejoin domain successfully.
    Help me to get out of this how can i restrict simple domain user to join domain and why it was by default ?

    > then i go to windows 7 client and join domain with this "test1" user.
    By default, EVERY user can join up to 10 clients to the domain.
    > and i shocked how is it possible that a simple domain user which is not
     Why shocked? What's the issue when users join computers to the domain?
    > Help me to get out of this how can i restrict simple domain user to join
    > domain and why it was by default ?
    Create a GPO, link it to the domain, move it up to above "Default Domain
    Policy" and configure Computer - Policies - Windows Settings - Security
    Settings - Local Settings - User Rights Assignment: Add Workstations to
    the domain.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • Apply network settings join domain issues

    I create a default task sequence in CM 2012 R2. On the apply network settings there is the option to join the domain. If I select to join to the domain, there is an account to set.  I set the account and test the account (test button right there) and
    the test to ad succeeds.
    I then apply and close the task sequence.  if you go back into the task sequence, and check the account to join domain, the password is now much longer than the original (only dots shown of course) and if I click test, the test FAILS.
    I am not sure if that is the expected behavior or the root of my issue. 
    My issue is my machines are failing to join the domain.  Under Windows\Pather\UnattendGC, I see a log file with the error, failed to join domain, error code 5 (something like that).  When I look up that error, I see it means access denied. 
    Any ideas?

    The task sequence will never show the correct length of the password for security reasons, so that's the expected behavior.
    Could you share what permissions you've given that account?
    These are the permissions that I use:
    Scope: This Object and all descendant objects
    - Create Computer Objects
    - Delete Computer Objects
    Scope: Descendant Computer Objects
    - Read All Properties
    - Write All Properties
    - Read Permissions
    - Modify Permissions
    - Change Password
    - Reset Password
    - Validated write to DNS host name
    - Validated write to services principal name
    This will work for every kind of deployment scenario that you may have to use the account in.
    Regards,
    Nickolaj Andersen | www.scconfigmgr.com | @Nickolaja

  • Exist OSDComputerName then Join Domain, if not join workgroup

    I add OSDComputerName into Unknown Computer as below 
    Right Click "Unknown Computers" and choose Properties. Open Collection Variables tab.
    Click on the yellow star to add a new variable. 
    Type OSDComputerName
    http://www.gerryhampsoncm.blogspot.ie/2013/02/sccm-2012-sp1-step-by-step-guide-part_9487.html
    I created two tasks, one is join domain ,the other is join workgroup, but I don't know how to write the task sequence variable
    OSDComputerName = "" or Exist OSDComputerName or OSDComputerName = NULL???

    Nial's guide can be found here:
    http://www.windows-noob.com/forums/index.php?/topic/5542-how-can-i-easily-prompt-for-a-computer-name-in-configuration-manager-2012/
    So in short:
    Enable unknown computer support on your Distribution Point
    Add OSDComputerName -variable to 'All Unknown Computers' -collection, remove the checkmark of "Do not display this..." and do not add any value to it
    Deploy your task sequence to 'All Unknown Computers' -collection
    You will be prompted of OSDComputerName -variable during the TS
    Note that this only works for Unknown computers, those that don't show up in the console yet.

  • WDS Join Domain Error

    I have WDS setup and working fine as long as the person logging into the computer to be imaged is a "Domain Admin", but if not the automatic joining of the domain fails.  The user can then join the computer manually, so they do have rights.  There
    is something that is forcing the user to be a full Domain Admin.
    I have tried putting a different security group in the registry setting but it did not make a difference:
    HKLM\System\CurrentControlSet\Services\WDSServer\Providers\WDSPXE\Providers\BINLSVC\AutoApprove\<arch>\User
    The computer is pre-staged and works fine for a domain admin.  It all seems fine for other users, but does not join the domain.
    Does anybody know how to change this?
    Ryan

    Hi Mr Yuan Wang,
    I am having the same issue auto join domain. I am using answer file which was created through using WSIM in Win 2008 r2.
    Every thing went correct except up to the point joining the domain with domain user account(salim) i got the (The username or password is incorrect) error, here is the answer file:
    <?xml version="1.0" encoding="UTF-8"?>
    -<unattend xmlns="urn:schemas-microsoft-com:unattend">
    -<settings pass="specialize">
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-Shell-Setup">
    <ComputerName>PC</ComputerName>
    <ProductKey>2Y4WT-DHTBF-Q6MMK-KYK6X-VKM6G</ProductKey>
    <TimeZone>arab standard time</TimeZone>
    <RegisteredOwner>Salin</RegisteredOwner>
    <RegisteredOrganization/>
    </component>
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-UnattendedJoin">
    -<Identification>
    -<Credentials>
    <Domain>bintawfik,local</Domain>
    <Password>P@ssw8rd</Password>
    <Username>amjad</Username>
    </Credentials>
    <JoinDomain>bintawfik.local</JoinDomain>
    </Identification>
    </component>
    </settings>
    -<settings pass="oobeSystem">
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-International-Core">
    <InputLocale>en-us</InputLocale>
    <SystemLocale>en-us</SystemLocale>
    <UILanguage>en-us</UILanguage>
    <UILanguageFallback>en-us</UILanguageFallback>
    <UserLocale>en-us</UserLocale>
    </component>
    -<component language="neutral" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" versionScope="nonSxS" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" name="Microsoft-Windows-Shell-Setup">
    -<AutoLogon>
    -<Password>
    <Value>UABAAHMAcwB3ADgAcgBkAFAAYQBzAHMAdwBvAHIAZAA=</Value>
    <PlainText>false</PlainText>
    </Password>
    <Domain>bintawfik.local</Domain>
    <Enabled>true</Enabled>
    <LogonCount>99</LogonCount>
    <Username>Salim</Username>
    </AutoLogon>
    -<OOBE>
    <HideEULAPage>true</HideEULAPage>
    <NetworkLocation>Work</NetworkLocation>
    <ProtectYourPC>1</ProtectYourPC>
    <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
    </OOBE>
    -<UserAccounts>
    -<AdministratorPassword>
    <Value>UABAAHMAcwB3ADgAcgBkAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAUABhAHMAcwB3AG8AcgBkAA==</Value>
    <PlainText>false</PlainText>
    </AdministratorPassword>
    -<LocalAccounts>
    -<LocalAccount wcm:action="add">
    -<Password>
    <Value>UABAAHMAcwB3ADgAcgBkAFAAYQBzAHMAdwBvAHIAZAA=</Value>
    <PlainText>false</PlainText>
    </Password>
    <Description>Built-in Account</Description>
    <DisplayName>Admin/Power User Account</DisplayName>
    <Group>Administrators</Group>
    <Name>Test</Name>
    </LocalAccount>
    </LocalAccounts>
    -<DomainAccounts>
    -<DomainAccountList wcm:action="add">
    <Domain>bintawfik.local</Domain>
    -<DomainAccount wcm:action="add">
    <Group>Domain Users</Group>
    <Name>Salim</Name>
    </DomainAccount>
    </DomainAccountList>
    </DomainAccounts>
    </UserAccounts>
    <TimeZone>arab standard time</TimeZone>
    <RegisteredOwner>Salim</RegisteredOwner>
    </component>
    </settings>
    <cpi:offlineImage xmlns:cpi="urn:schemas-microsoft-com:cpi" cpi:source="wim://dc1/reminst/win7custom.wim#Win7_64_Ulti"/>
    </unattend>

  • Lion & Mountain Lion won't join domain

    Hi,
    We have a Windows Server 2008 R2 network, with OS X 10.8 Server and various Macs running 10.6, 10.7 and 10.8.
    However, we are having problems joining OS X Lion and Mountain Lion machines to the domain, while Snow Leopard Macs work fine.
    With Lion & ML, when we try and bind to the Windows Server domain, the following error is returned:
    "The authentication server could not be contacted (5200)"
    And
    "The authentication server could not be contacted" (without the error code)
    We have tried joining the domain using the IP address of the server, with no luck. The Macs can ping the domain controller and such. The domain controller also handles DNS, which is properly set in the DNS settings on the Macs.
    Our domain name is similiar to this: orgname-idcode
    All Servers, Macs are patched with the latest updates. We just can't understand why Snow Leopard works while the others fail.
    Any idea?
    Thanks.

    Hi ChrisU,
    It sounds like it may be DNS related.  Although this article is older and references 10.5, I would make sure the reverse lookups are in place per this article:
    Mac OS X v10.5: Verifying DNS consistency for Active Directory binding
    http://support.apple.com/kb/ht3394
    Also, this article will enable debugging logs for the Mac side of things, both AD and OD:
    Mac OS X Server v10.5, 10.6: Enabling Directory Service debug logging
    http://support.apple.com/kb/ht3186
    I hope this helps!
    - Ari

  • Microsoft Store Breaks After Joining Domain (2008)

    After joining a Windows 8 Pro Tablet to domain, store apps are no longer working.
    This is important to us for two reasons :
    1) Users must be able to use OneNote and Photo Apps
    2) Users must be able to access Domain shares and have access to the same files as his regular workstation
    All of this regardless of what user logs in.
    Currently active COMPUTER GPO :
    Enable Offline Files
    Enable Remote Desktop
    Local Admin Group to Domain Users
    NTP Client configuration
    Trusted Zones (Local Intranet/Shared Paths)
    Currently Active USER GPO :
    Map network Drives
    Create Folder Structure at logo on server (VBS)
    Folder Redirection (Desktop and Documents to Server. Favorites, Music, pictures and Video follow Documents)
    I've tried a few tricks found on google and technet, but I seem to only regain partial and temporary access to the store. Apps will open and close immediately (Store/Camera for example).
    Any suggestions would be appreciated and thank your for your time!

    Hi,
    If this issue occurs just after joining domain, you need check this policy:
    Computer Configuration/Windows Components/Store/Turn off the Store application
    If it is not this case, we can re-register Windows Store for a test:
    Fix Store App in Windows 8.1
    http://blogs.msdn.com/b/notime/archive/2013/10/18/fix-store-app-in-windows-8-1.aspx
    Alex Zhao
    TechNet Community Support

Maybe you are looking for

  • Changing from PC to Mac & want to retain my iTunes info

    Hey folks: I'm eager to switch from my PC to a Mac, but I can't figure out how to get my iTunes info from my PC into my Mac. I can access my music files, since they're on an external hard drive, and I've been able to successfully import the library,

  • What plugin do I need to open a PDF in InDesign?

    What plugin do I need to open a PDF in InDesign? I have twice lost my changes in an InDesignfile but I have saved in in PDF form.  I want to open it in InDesign but it says a plugin may be missing.

  • Pop Up Window and Drop Down Menu Question PLSS Help

    Hi Guys, Ne help would be appreciated I am designing a website in Dreamweaver, I need to know how to create a custom drop down menu. Is there anyway that instead of using the standard drop down menu, you can customize them e.g use an image instead. F

  • Migrating Oracle 10.2.0.4 to another site

    Hi Gurus, I´ll need to migrate an ORACLE Database to Another site (1000 miles away) and i need to know, what's the best practice to do that. I need to copy the entire database to a new server whith the minimum downtime and risk while the source datab

  • Which version of Lightroom will run on Windows XP?

    Which version of Lightroom would be suitable for my Laptop running on Windows XP Thx Peter