This doesn't seem possible BTW.... Bad OU specified 01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2 01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2 01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported 01/20/2012 10:53:01:232 ldap_unbind status: 0x0 01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of: 0x2 01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0 01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2 The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers container. Windows requires that the default OU be left unspecified, so if you want to put new desktops into the default Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the specified OU is: 01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local Verify the existence of the specified OU and confirm that it is not the top-level Computers container.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Marcum, John Sent: Thursday, October 30, 2014 1:05 PM To: mdtosd@lists.myitforum.com Subject: [MDT-OSD] OSD Domain Join Fails I've been successfully using the same task sequence to deploy Windows 7 for almost two years. Last week the AD guys added some new domain controllers. Now ~50% of the time my machines are failing to join the domain. I see some info in the netsetup.log but can't pin it down to a root cause. Anyone seen this before? 10/30/2014 10:28:54:735 ----------------------------------------------------------------- 10/30/2014 10:28:54:735 NetpDoDomainJoin 10/30/2014 10:28:54:735 NetpMachineValidToJoin: 'MYNEWCOMPUTERNAME' 10/30/2014 10:28:54:735 OS Version: 6.1 10/30/2014 10:28:54:735 Build number: 7601 (7601.win7sp1_gdr.140303-2144) 10/30/2014 10:28:54:735 ServicePack: Service Pack 1 10/30/2014 10:28:54:735 SKU: Windows 7 Enterprise 10/30/2014 10:28:54:735 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 10/30/2014 10:28:54:735 NetpGetLsaPrimaryDomain: status: 0x0 10/30/2014 10:28:54:735 NetpMachineValidToJoin: status: 0x0 10/30/2014 10:28:54:735 NetpJoinDomain 10/30/2014 10:28:54:735 Machine: MYNEWCOMPUTERNAME 10/30/2014 10:28:54:735 Domain: MYDOMAIN.com\FANCYNEWDC.MYDOMAIN.com 10/30/2014 10:28:54:735 MachineAccountOU: OU=Office 2013 Desktops,OU=Thick Desktop,OU=Physical,OU=Computers,OU=Unified Desktop,DC=MYDOMAIN,DC=com 10/30/2014 10:28:54:735 Account: MYDOMAIN\cmjoin 10/30/2014 10:28:54:735 Options: 0x23 10/30/2014 10:28:54:735 NetpLoadParameters: loading registry parameters... 10/30/2014 10:28:54:735 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 10/30/2014 10:28:54:735 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 10/30/2014 10:28:54:735 NetpLoadParameters: status: 0x2 10/30/2014 10:28:54:735 NetpValidateName: checking to see if 'MYDOMAIN.com' is valid as type 3 name 10/30/2014 10:28:54:735 NetpValidateName: 'MYDOMAIN.com' is not a valid NetBIOS domain name: 0x7b 10/30/2014 10:28:54:954 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN.com' returned 0x0 10/30/2014 10:28:54:954 NetpValidateName: name 'MYDOMAIN.com' is valid for type 3 10/30/2014 10:28:54:954 NetpJoinDomain: status of connecting to dc '\\FANCYNEWDC.MYDOMAIN.com': 0x0 10/30/2014 10:28:54:969 NetpJoinDomainOnDs: Passed DC 'FANCYNEWDC.MYDOMAIN.com' verified as DNS name '\\FANCYNEWDC.MYDOMAIN.com' 10/30/2014 10:28:54:969 NetpLoadParameters: loading registry parameters... 10/30/2014 10:28:54:969 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 10/30/2014 10:28:54:969 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 10/30/2014 10:28:54:969 NetpLoadParameters: status: 0x2 10/30/2014 10:28:54:969 NetpDsGetDcName: status of verifying DNS A record name resolution for 'FANCYNEWDC.MYDOMAIN.com': 0x0 10/30/2014 10:28:54:969 NetpProvisionComputerAccount: 10/30/2014 10:28:54:969 lpDomain: MYDOMAIN.com 10/30/2014 10:28:54:969 lpMachineName: MYNEWCOMPUTERNAME 10/30/2014 10:28:54:969 lpMachineAccountOU: OU=Office 2013 Desktops,OU=Thick Desktop,OU=Physical,OU=Computers,OU=Unified Desktop,DC=MYDOMAIN,DC=com 10/30/2014 10:28:54:969 lpDcName: FANCYNEWDC.MYDOMAIN.com 10/30/2014 10:28:54:969 lpDnsHostName: (NULL) 10/30/2014 10:28:54:969 lpMachinePassword: (null) 10/30/2014 10:28:54:969 lpAccount: MYDOMAIN\cmjoin 10/30/2014 10:28:54:969 lpPassword: (non-null) 10/30/2014 10:28:54:969 dwJoinOptions: 0x23 10/30/2014 10:28:54:969 dwOptions: 0x40000003 10/30/2014 10:28:57:247 NetpLdapBind: Verified minimum encryption strength on FANCYNEWDC.MYDOMAIN.com: 0x0 10/30/2014 10:28:57:247 NetpLdapGetLsaPrimaryDomain: reading domain data 10/30/2014 10:28:57:247 NetpGetNCData: Reading NC data 10/30/2014 10:28:57:247 NetpGetDomainData: Lookup domain data for: DC=MYDOMAIN,DC=com 10/30/2014 10:28:57:247 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=MYDOMAIN,DC=com 10/30/2014 10:28:57:247 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0 10/30/2014 10:28:57:247 NetpGetComputerObjectDn: Cracking DNS domain name MYDOMAIN.com/ into Netbios on \\FANCYNEWDC.MYDOMAIN.com<file:///\\FANCYNEWDC.MYDOMAIN.com> 10/30/2014 10:28:57:247 NetpGetComputerObjectDn: Crack results: name = MYDOMAIN\ 10/30/2014 10:28:57:247 NetpGetComputerObjectDn: Cracking account name MYDOMAIN\MYNEWCOMPUTERNAME$ on \\FANCYNEWDC.MYDOMAIN.com<file:///\\FANCYNEWDC.MYDOMAIN.com> 10/30/2014 10:28:57:247 NetpGetComputerObjectDn: Crack results: Account does not exist 10/30/2014 10:28:57:247 NetpGetComputerObjectDn: ldap_compare_s failed: 0x20 0x2 10/30/2014 10:28:57:247 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2 10/30/2014 10:28:57:247 NetpProvisionComputerAccount: LDAP creation failed: 0x2 10/30/2014 10:28:57:247 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported 10/30/2014 10:28:57:247 ldap_unbind status: 0x0 10/30/2014 10:28:57:247 NetpJoinDomainOnDs: Function exits with status of: 0x2 10/30/2014 10:28:57:247 NetpJoinDomainOnDs: status of disconnecting from '\\FANCYNEWDC.MYDOMAIN.com': 0x0 10/30/2014 10:28:57:247 NetpDoDomainJoin: status: 0x2 ________________________________ John Marcum MCITP, MCTS, MCSA Desktop Architect Bradley Arant Boult Cummings LLP ________________________________ [H_Logo] ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
