我已经查看了与此相关的其他问题,但没有一个能帮助我。我已经花了好几天时间在这个该死的无人值守的进程上,奇迹般地,我能够让它工作一次昨天,但是,唉,我犯了一个新手错误,在再次编辑文件之前没有备份它,现在尽管我花了几个小时处理它,但我还是无法让它再次工作。
以下是我得到的一些调试输出:
[DJOIN.EXE] Unattended Join: Begin
[DJOIN.EXE] Unattended Join: Loading input parameters...
[DJOIN.EXE] Unattended Join: AccountData = [NULL]
[DJOIN.EXE] Unattended Join: UnsecureJoin = [True]
[DJOIN.EXE] Unattended Join: MachinePassword = [secret not logged]
[DJOIN.EXE] Unattended Join: JoinDomain = [ad.domain.com]
[DJOIN.EXE] Unattended Join: JoinWorkgroup = [NULL]
[DJOIN.EXE] Unattended Join: Domain = [NULL]
[DJOIN.EXE] Unattended Join: Username = [NULL]
[DJOIN.EXE] Unattended Join: Password = [secret not logged]
[DJOIN.EXE] Unattended Join: MachineObjectOU = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoin = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoinOnlyOnThisError = [NULL]
[DJOIN.EXE] Unattended Join: TimeoutPeriodInMinutes = [NULL]
[DJOIN.EXE] Unattended Join: Checking that auto start services have started.
[DJOIN.EXE] Unattended Join: Calling DsGetDcName for ad.domain.com...
[DJOIN.EXE] Unattended Join: Constructed domain parameter [ad.domain.com\PDC.ad.domain.com]
[DJOIN.EXE] Unattended Join: NetJoinDomain attempt failed: 0x52e, will retry in 10 seconds...
在退出之前,最后一行会在过程中重复多次。
[DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1326]
[DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x52e
和...
NetUseAdd to \\PDC.ad.domain.com\IPC$ returned 1326
Trying add to \\PDC.ad.domain.com\IPC$ using NULL Session
NetpProvisionComputerAccount:
lpDomain: ad.domain.com
lpHostName: ComputerName
lpMachineAccountOU: (NULL)
lpDcName: PDC.ad.domain.com
lpMachinePassword: (non-null)
lpAccount: ad.domain.com\ComputerName$
lpPassword: (non-null)
dwJoinOptions: 0xe1
dwOptions: 0xc0000003
NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides
最后一行翻译为“身份信息无效”或“凭证无效”。
NetpJoinCreatePackagePart: status:0x52e
NetpAddProvisioningPackagePart: status:0x52e
NetpJoinDomainOnDs: Function exits with status of: 0x52e
NetpDoDomainJoin: status: 0x52e
我收到错误 1326 是无效凭据,但是,我正在使用带有 %machinepassword% 变量的不安全连接方法,所以我不确定为什么......
这是有问题的无人值守文件: 由于达到了 30k 字符的限制,所以删除了,反正现在也没什么用了
任何帮助都将不胜感激。我已经尝试了几十个分步指南和技术说明,它们全都相互矛盾,或者建议使用 MDT,或者根本就不清楚。如果有无人值守部署方面的专家读过这篇文章,我将永远感激你,如果你能指出这个可能是一个非常愚蠢的错误。
谢谢你!
编辑:我没有提及它,因为我认为该信息并不重要,但 WDS 服务器和 DC 都运行 2012 R2。
编辑2:正如下面的评论中提到的,这是将 UnsecureJoin 更改为 False 并在 UnattendJoin 组件下添加 Credentials 信息后的相关 NetSetup.log 信息:
11/11/2014 14:22:54:558 -----------------------------------------------------------------
11/11/2014 14:22:54:558 NetpDoDomainJoin
11/11/2014 14:22:54:558 NetpDoDomainJoin: using new computer names
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/11/2014 14:22:54:558 NetpMachineValidToJoin: 'IMAGE-TEST'
11/11/2014 14:22:54:558 OS Version: 6.3
11/11/2014 14:22:54:558 Build number: 9600 (9600.winblue_r3.140827-1500)
11/11/2014 14:22:54:589 SKU: Windows 8.1 Professionnel
11/11/2014 14:22:54:589 Architecture: 64-bit (AMD64)
11/11/2014 14:22:54:589 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/11/2014 14:22:54:589 NetpGetLsaPrimaryDomain: status: 0x0
11/11/2014 14:22:54:589 NetpMachineValidToJoin: status: 0x0
11/11/2014 14:22:54:589 NetpJoinDomain
11/11/2014 14:22:54:589 HostName: IMAGE-TEST
11/11/2014 14:22:54:589 NetbiosName: IMAGE-TEST
11/11/2014 14:22:54:589 Domain: ad.domain.com\PDC.ad.domain.com
11/11/2014 14:22:54:589 MachineAccountOU: (NULL)
11/11/2014 14:22:54:589 Account: domain\wdsclient
11/11/2014 14:22:54:589 Options: 0x23
11/11/2014 14:22:54:589 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:589 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:589 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/11/2014 14:22:54:589 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/11/2014 14:22:54:886 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:886 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/11/2014 14:22:54:886 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:886 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:886 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/11/2014 14:22:54:902 NetpProvisionComputerAccount:
11/11/2014 14:22:54:902 lpDomain: ad.domain.com
11/11/2014 14:22:54:902 lpHostName: IMAGE-TEST
11/11/2014 14:22:54:902 lpMachineAccountOU: (NULL)
11/11/2014 14:22:54:902 lpDcName: PDC.ad.domain.com
11/11/2014 14:22:54:902 lpMachinePassword: (null)
11/11/2014 14:22:54:902 lpAccount: domain\wdsclient
11/11/2014 14:22:54:902 lpPassword: (non-null)
11/11/2014 14:22:54:902 dwJoinOptions: 0x23
11/11/2014 14:22:54:902 dwOptions: 0x40000003
11/11/2014 14:22:54:917 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0
11/11/2014 14:22:54:917 NetpLdapGetLsaPrimaryDomain: reading domain data
11/11/2014 14:22:54:917 NetpGetNCData: Reading NC data
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:949 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
11/11/2014 14:22:54:949 NetpCheckForDomainSIDCollision: returning 0x0(0).
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking DNS domain name ad.domain.com/ into Netbios on \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results: name = domain\
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking account name domain\IMAGE-TEST$ on \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=IMAGE-TEST,CN=Computers,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Initial attribute values:
11/11/2014 14:22:54:964 objectClass = Computer
11/11/2014 14:22:54:964 SamAccountName = IMAGE-TEST$
11/11/2014 14:22:54:964 userAccountControl = 0x1000
11/11/2014 14:22:54:964 DnsHostName = IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964 ServicePrincipalName = HOST/IMAGE-TEST.ad.domain.com RestrictedKrbHost/IMAGE-TEST.ad.domain.com HOST/IMAGE-TEST RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964 unicodePwd = <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
11/11/2014 14:22:54:964 objectClass = top person organizationalPerson user computer
11/11/2014 14:22:54:964 SamAccountName = IMAGE-TEST$
11/11/2014 14:22:54:964 userAccountControl = 0x1000
11/11/2014 14:22:54:964 DnsHostName =
11/11/2014 14:22:54:964 ServicePrincipalName =
11/11/2014 14:22:54:964 unicodePwd = Account exists, resetting password: <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Attribute values to set:
11/11/2014 14:22:54:964 DnsHostName = IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964 ServicePrincipalName = HOST/IMAGE-TEST.ad.domain.com RestrictedKrbHost/IMAGE-TEST.ad.domain.com HOST/IMAGE-TEST RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964 unicodePwd = <SomePassword>
11/11/2014 14:22:54:980 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
11/11/2014 14:22:54:980 NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
11/11/2014 14:22:54:980 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: LDAP creation failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: Retrying downlevel per options
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: NetUserAdd on 'PDC.ad.domain.com' for 'IMAGE-TEST$' failed: 0x8b0
11/11/2014 14:22:54:995 SamOpenUser on 1639 failed with 0xc0000022
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: status of attempting to set password on 'PDC.ad.domain.com' for 'IMAGE-TEST$': 0x5
11/11/2014 14:22:54:995 NetpProvisionComputerAccount: retry status of creating account: 0x5
11/11/2014 14:22:54:995 ldap_unbind status: 0x0
11/11/2014 14:22:54:995 NetpJoinCreatePackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpAddProvisioningPackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: Function exits with status of: 0x5
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/11/2014 14:22:54:995 NetpDoDomainJoin: status: 0x5
11/11/2014 14:23:05:027 -----------------------------------------------------------------
我确实注意到了“INSUFF_ACCESS_RIGHTS”标签,但使用的帐户是域管理员帐户,因此我不确定这里可能还有其他什么原因。您有什么看法?
编辑 3:此外,我用来测试此操作的客户端计算机是 Hyper-V VM,在进行映像之前有一个检查点。我还原机器,从 AD 中删除对象,清除 WDS 服务器上已批准的设备,然后每当无人值守安装不起作用时,我都会重新启动整个过程。同样,我认为这并不相关,但这是我可以提供的所有信息。
编辑 4:我想我开始明白发生了什么。无人值守操作后,我尝试使用我在无人值守文件中指定的相同帐户信息将工作站添加到域,结果却收到以下错误消息:
"The join operation was not successful. This could be because an existing computer
account having name “IMAGE” was previously created using a different set of
credentials. Use a different computer name, or contact your administrator to remove
any stale conflicting account. The error was:
Access is denied."
我尝试使用另一个域管理员帐户,但出现同样的错误。我猜是因为 AD 中的某些内容未正确删除,导致出现问题,因为该站点之前已加入域。我将通过重新创建一个全新的 VM 再次尝试,并将结果发回。
编辑 5:使用空白硬盘创建一个全新的 VM,结果和使用 Credentials 设置的日志错误都是一样的。我还尝试为 WDS 服务器添加复选标记,上面写着“安装后不要将客户端加入域”。我想那里可能存在冲突,并且与应答文件也存在冲突,但无济于事……我尝试再次将 UnsecureJoin 设置为 True,并使用全新的 VM 删除 Credentials 设置,只是为了看看,但我再次收到之前的错误……帮忙?
编辑 6:另一件我怀疑相关的事情是计算机是 UEFI 而不是 BIOS。
编辑 7:使用以下应答文件,我每次都能成功加入域当 WDS 中的“请求管理员批准”复选框未选中时一旦检查,它就会失败并向我显示错误:
"NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides".
最后一部分翻译为“身份信息无效”。
答案文件的重要部分,如果您还有其他需要,请告诉我:
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<UnsecureJoin>true</UnsecureJoin>
</Identification>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>%MACHINENAME%</ComputerName>
<RegisteredOrganization>Organization</RegisteredOrganization>
<RegisteredOwner>Utilisateur</RegisteredOwner>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0c0c:00001009</InputLocale>
<SystemLocale>0c0c:00001009</SystemLocale>
<UILanguage>fr-CA</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
编辑8
专业部分现在看起来像:
<settings pass="specialize">
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<UnsecureJoin>true</UnsecureJoin>
<JoinDomain>%MACHINEDOMAIN%</JoinDomain>
</Identification>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RegisteredOrganization>Organization</RegisteredOrganization>
<RegisteredOwner>Utilisateur</RegisteredOwner>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>1009:00001009</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>fr-FR</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
</settings>
NetSetup 日志反复给出以下信息:
11/20/2014 14:22:53:596 NetpDoDomainJoin
11/20/2014 14:22:53:612 NetpDoDomainJoin: using new computer names
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 14:22:53:612 NetpMachineValidToJoin: 'WIN-6PMPRQ5FVI5'
11/20/2014 14:22:53:612 OS Version: 6.3
11/20/2014 14:22:53:612 Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 14:22:53:659 SKU: Windows 8.1 Professionnel
11/20/2014 14:22:53:659 Architecture: 64-bit (AMD64)
11/20/2014 14:22:53:659 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 14:22:53:659 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:659 NetpMachineValidToJoin: status: 0x0
11/20/2014 14:22:53:659 NetpJoinDomain
11/20/2014 14:22:53:659 HostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659 NetbiosName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659 Domain: ad.domain.com\PDC.ad.domain.com
11/20/2014 14:22:53:659 MachineAccountOU: (NULL)
11/20/2014 14:22:53:659 Account: (NULL)
11/20/2014 14:22:53:659 Options: 0x61
11/20/2014 14:22:53:659 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:659 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: Unsecure join requested.
11/20/2014 14:22:53:659 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/20/2014 14:22:53:799 [000004e4] NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/20/2014 14:22:53:846 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:846 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:846 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/20/2014 14:22:53:862 NetpProvisionComputerAccount:
11/20/2014 14:22:53:862 lpDomain: ad.domain.com
11/20/2014 14:22:53:862 lpHostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:862 lpMachineAccountOU: (NULL)
11/20/2014 14:22:53:862 lpDcName: PDC.ad.domain.com
11/20/2014 14:22:53:862 lpMachinePassword: (null)
11/20/2014 14:22:53:862 lpAccount: ad.domain.com\WIN-6PMPRQ5FVI5$
11/20/2014 14:22:53:862 lpPassword: (null)
11/20/2014 14:22:53:862 dwJoinOptions: 0x61
11/20/2014 14:22:53:862 dwOptions: 0xc0000007
11/20/2014 14:22:53:877 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: reading domain data
11/20/2014 14:22:53:877 NetpGetNCData: Reading NC data
11/20/2014 14:22:53:877 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/20/2014 14:22:53:877 NetpGetDomainData: Failed to find the domain data: 0x6e
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e
11/20/2014 14:22:53:893 ldap_unbind status: 0x0
11/20/2014 14:22:53:893 NetpJoinCreatePackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpAddProvisioningPackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: Function exits with status of: 0x6e
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/20/2014 14:22:53:893 NetpDoDomainJoin: status: 0x6e
如您所见,上面的名称“WIN-6PMPRQ5FVI5”是自动生成的,而我提供的名称却不见了……更糟糕的是,这在 2012 WDS 之前运行良好,所以我不确定除了显示的界面之外,他们到底做了什么改变。不过还是感谢您的帮助!
编辑 9:我再次尝试输入 %MACHINEDOMAIN% 和 %MACHINENAME% 值。这也没有用,但我最终从 NetSetup.log 中得到了以下信息:
11/20/2014 16:23:32:232 NetpDoDomainJoin
11/20/2014 16:23:32:232 NetpDoDomainJoin: using new computer names
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 16:23:32:232 NetpMachineValidToJoin: 'IMAGE-TEST'
11/20/2014 16:23:32:232 OS Version: 6.3
11/20/2014 16:23:32:232 Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 16:23:32:295 SKU: Windows 8.1 Professionnel
11/20/2014 16:23:32:295 Architecture: 64-bit (AMD64)
11/20/2014 16:23:32:295 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 16:23:32:295 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 16:23:32:295 NetpMachineValidToJoin: status: 0x0
11/20/2014 16:23:32:295 NetpJoinDomain
11/20/2014 16:23:32:295 HostName: IMAGE-TEST
11/20/2014 16:23:32:295 NetbiosName: IMAGE-TEST
11/20/2014 16:23:32:295 Domain: ad.domain.com\dc.ad.domain.com
11/20/2014 16:23:32:295 MachineAccountOU: (NULL)
11/20/2014 16:23:32:295 Account: (NULL)
11/20/2014 16:23:32:295 Options: 0x61
11/20/2014 16:23:32:295 NetpLoadParameters: loading registry parameters...
11/20/2014 16:23:32:295 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 16:23:32:295 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 16:23:32:295 NetpLoadParameters: status: 0x2
11/20/2014 16:23:32:295 NetpJoinDomainOnDs: Unsecure join requested.
11/20/2014 16:23:32:295 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/20/2014 16:23:32:295 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/20/2014 16:23:32:482 [0000051c] NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 16:23:32:498 NetpJoinDomainOnDs: status of connecting to dc '\\dc.ad.domain.com': 0x0
11/20/2014 16:23:32:513 NetpJoinDomainOnDs: Passed DC 'dc.ad.domain.com' verified as DNS name '\\dc.ad.domain.com'
11/20/2014 16:23:32:513 NetpLoadParameters: loading registry parameters...
11/20/2014 16:23:32:513 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 16:23:32:513 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 16:23:32:513 NetpLoadParameters: status: 0x2
11/20/2014 16:23:32:513 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.ad.domain.com': 0x0
11/20/2014 16:23:32:513 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/20/2014 16:23:32:529 NetpProvisionComputerAccount:
11/20/2014 16:23:32:529 lpDomain: ad.domain.com
11/20/2014 16:23:32:529 lpHostName: IMAGE-TEST
11/20/2014 16:23:32:529 lpMachineAccountOU: (NULL)
11/20/2014 16:23:32:529 lpDcName: dc.ad.domain.com
11/20/2014 16:23:32:529 lpMachinePassword: (null)
11/20/2014 16:23:32:529 lpAccount: ad.domain.com\IMAGE-TEST$
11/20/2014 16:23:32:529 lpPassword: (null)
11/20/2014 16:23:32:529 dwJoinOptions: 0x61
11/20/2014 16:23:32:529 dwOptions: 0xc0000007
11/20/2014 16:23:32:545 NetpLdapBind: Verified minimum encryption strength on dc.ad.domain.com: 0x0
11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: reading domain data
11/20/2014 16:23:32:545 NetpGetNCData: Reading NC data
11/20/2014 16:23:32:545 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/20/2014 16:23:32:545 NetpGetDomainData: Failed to find the domain data: 0x6e
11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e
11/20/2014 16:23:32:545 ldap_unbind status: 0x0
11/20/2014 16:23:32:545 NetpJoinCreatePackagePart: status:0x6e.
11/20/2014 16:23:32:545 NetpAddProvisioningPackagePart: status:0x6e.
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: Function exits with status of: 0x6e
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: status of disconnecting from '\\dc.ad.domain.com': 0x0
11/20/2014 16:23:32:545 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/20/2014 16:23:32:545 NetpDoDomainJoin: status: 0x6e
至少现在可以使用 WDS 中给出的名称,但现在出现的错误是:NetpGetDomainData:无法找到域数据:0x6e,我不确定为什么。我将尝试对域进行硬编码,而不是输入 %MACHINEDOMAIN%,然后将结果发回。
编辑 10:目前已收到 MS 的票。一旦找到解决方案,将立即回复。到目前为止,这似乎是 WS2012 WDS 中的一个错误。一旦有更多信息,将发布。
答案1
补充信息,这也发生在配备 W7 Pro 机器的 2008 Std R2 上。
对于所有相关人员,由于该问题仅适用于域管理员组级别,我想尝试使用一个帐户通过域根级别的委派控制授予所有权限,这也有效,因此无需去更改每个 UEFI 计算机对象上的安全设置:)。
如何:
- 我创建了一个用户 WDSinstall,其唯一的组成员身份是域用户。
- 然后我简单地运行了委派控制向导(在这种情况下,右键单击根域节点并选择委派控制)。
- 添加您新创建的帐户并单击下一步。
- 选择创建自定义任务来委派并单击下一步。
- 保持“此文件夹,此中的现有对象.....”处于选中状态,单击下一步。
- 确保“显示这些权限”下的所有 3 个选项都被勾选,即:常规、特定属性和特定子对象的创建/删除。
- 在权限框中,只需勾选“完全控制”,这也将选择所有其他权限。单击下一步。
- 单击“完成”。
现在您拥有一个本质上是域管理员帐户的帐户,因此,您可以将它用于所有 WDS 和部署需求。
我希望这篇文章能对某些人有所帮助,就像这篇原始文章对我有很大帮助一样。
答案2
这是 WDS 中的一个错误。当您批准 UEFI 设备时,它会提供错误的权限。如果您查看计算机对象的安全权限,您将看到它已针对“更改密码”和“重置密码”设置了域管理员拒绝权限。删除这两项的拒绝权限,您就可以开始了。
您需要对通过 WDS 批准的每台 UEFI 计算机执行此操作,但这总比没有好。
答案3
我们最终就此事联系了微软,经过几周的无用测试后,发现 WDS 名称和批准中存在一个错误,当通过 BIOS 使用 UEFI 时,PXE 启动和无人值守域加入在通过 WDS 名称和批准进行 pxe 启动时根本无法通过 UEFI 运行。
长话短说,如果您想要自动加入 WDS,请继续使用 BIOS。如果您被迫使用 UEFI,唯一的其他选择就是在部署后使用登录脚本,但这假设将登录的帐户是管理员。要么这样做,要么在部署后手动加入域!
希望这能帮助其他遇到同样问题的人。我知道这给我带来了很大的麻烦。
干杯!
答案4
好的,查看您的编辑#7,您有两个错误:
首先,您没有<JoinDomain>somedomain.com</JoinDomain>填写域名。
其次,您需要删除该<ComputerName>%MACHINENAME%</ComputerName>线。
这应该可以让你工作。