我已启用 winrm、禁用防火墙、启用远程处理、winrm 的 GPO、启用 SMBv1 并首先完成更新以进行故障排除,但仍然收到错误。我也可以 ping DC。
我收到的错误是:
Add-Computer: Computer "server2019' failed to join domain 'dev.domain.com' from its current workgroup 'WORKGROUP' with following error message: An internal error occurred.
At line:1 char:1
Add-Computer -DomainName dev.domain.com -OUPath "OU=$OU,dc=dev,dc=domain,dc=com" ...
CategorvInfo :Operation5topped: (server2019:5tring) [Add-Computer]
. InvalidoperationException
+ FullvOualifiedErrorId:FailToJoinDomainFromworkgroup,Microsoft.PowerShell.Commands.AddComputerCommand
这是我的脚本中执行连接的部分:
[String]$OU,
[PSCredential]$Credential
)
$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
if ([Environment]::UserInteractive) {
if (!$OU) { $OU = Read-Host "Enter Resource Pool Name (exactly as appears in vCenter inventory)" }
if (!$Credential) { $Credential = Get-Credential -Message "Enter dev domain credentials" }
}
# Add Computer to Dev domain
try {
Add-Computer -DomainName dev.domain.com -OUPath "OU=$OU,dc=dev,dc=domain,dc=com" -ErrorAction stop -Credential $Credential
}
catch {
Write-Warning "Failed to join to domain."
Read-Host -Prompt "Press Enter to exit"
Throw $_
}
PS C:\Windows\ system32> nltest.exe/dsgetdc:dev.domain.com
DC: \\devad02.dev.domain.com
Address: \\10.1.214.29
Do Guid: ae3bef55-dd18-4598-b809-2058516e6abl
Dom Name: dev.domain.com
Forest Name: dev.domain.com
De Site Name: SITE
Our Site Name: SITE
Flags: GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRE
TWS D5_8 D5_9 D5_10 0x20000
The command completed successfully
编辑:服务器管理器显示 NetJoin 错误事件,错误代码为 1359 我尝试运行:
nltest /dclist:MYDOMAIN
并得到:
You don't have access to DsBind to dev.domain.com
我也尝试运行:nltest /server:UserSyncServer /sc_reset:domain\devdc
并得到:I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
答案1
微软建议在域控制器上将 MsDS-SupportedEncryptionTypes 从 RC4 更改为 AES,但对我有用的是删除并重新添加 DC 之间的传出和前向传递的信任。
答案2
这个解决方案对我有用。在 DC 的注册表中禁用 AllwNt4Crypto https://learn.microsoft.com/es-mx/services-hub/health/remediation-steps-ad/disable-the-allownt4crypto-setting-on-all-affected-domain-controllers