The trust relationship between this workstation and the primary domain failed.
I've successfully deployed the image from the k2 but when logging in to the domain I get this message. I've read a bunch and look everywhere to find out what might be causing this issue and no luck. Everything works if i leave the domain and rejoin.
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<Identification>
<JoinDomain>domainname.com</JoinDomain>
<Credentials>
<Domain>domainname.com</Domain>
<Username>administrator</Username>
<Password>password</Password>
</Credentials>
</Identification>
Any tips would be great! Thanks in advance!
Answers (4)
Have you thought about joining the domain as a post install rather than in the xml? I never had much luck with doing it that way.
Comments:
-
I'll +1 this suggestion. It isn't too difficult to set this up, and it seems to work much better than the unattend file. - Ben M 12 years ago
-
I put the join_domain.vbs in the windows\system32 directory on my images so all I have to do is call it as a post task.
I autologon as a local account and let the post run and join the domain during that part and then autologon as a domain user for 2 more time after that so GPO's and other can update.
http://www.itninja.com/blog/view/windows-7-image-process-for-the-college-s-classrooms - SMal.tmcc 12 years ago -
Thanks for all the replies. SMal.tmcc can I bug you to post your vbscript for joining the domain? Thanks in advance. - iandizon 12 years ago
-
I've used this before http://www.kace.com/support/resources/kb/article/How-to-rename-a-computer-and-join-it-to-a-Windows-domain-Image-Deployment
We are currently using the "Add-Computer" command in Powershell. It's a lot less steps and easy setup. - dugullett 12 years ago -
Should be on your kbox, it came with mine. I found it at \\ikbox\peinst\applications\3.
Note: We pre-create our machines in the correct ou ahead of time using an ldap utility or just reuse the existing name. This script will put a machine in the default OU if it is not already an object. I have seen some great scripts from the others that will let you choose your OU also.
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
If WScript.Arguments.Count &amp;lt; 3 or WScript.Arguments.Count &amp;gt; 4 Then
WScript.Quit
Else
strDomain = WScript.Arguments.Item(0)
strUser = WScript.Arguments.Item(1)
strPassword = WScript.Arguments.Item(2)
'set DNS IP address
If WScript.Arguments.Count = 4 Then
strDNSIP = WScript.Arguments.Item(3)
Set objShell = CreateObject(&amp;quot;WScript.shell&amp;quot;)
objShell.Run &amp;quot;netsh int ip set dns &amp;quot;&amp;quot;local area connection&amp;quot;&amp;quot; static &amp;quot;&amp;amp; _
strDNSIP &amp;amp;&amp;quot; primary&amp;quot;,0,0
End If
End If
Set objNetwork = CreateObject(&amp;quot;WScript.Network&amp;quot;)
strComputer = objNetwork.ComputerName
Set objComputer = GetObject(&amp;quot;winmgmts:{impersonationLevel=Impersonate}!\\&amp;quot; &amp;amp; _
strComputer &amp;amp; _
&amp;quot;\root\cimv2:Win32_ComputerSystem.Name='&amp;quot; _
&amp;amp; strComputer &amp;amp; &amp;quot;'&amp;quot;)
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
strPassword, _
strDomain &amp;amp; &amp;quot;\&amp;quot; &amp;amp; strUser, _
NULL, _
JOIN_DOMAIN+ACCT_CREATE) - SMal.tmcc 12 years ago
It happens with my VM Images every month once.
I have to rejoin it to domain by logging in as a local administrator and then retaking the snapshot.
Any resolution for that as well?
Comments:
-
Just curious what form of VM are you using? I seem to have the same problem as well. I never took the time to troubleshoot it. After I get logged in I usually forget about it until the next time. - dugullett 12 years ago
-
http://blogs.msdn.com/b/mikekol/archive/2009/03/18/does-restoring-a-snapshot-break-domain-connectivity-here-s-why.aspx - jagadeish 12 years ago
-
Cool..... so looks like I'll keep changing every month. - dugullett 12 years ago
-
You can change the time of expiration of the secure channel password on the domain from the default of 30 days to a larger number or just do not require one at all. We have had to up our expiration to 180 days. We use deepfreeze on the acad side the machines never really update their end till they are thawed. - SMal.tmcc 12 years ago
-
Thanks for your inputs everyone.. It seems that I am not alone who is facing this issue. :) - piyushnasa 12 years ago
-
No the secure channel has always haunted us. I do not use a VM I have a master machine I just do windows image backup and restore's and any or my images I restore over a 180 days complain yet. It can be set not to need a PW but being a college teaching CT that is like giving a monkey a gun and box of bullets. Withiout one you could spoof a machine into the domain - SMal.tmcc 12 years ago
-
The next time your VM does that try to just reset the PW
http://support.microsoft.com/kb/260575/en-us - SMal.tmcc 12 years ago