VM deployed using sysprep/guestcustomization template does not join to domain.
search cancel

VM deployed using sysprep/guestcustomization template does not join to domain.

book

Article ID: 392166

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

VM is deployed successfully, however unable to join domain.

we see below log entries in C:\Windows\Debug\netsetup.log


DD/MM/YYYY HH:MM:SS NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
DD/MM/YYYY HH:MM:SS NetpJoinDomainOnDs: status of connecting to dc '\\dc.domain.net': 0x0
DD/MM/YYYY HH:MM:SS NetpJoinDomainOnDs: Passed DC 'dc.domain.net' verified as DNS name '\\dc.domain.net'
DD/MM/YYYY HH:MM:SS NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.domain.net': 0x0
DD/MM/YYYY HH:MM:SS NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: domain.net
DD/MM/YYYY HH:MM:SS NetpProvisionComputerAccount:
DD/MM/YYYY HH:MM:SS         lpDomain: domain.net
DD/MM/YYYY HH:MM:SS         lpHostName: vmname
DD/MM/YYYY HH:MM:SS         lpMachineAccountOU: (NULL)
DD/MM/YYYY HH:MM:SS         lpDcName: dc.domain.net
DD/MM/YYYY HH:MM:SS         lpMachinePassword: (null)
DD/MM/YYYY HH:MM:SS         lpAccount: domain.net\domainuser
DD/MM/YYYY HH:MM:SS         lpPassword: (non-null)
DD/MM/YYYY HH:MM:SS         dwJoinOptions: 0x23
DD/MM/YYYY HH:MM:SS         dwOptions: 0x40000003
DD/MM/YYYY HH:MM:SS NetpLdapBind: Verified minimum encryption strength on dc.domain.net: 0x0
DD/MM/YYYY HH:MM:SS NetpLdapGetLsaPrimaryDomain: reading domain data
..
..
DD/MM/YYYY HH:MM:SS NetpModifyComputerObjectInDs: Computer Object does not exist in OU
DD/MM/YYYY HH:MM:SS NetpModifyComputerObjectInDs: Attribute values to set:
DD/MM/YYYY HH:MM:SS                 objectClass  =  Computer
DD/MM/YYYY HH:MM:SS                 SamAccountName  =  vmname$
DD/MM/YYYY HH:MM:SS                 userAccountControl  =  0x1000
DD/MM/YYYY HH:MM:SS                 DnsHostName  =  vmname.domain.net
DD/MM/YYYY HH:MM:SS                 ServicePrincipalName  =  HOST/vmname.domain.net  RestrictedKrbHost/vmname.domain.net  HOST/vmname  RestrictedKrbHost/vmname
DD/MM/YYYY HH:MM:SS                 unicodePwd  =  <SomePassword>
DD/MM/YYYY HH:MM:SS NetpMapGetLdapExtendedError: Parsed [0x522] from server extended error string: 00000522: SecErr: DSID-03153861, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
DD/MM/YYYY HH:MM:SS NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5
DD/MM/YYYY HH:MM:SS NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
DD/MM/YYYY HH:MM:SS NetpProvisionComputerAccount: LDAP creation failed: 0x5
DD/MM/YYYY HH:MM:SS NetpProvisionComputerAccount: Retrying downlevel per options
DD/MM/YYYY HH:MM:SS NetpManageMachineAccountWithSid: NetUserAdd on 'dc.domain.net' for 'vmname$' failed: 0x5

Environment

vCenter 8

Cause

The AD user account being used in sysprep/guestcustomization does not have privileges on the specific OU.

Resolution

Confirm the permissions of the useraccount being used.

Specify the OU details in sysprep/guestcustomization where the username being used in sysprep has permissions to add machine accounts to the OU in the domain.

Powered by Wolken Software