Can't join Vista SP1 to domain

Guenther Deschner gd at samba.org
Thu Apr 16 21:29:31 GMT 2009 

Richard Gellman wrote:
> I originally posted this to samba at lists.samba.org, but having not had
> even so much as an acknowledgement of my existence, I thought I'd try
> here......
> 
> -- Richard
> 
> 
> 
> Hi,
> 
> I've been using Samba for years as a domain controller without issue,
> but this has stumped me.
> 
> I've set up Windows Vista Enterprise SP1 on a Virtual PC. Samba is
> running on a Gentoo Linux box as version 3.3.3. I can access shares
> without issue, but I can't get the machine to join the domain. When it
> tries it shows "The parameter is incorrect".
> 
> Delving into C:\Windows\Debug\NetSetup.LOG shows that it creates the
> machine account successfully, sets a password for it, then gets to the
> point of configuring itself to be a domain member, and then fails with
> error code 0x57. At this point it disables the machine account for itself.
> 
> The relevant section of NetSetup.LOG is shown below. Everything I read
> on t'internet suggests that this should work without problems. I've
> tried setting the security option to NTLM, changing the compatibility
> mode value, almost everything I can find, but still no joy.
> 
> I'd post the smbd -d 10 log, but from what I can see nothing errors on
> the Samba side, Windows just gives up. I'm hoping that there's something
> I can configure, patch that can be applied etc that causes some kind of
> different response that Windows will accept.
> 
> Does anyone have any ideas? Let me know if there's anything useful I can
> give you from the -d 10 log. There's a lot of stuff there (mostly
> routine stuff) so let me know what sort of thing you're looking for and
> I'll gladly post it.
> 
> I should point out the password backend is OpenLDAP. As stated, no other
> machine I've joined to this domain has ever had issues.
> 
> Regards
> 
> Richard Gellman
> 
> -- NetSetup.LOG --
> 
> 04/09/2009 18:32:34:458 NetpValidateName: checking to see if 'STARFLEET'
> is valid as type 3 name
> 04/09/2009 18:32:34:559 NetpCheckDomainNameIsValid [ Exists ] for
> 'STARFLEET' returned 0x0
> 04/09/2009 18:32:34:559 NetpValidateName: name 'STARFLEET' is valid for
> type 3
> 04/09/2009 18:32:34:559 NetpDsGetDcName: trying to find DC in domain
> 'STARFLEET', flags: 0x40001010
> 04/09/2009 18:32:34:559 NetpDsGetDcName: found DC '\\RELIANT' in the
> specified domain
> 04/09/2009 18:32:34:559 NetpJoinDomain: status of connecting to dc
> '\\RELIANT': 0x0
> 04/09/2009 18:32:34:709 NetpGetLsaPrimaryDomain: status: 0x0
> 04/09/2009 18:32:34:709 NetpGetNt4RefusePasswordChangeStatus: trying to
> read from '\\RELIANT'
> 04/09/2009 18:32:35:039 NetpGetNt4RefusePasswordChangeStatus:
> RefusePasswordChange == 0
> 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
> 04/09/2009 18:32:35:099 NetpGetLsaPrimaryDomain: status: 0x0
> 04/09/2009 18:32:35:099 NetpLsaOpenSecret: status: 0xc0000034
> 04/09/2009 18:32:35:530 NetpManageMachineAccountWithSid: NetUserAdd on
> '\\RELIANT' for 'VOYAGER$' failed: 0x8b0
> 04/09/2009 18:32:36:171 NetpManageMachineAccountWithSid: status of
> attempting to set password on '\\RELIANT' for 'VOYAGER$': 0x0
> 04/09/2009 18:32:36:171 NetpJoinDomain: status of creating account: 0x0
> 04/09/2009 18:32:36:171 NetpGetLsaPrimaryDomain: status: 0x0
> 04/09/2009 18:32:36:181 NetpSetLsaPrimaryDomain: for 'STARFLEET' status:
> 0xc000000d
> 04/09/2009 18:32:36:181 NetpJoinDomain: status of setting LSA pri.
> domain: 0x57
> 04/09/2009 18:32:36:181 NetpJoinDomain: initiaing a rollback due to
> earlier errors
> 04/09/2009 18:32:36:281 NetpGetLsaPrimaryDomain: status: 0x0
> 04/09/2009 18:32:36:652 NetpManageMachineAccountWithSid: status of
> disabling account 'VOYAGER$' on '\\RELIANT': 0x0
> 04/09/2009 18:32:36:652 NetpJoinDomain: rollback: status of deleting
> computer account: 0x0
> 04/09/2009 18:32:36:652 NetpLsaOpenSecret: status: 0x0
> 04/09/2009 18:32:36:672 NetpJoinDomain: rollback: status of deleting
> secret: 0x0
> 04/09/2009 18:32:36:692 NetpJoinDomain: status of disconnecting from
> '\\RELIANT': 0x0
> 04/09/2009 18:32:36:692 NetpDoDomainJoin: status: 0x57

Do you have or can you please provide a log level 10 log.smbd from this
error ? Also: please open a bug on this at http://bugzilla.samba.org so
that we can track this.

Thanks,

Guenther



-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org

More information about the samba-technical mailing list