Jump to content


Sign in to follow this  
fj40ratt

Device won't join the domain during OSD TS

Recommended Posts

Good morning SCCM brains.  Here is one that has me about ready to trade mine in for a beer.  Last week our AD admin changed the password for the account that does our AD joins during task sequence image deployments.  I have entered the new password in the TS, verified it's access to the OU in AD successfully, and can use the new password to manually join a device to the domain without issue.  Unfortunately when the TS now runs the device fails to join the domain.  I've looked in the netsetup.log, setuperr.log and setupact.log to verify the correct account is present which it is but the error indicates it is still a bad username or password.  I had our AD admin change the password back to the original password in AD and imaging works perfectly with the device joining the domain as expected.  Is there somewhere else in SCCM I should be looking for that password to be changed?  Thanks in advance.

Share this post


Link to post
Share on other sites

The username and password is defined in the Configure Network Step, where you should have defined the domain\username in the Specify the account that has permission to join the domain section, you can click on set and test the username and password in there, did you try that ?

have you double check that you don't have more than that step in the task sequence ? or that you are indeed editing the correct task sequence ?

Share this post


Link to post
Share on other sites

Always appreciate your advice Niall.  I have.  I'm actually using it in the Apply Network Settings task.  I don't have a Join Domain section in the TS anywhere.  Another test I just ran is I added an additional character to the original password to create a new password of 9 characters.  Old password that worked prior was only 8 characters.  I then changed the pwd in the TS to the new 9 character pwd and it still works as intended.  When my AD admin changed the password earlier on the domain join account, he changed it to a 20 character password and that is the TS would fail to join the device to the domain.  Is there a password length restriction that anyone is aware of?

Share this post


Link to post
Share on other sites

not that i'm aware of, what version of ConfigMgr are you using and is it MDT integrated ?

Share this post


Link to post
Share on other sites

I have experienced this when the password used for the domain join had a special character that it did not like (I do not recall the offending character), but try configuring a basic password with no special characters, just to rule that out.

Share this post


Link to post
Share on other sites

Thanks pzov, appreciate the input.  I've run up against that type of issue with other systems in the past as well.  I believe this is the first time I've attempted that complex of a password with SCCM.  You would like to believe that Microsoft would make sure their complexity requirements were standard across the company.  If Active Directory accepts that long of a password from a user, their own systems should allow it when they talk to each other. lol  I will test with a long password avoiding any special characters and update here with the results.

Share this post


Link to post
Share on other sites

Update: A 15 character pwd with nothing but upper and lowercase letters and numbers caused the device to not join the domain.  Also double checked to make sure the password was meeting the domain complexity requirements and it is.  This one is really odd.

Share this post


Link to post
Share on other sites

i'll see if i can replicate this in my lab,

was ConfigMgr integrated with MDT or not and if so which version ?

Share this post


Link to post
Share on other sites

how many characters do you have in the computername ? can you share the smsts.log with me ?

Share this post


Link to post
Share on other sites

The computer name has 8 characters.  I won't be able to get a smsts.log file to you until Monday.  I have people imaging this week so I can't test a password change until they are finished.

Share this post


Link to post
Share on other sites

ok thanks

are there any odd ascii characters in that password ? can you please share a screenshot of your join domain step, i've contacted Microsoft PG and they don't believe there's any restrictions on password length, the join domain step should even accept 500 characters...

i definitely need the log file from a failing domain join to get more understanding of this

Share this post


Link to post
Share on other sites

Update: New 15 character password that utilized all 4 of the complexity rules in AD worked successfully.  The previous attempts that were failing were only matching 3 of the 4 requirements which should have still worked since the password rule states you must have at least 3 of the 4.  Really odd.  Thanks for the input and willingness to help test everyone.

Share this post


Link to post
Share on other sites

Jumped the gun.  The new password works for one of my task sequences but not for any of my other TS's including any new from scratch TS's.  This is crazy.

Share this post


Link to post
Share on other sites

are you copy/pasting the step ? if so the password has to be re-entered...

Share this post


Link to post
Share on other sites

I've tried both creating a TS from scratch and copying from another TS.  Neither has been successful.  I even tried just making it a simple 8 character password containing nothing but letters with no luck.  Crazy thing is that when I verify the account and password connection to the OU within the TS it verifies just fine and that same account and password will manually join a device to the domain successfully.  Might be time to get Microsoft involved.

Share this post


Link to post
Share on other sites

zip up the logs please and include the netsetup.log from %windir%\debug

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...