无法在Windows 8.1上使用WDS和答案文件执行无人参与的域join

我已经浏览了与此有关的其他问题,没有人能够帮助我。 我已经在这个该死的无人看pipe的过程上花了好几天的时间,奇迹般的是,我昨天才得到它的工作,但是,唉,我做了一个无妄的错误,没有备份文件,然后再编辑它,现在我尽pipe工作了好几个小时,仍然无法再工作。

以下是我得到的一些debugging输出:

[DJOIN.EXE] Unattended Join: Begin [DJOIN.EXE] Unattended Join: Loading input parameters... [DJOIN.EXE] Unattended Join: AccountData = [NULL] [DJOIN.EXE] Unattended Join: UnsecureJoin = [True] [DJOIN.EXE] Unattended Join: MachinePassword = [secret not logged] [DJOIN.EXE] Unattended Join: JoinDomain = [ad.domain.com] [DJOIN.EXE] Unattended Join: JoinWorkgroup = [NULL] [DJOIN.EXE] Unattended Join: Domain = [NULL] [DJOIN.EXE] Unattended Join: Username = [NULL] [DJOIN.EXE] Unattended Join: Password = [secret not logged] [DJOIN.EXE] Unattended Join: MachineObjectOU = [NULL] [DJOIN.EXE] Unattended Join: DebugJoin = [NULL] [DJOIN.EXE] Unattended Join: DebugJoinOnlyOnThisError = [NULL] [DJOIN.EXE] Unattended Join: TimeoutPeriodInMinutes = [NULL] [DJOIN.EXE] Unattended Join: Checking that auto start services have started. [DJOIN.EXE] Unattended Join: Calling DsGetDcName for ad.domain.com... [DJOIN.EXE] Unattended Join: Constructed domain parameter [ad.domain.com\PDC.ad.domain.com] [DJOIN.EXE] Unattended Join: NetJoinDomain attempt failed: 0x52e, will retry in 10 seconds... 

最后一行在退出前的过程中会重复几次。

 [DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1326] [DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x52e 

和…

 NetUseAdd to \\PDC.ad.domain.com\IPC$ returned 1326 Trying add to \\PDC.ad.domain.com\IPC$ using NULL Session NetpProvisionComputerAccount: lpDomain: ad.domain.com lpHostName: ComputerName lpMachineAccountOU: (NULL) lpDcName: PDC.ad.domain.com lpMachinePassword: (non-null) lpAccount: ad.domain.com\ComputerName$ lpPassword: (non-null) dwJoinOptions: 0xe1 dwOptions: 0xc0000003 NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides 

最后一行转换为“标识信息无效”或“证书无效”。

 NetpJoinCreatePackagePart: status:0x52e NetpAddProvisioningPackagePart: status:0x52e NetpJoinDomainOnDs: Function exits with status of: 0x52e NetpDoDomainJoin: status: 0x52e 

我得到的错误1326是无效的凭据,但是,我使用%machinepassword%variables的不安全的连接方法,所以我不知道为什么…

这里是无人参与的文件: 编辑出来,当我达到30K字符的限制,现在是无关的

任何帮助将非常感激。 我已经尝试了几十个一步一步的指南和technet笔记,这些笔记互相矛盾或者build议使用MDT或者不清楚。 如果有无人看pipe的部门的专家在这里阅读,我会永远感激,如果你能指出什么可能是一个非常愚蠢的错误。

谢谢!

编辑:我没有提到它,因为我没有判断重要的信息,但WDS服务器和DC都运行2012 R2。

编辑2:如下面的注释中所述,将UnsecureJoin更改为False并在UnattendJoin组件下添加Credentials信息之后,以下是相关的NetSetup.log信息:

 11/11/2014 14:22:54:558 ----------------------------------------------------------------- 11/11/2014 14:22:54:558 NetpDoDomainJoin 11/11/2014 14:22:54:558 NetpDoDomainJoin: using new computer names 11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0 11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewHostName returned 0x0 11/11/2014 14:22:54:558 NetpMachineValidToJoin: 'IMAGE-TEST' 11/11/2014 14:22:54:558 OS Version: 6.3 11/11/2014 14:22:54:558 Build number: 9600 (9600.winblue_r3.140827-1500) 11/11/2014 14:22:54:589 SKU: Windows 8.1 Professionnel 11/11/2014 14:22:54:589 Architecture: 64-bit (AMD64) 11/11/2014 14:22:54:589 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 11/11/2014 14:22:54:589 NetpGetLsaPrimaryDomain: status: 0x0 11/11/2014 14:22:54:589 NetpMachineValidToJoin: status: 0x0 11/11/2014 14:22:54:589 NetpJoinDomain 11/11/2014 14:22:54:589 HostName: IMAGE-TEST 11/11/2014 14:22:54:589 NetbiosName: IMAGE-TEST 11/11/2014 14:22:54:589 Domain: ad.domain.com\PDC.ad.domain.com 11/11/2014 14:22:54:589 MachineAccountOU: (NULL) 11/11/2014 14:22:54:589 Account: domain\wdsclient 11/11/2014 14:22:54:589 Options: 0x23 11/11/2014 14:22:54:589 NetpLoadParameters: loading registry parameters... 11/11/2014 14:22:54:589 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/11/2014 14:22:54:589 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/11/2014 14:22:54:589 NetpLoadParameters: status: 0x2 11/11/2014 14:22:54:589 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled 11/11/2014 14:22:54:589 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 11/11/2014 14:22:54:886 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0 11/11/2014 14:22:54:886 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com' 11/11/2014 14:22:54:886 NetpLoadParameters: loading registry parameters... 11/11/2014 14:22:54:886 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/11/2014 14:22:54:886 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/11/2014 14:22:54:886 NetpLoadParameters: status: 0x2 11/11/2014 14:22:54:886 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0 11/11/2014 14:22:54:886 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com 11/11/2014 14:22:54:902 NetpProvisionComputerAccount: 11/11/2014 14:22:54:902 lpDomain: ad.domain.com 11/11/2014 14:22:54:902 lpHostName: IMAGE-TEST 11/11/2014 14:22:54:902 lpMachineAccountOU: (NULL) 11/11/2014 14:22:54:902 lpDcName: PDC.ad.domain.com 11/11/2014 14:22:54:902 lpMachinePassword: (null) 11/11/2014 14:22:54:902 lpAccount: domain\wdsclient 11/11/2014 14:22:54:902 lpPassword: (non-null) 11/11/2014 14:22:54:902 dwJoinOptions: 0x23 11/11/2014 14:22:54:902 dwOptions: 0x40000003 11/11/2014 14:22:54:917 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0 11/11/2014 14:22:54:917 NetpLdapGetLsaPrimaryDomain: reading domain data 11/11/2014 14:22:54:917 NetpGetNCData: Reading NC data 11/11/2014 14:22:54:917 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com 11/11/2014 14:22:54:917 NetpGetDomainData: Lookup crossref data for: CN=Partitions,CN=Configuration,DC=ad,DC=domain,DC=com 11/11/2014 14:22:54:949 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0 11/11/2014 14:22:54:949 NetpCheckForDomainSIDCollision: returning 0x0(0). 11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking DNS domain name ad.domain.com/ into Netbios on \\PDC.ad.domain.com 11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results: name = domain\ 11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking account name domain\IMAGE-TEST$ on \\PDC.ad.domain.com 11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results: (Account already exists) DN = CN=IMAGE-TEST,CN=Computers,DC=ad,DC=domain,DC=com 11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Initial attribute values: 11/11/2014 14:22:54:964 objectClass = Computer 11/11/2014 14:22:54:964 SamAccountName = IMAGE-TEST$ 11/11/2014 14:22:54:964 userAccountControl = 0x1000 11/11/2014 14:22:54:964 DnsHostName = IMAGE-TEST.ad.domain.com 11/11/2014 14:22:54:964 ServicePrincipalName = HOST/IMAGE-TEST.ad.domain.com RestrictedKrbHost/IMAGE-TEST.ad.domain.com HOST/IMAGE-TEST RestrictedKrbHost/IMAGE-TEST 11/11/2014 14:22:54:964 unicodePwd = <SomePassword> 11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Computer Object already exists in OU: 11/11/2014 14:22:54:964 objectClass = top person organizationalPerson user computer 11/11/2014 14:22:54:964 SamAccountName = IMAGE-TEST$ 11/11/2014 14:22:54:964 userAccountControl = 0x1000 11/11/2014 14:22:54:964 DnsHostName = 11/11/2014 14:22:54:964 ServicePrincipalName = 11/11/2014 14:22:54:964 unicodePwd = Account exists, resetting password: <SomePassword> 11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Attribute values to set: 11/11/2014 14:22:54:964 DnsHostName = IMAGE-TEST.ad.domain.com 11/11/2014 14:22:54:964 ServicePrincipalName = HOST/IMAGE-TEST.ad.domain.com RestrictedKrbHost/IMAGE-TEST.ad.domain.com HOST/IMAGE-TEST RestrictedKrbHost/IMAGE-TEST 11/11/2014 14:22:54:964 unicodePwd = <SomePassword> 11/11/2014 14:22:54:980 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 11/11/2014 14:22:54:980 NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5 11/11/2014 14:22:54:980 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5 11/11/2014 14:22:54:980 NetpProvisionComputerAccount: LDAP creation failed: 0x5 11/11/2014 14:22:54:980 NetpProvisionComputerAccount: Retrying downlevel per options 11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: NetUserAdd on 'PDC.ad.domain.com' for 'IMAGE-TEST$' failed: 0x8b0 11/11/2014 14:22:54:995 SamOpenUser on 1639 failed with 0xc0000022 11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: status of attempting to set password on 'PDC.ad.domain.com' for 'IMAGE-TEST$': 0x5 11/11/2014 14:22:54:995 NetpProvisionComputerAccount: retry status of creating account: 0x5 11/11/2014 14:22:54:995 ldap_unbind status: 0x0 11/11/2014 14:22:54:995 NetpJoinCreatePackagePart: status:0x5. 11/11/2014 14:22:54:995 NetpAddProvisioningPackagePart: status:0x5. 11/11/2014 14:22:54:995 NetpJoinDomainOnDs: Function exits with status of: 0x5 11/11/2014 14:22:54:995 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0 11/11/2014 14:22:54:995 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0 11/11/2014 14:22:54:995 NetpDoDomainJoin: status: 0x5 11/11/2014 14:23:05:027 ----------------------------------------------------------------- 

我注意到了“INSUFF_ACCESS_RIGHTS”标签,但使用的帐户是一个域pipe理员帐户,所以我不知道还有什么原因在这里。 思考?

编辑3:另外,我正在testing的客户端计算机是一个Hyper-V VM,它在映像之前有一个检查点。 我恢复机器,从AD删除对象,清除已批准设备的WDS服务器,然后重新启动整个过程时,无人参与安装不起作用。 再次,我不认为这是相关的,但这是我可以给的所有信息。

编辑4:我想我开始看到发生了什么。 在无人参与操作之后,我尝试使用我在无人参与文件中指定的相同帐户信息将工作站添加到域中,以便与以下错误消息相遇:

 "The join operation was not successful. This could be because an existing computer account having name “IMAGE” was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any stale conflicting account. The error was: Access is denied." 

我尝试与另一个域pipe理员帐户,我得到同样的错误。 我的猜测是,不知何故,在AD中没有正确地删除某些东西,因为这个站已经join了域。 我将通过重新创build一个全新的虚拟机再次尝试,并将结果返回。

编辑5:使用空白硬盘驱动器创build一个全新的VM给了我相同的结果,并使用凭据设置logging错误。 我也尝试添加WDS服务器的复选标记,指出“安装后不要将客户端join域”。 认为那里可能有冲突,并与答案文件,但无济于事…我已经尝试将UnsecureJoin设置为True,并删除一个全新的虚拟机的凭据设置,以及只是看到,但我得到了以前错误再次…帮助?

编辑6:另一件我怀疑是相关的事实,计算机是UEFI而不是BIOS。

编辑7:使用以下答案文件,我可以在WDS中的“请求pipe理员批准”checkbox未选中的情况下成功join域。 只要它被检查,它会失败,并与我打招呼的错误:

 "NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides". 

这最后一部分转化为“识别信息无效”。

答案文件的重要部分,让我知道如果你需要别的东西:

 <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>true</UnsecureJoin> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ComputerName>%MACHINENAME%</ComputerName> <RegisteredOrganization>Organization</RegisteredOrganization> <RegisteredOwner>Utilisateur</RegisteredOwner> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>0c0c:00001009</InputLocale> <SystemLocale>0c0c:00001009</SystemLocale> <UILanguage>fr-CA</UILanguage> <UserLocale>en-US</UserLocale> </component> </settings> 

编辑8

专门部分现在看起来像:

 <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>true</UnsecureJoin> <JoinDomain>%MACHINEDOMAIN%</JoinDomain> </Identification> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RegisteredOrganization>Organization</RegisteredOrganization> <RegisteredOwner>Utilisateur</RegisteredOwner> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>1009:00001009</InputLocale> <SystemLocale>en-US</SystemLocale> <UILanguage>fr-FR</UILanguage> <UserLocale>en-US</UserLocale> </component> </settings> 

NetSetup日志反复给了我这个:

 11/20/2014 14:22:53:596 NetpDoDomainJoin 11/20/2014 14:22:53:612 NetpDoDomainJoin: using new computer names 11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0 11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewHostName returned 0x0 11/20/2014 14:22:53:612 NetpMachineValidToJoin: 'WIN-6PMPRQ5FVI5' 11/20/2014 14:22:53:612 OS Version: 6.3 11/20/2014 14:22:53:612 Build number: 9600 (9600.winblue_r3.140827-1500) 11/20/2014 14:22:53:659 SKU: Windows 8.1 Professionnel 11/20/2014 14:22:53:659 Architecture: 64-bit (AMD64) 11/20/2014 14:22:53:659 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 11/20/2014 14:22:53:659 NetpGetLsaPrimaryDomain: status: 0x0 11/20/2014 14:22:53:659 NetpMachineValidToJoin: status: 0x0 11/20/2014 14:22:53:659 NetpJoinDomain 11/20/2014 14:22:53:659 HostName: WIN-6PMPRQ5FVI5 11/20/2014 14:22:53:659 NetbiosName: WIN-6PMPRQ5FVI5 11/20/2014 14:22:53:659 Domain: ad.domain.com\PDC.ad.domain.com 11/20/2014 14:22:53:659 MachineAccountOU: (NULL) 11/20/2014 14:22:53:659 Account: (NULL) 11/20/2014 14:22:53:659 Options: 0x61 11/20/2014 14:22:53:659 NetpLoadParameters: loading registry parameters... 11/20/2014 14:22:53:659 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/20/2014 14:22:53:659 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/20/2014 14:22:53:659 NetpLoadParameters: status: 0x2 11/20/2014 14:22:53:659 NetpJoinDomainOnDs: Unsecure join requested. 11/20/2014 14:22:53:659 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled 11/20/2014 14:22:53:659 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 11/20/2014 14:22:53:799 [000004e4] NetpGetLsaPrimaryDomain: status: 0x0 11/20/2014 14:22:53:846 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0 11/20/2014 14:22:53:846 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com' 11/20/2014 14:22:53:846 NetpLoadParameters: loading registry parameters... 11/20/2014 14:22:53:846 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/20/2014 14:22:53:846 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/20/2014 14:22:53:846 NetpLoadParameters: status: 0x2 11/20/2014 14:22:53:846 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0 11/20/2014 14:22:53:846 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com 11/20/2014 14:22:53:862 NetpProvisionComputerAccount: 11/20/2014 14:22:53:862 lpDomain: ad.domain.com 11/20/2014 14:22:53:862 lpHostName: WIN-6PMPRQ5FVI5 11/20/2014 14:22:53:862 lpMachineAccountOU: (NULL) 11/20/2014 14:22:53:862 lpDcName: PDC.ad.domain.com 11/20/2014 14:22:53:862 lpMachinePassword: (null) 11/20/2014 14:22:53:862 lpAccount: ad.domain.com\WIN-6PMPRQ5FVI5$ 11/20/2014 14:22:53:862 lpPassword: (null) 11/20/2014 14:22:53:862 dwJoinOptions: 0x61 11/20/2014 14:22:53:862 dwOptions: 0xc0000007 11/20/2014 14:22:53:877 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0 11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: reading domain data 11/20/2014 14:22:53:877 NetpGetNCData: Reading NC data 11/20/2014 14:22:53:877 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com 11/20/2014 14:22:53:877 NetpGetDomainData: Failed to find the domain data: 0x6e 11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e 11/20/2014 14:22:53:893 ldap_unbind status: 0x0 11/20/2014 14:22:53:893 NetpJoinCreatePackagePart: status:0x6e. 11/20/2014 14:22:53:893 NetpAddProvisioningPackagePart: status:0x6e. 11/20/2014 14:22:53:893 NetpJoinDomainOnDs: Function exits with status of: 0x6e 11/20/2014 14:22:53:893 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0 11/20/2014 14:22:53:893 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0 11/20/2014 14:22:53:893 NetpDoDomainJoin: status: 0x6e 

正如你所看到的,上面的名字“WIN-6PMPRQ5FVI5”是自动生成的,我提供的名字是无处可见的…更糟糕的是这个工作罚款2012之前WDS,所以我不知道他们确切地改变了什么显示的界面之外。 感谢您的帮助!

编辑9:我再次尝试把%MACHINEDOMAIN%和%MACHINENAME%值。 这也没有工作,但我最终从NetSetup.log,而不是以下信息:

 11/20/2014 16:23:32:232 NetpDoDomainJoin 11/20/2014 16:23:32:232 NetpDoDomainJoin: using new computer names 11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0 11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewHostName returned 0x0 11/20/2014 16:23:32:232 NetpMachineValidToJoin: 'IMAGE-TEST' 11/20/2014 16:23:32:232 OS Version: 6.3 11/20/2014 16:23:32:232 Build number: 9600 (9600.winblue_r3.140827-1500) 11/20/2014 16:23:32:295 SKU: Windows 8.1 Professionnel 11/20/2014 16:23:32:295 Architecture: 64-bit (AMD64) 11/20/2014 16:23:32:295 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 11/20/2014 16:23:32:295 NetpGetLsaPrimaryDomain: status: 0x0 11/20/2014 16:23:32:295 NetpMachineValidToJoin: status: 0x0 11/20/2014 16:23:32:295 NetpJoinDomain 11/20/2014 16:23:32:295 HostName: IMAGE-TEST 11/20/2014 16:23:32:295 NetbiosName: IMAGE-TEST 11/20/2014 16:23:32:295 Domain: ad.domain.com\dc.ad.domain.com 11/20/2014 16:23:32:295 MachineAccountOU: (NULL) 11/20/2014 16:23:32:295 Account: (NULL) 11/20/2014 16:23:32:295 Options: 0x61 11/20/2014 16:23:32:295 NetpLoadParameters: loading registry parameters... 11/20/2014 16:23:32:295 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/20/2014 16:23:32:295 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/20/2014 16:23:32:295 NetpLoadParameters: status: 0x2 11/20/2014 16:23:32:295 NetpJoinDomainOnDs: Unsecure join requested. 11/20/2014 16:23:32:295 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled 11/20/2014 16:23:32:295 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 11/20/2014 16:23:32:482 [0000051c] NetpGetLsaPrimaryDomain: status: 0x0 11/20/2014 16:23:32:498 NetpJoinDomainOnDs: status of connecting to dc '\\dc.ad.domain.com': 0x0 11/20/2014 16:23:32:513 NetpJoinDomainOnDs: Passed DC 'dc.ad.domain.com' verified as DNS name '\\dc.ad.domain.com' 11/20/2014 16:23:32:513 NetpLoadParameters: loading registry parameters... 11/20/2014 16:23:32:513 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 11/20/2014 16:23:32:513 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 11/20/2014 16:23:32:513 NetpLoadParameters: status: 0x2 11/20/2014 16:23:32:513 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.ad.domain.com': 0x0 11/20/2014 16:23:32:513 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com 11/20/2014 16:23:32:529 NetpProvisionComputerAccount: 11/20/2014 16:23:32:529 lpDomain: ad.domain.com 11/20/2014 16:23:32:529 lpHostName: IMAGE-TEST 11/20/2014 16:23:32:529 lpMachineAccountOU: (NULL) 11/20/2014 16:23:32:529 lpDcName: dc.ad.domain.com 11/20/2014 16:23:32:529 lpMachinePassword: (null) 11/20/2014 16:23:32:529 lpAccount: ad.domain.com\IMAGE-TEST$ 11/20/2014 16:23:32:529 lpPassword: (null) 11/20/2014 16:23:32:529 dwJoinOptions: 0x61 11/20/2014 16:23:32:529 dwOptions: 0xc0000007 11/20/2014 16:23:32:545 NetpLdapBind: Verified minimum encryption strength on dc.ad.domain.com: 0x0 11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: reading domain data 11/20/2014 16:23:32:545 NetpGetNCData: Reading NC data 11/20/2014 16:23:32:545 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com 11/20/2014 16:23:32:545 NetpGetDomainData: Failed to find the domain data: 0x6e 11/20/2014 16:23:32:545 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e 11/20/2014 16:23:32:545 ldap_unbind status: 0x0 11/20/2014 16:23:32:545 NetpJoinCreatePackagePart: status:0x6e. 11/20/2014 16:23:32:545 NetpAddProvisioningPackagePart: status:0x6e. 11/20/2014 16:23:32:545 NetpJoinDomainOnDs: Function exits with status of: 0x6e 11/20/2014 16:23:32:545 NetpJoinDomainOnDs: status of disconnecting from '\\dc.ad.domain.com': 0x0 11/20/2014 16:23:32:545 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0 11/20/2014 16:23:32:545 NetpDoDomainJoin: status: 0x6e 

至less现在使用WDS中给出的名称,但现在突出的错误是:NetpGetDomainData:无法find域数据:0x6e,我不知道为什么。 我会尝试硬编码域,而不是把%MACHINEDOMAIN%,并将回发结果。

编辑10:目前与MS获得这个票。 一旦find解决scheme,将回来的解决scheme。 到目前为止,似乎是WS2012 WDS中的一个错误。 将发布更多信息一次可用。

这是WDS中的一个错误。 当您批准UEFI设备时,会给出错误的权限。 如果您查看计算机对象上的安全权限,则会看到它已针对“更改密码”和“重置密码”设置了拒绝域pipe理员的权限。 删除这两个否认,你很好去。

您需要为通过WDS批准的每台UEFI计算机执行此操作,但这比没有任何事情好。

我们最终联系了微软公司,并经过几周的无用testing,结果发现存在WDS名称中的错误,并且在通过BIOS和无人参与域join时使用UEFI进行PXE引导对于UEFI而言只是无法通过WDS启动名称和批准。

长话短说,继续使用BIOS,如果你想与WDS自动连接。 如果您被迫使用UEFI,唯一的另一种方法是在部署之后使用login脚本,但是假定将要login的帐户是pipe理员。 无论是手动join域后部署!

希望这可以帮助别人解决同样的问题。 我知道这引起了我一些头痛的问题。

干杯!

您仍然缺less凭证设置或供应设置。 请参阅AccountData以了解如何使用UnattendedJoin而无需通过Provisioninginput凭据。

好吧,看看你的编辑#7,你有两个错误:

冷杉,你缺less<JoinDomain>somedomain.com</JoinDomain>与您的域名填写。

其次,您需要删除<ComputerName>%MACHINENAME%</ComputerName>行。

这应该让你工作。

增加的信息,这也发生在与W7 Pro机器2008年标准R2。

对于所有可能关注的人,由于这个问题只适用于域pipe理组级别,所以我想通过一个帐户来授予通过在域根级进行委托控制的所有权限,这也是有效的,所以没有必要去每个UEFI计算机对象上更改安全设置:)。

如何:

  1. 我创build了一个用户WDSinstall,其唯一的组成员身份是域用户。
  2. 然后,我简单地通过委派控制向导(在这种情况下,右键单击您的根域节点并select委托控制)。
  3. 添加您新创build的帐户,然后单击下一步。
  4. select创build要委派的自定义任务,然后单击下一步。
  5. 保持“此文件夹,现有对象在此…..”选中,单击下一步。
  6. 确保在“显示这些权限”下的所有3个选项被勾选,意思是:特定子对象的常规,特定属性和创build/删除。
  7. 在权限框中,只需勾选完全控制,这也将select所有其他权限。 点击下一步。
  8. 点击完成。

现在您拥有一个实质上是Domain Admin帐户的帐户,因此您可以将其用于所有WDS和部署需求。

我希望这可以帮助一个人,这个原来的post帮助了我(很多)。

以下是我发现的不安全设置:您不需要计算机名或域名设置。 在安装时,当您授权服务器拉取图像文件时,需要使用域帐户连接到WDS,并具有在计算机帐户上进行密码重置的权限 – 此时计算机名称,域名和重置密码将被取消。 密码重置由winPE客户端机器完成,而不是由WDS服务器完成。

这里是我的笔记: Jims WDS笔记

希望有所帮助

吉姆