那些遇到过的问题

无法在 Windows 8.1 上使用 WDS 和应答文件执行无人参与域加入

Mat*_*Mat 6 windows unattended deployment wds

我已经查看了与此相关的其他问题,但没有一个能够帮助我。我已经在这个该死的无人值守过程上花了几天时间,奇迹般地,昨天我能够让它工作一次,但是,唉,我犯了一个小错误,在再次编辑之前没有备份文件,现在我是尽管工作了几个小时,但无法让它再次工作。

这是我得到的一些调试输出:

[DJOIN.EXE] Unattended Join: Begin
[DJOIN.EXE] Unattended Join: Loading input parameters...
[DJOIN.EXE] Unattended Join: AccountData = [NULL]
[DJOIN.EXE] Unattended Join: UnsecureJoin = [True]
[DJOIN.EXE] Unattended Join: MachinePassword = [secret not logged]
[DJOIN.EXE] Unattended Join: JoinDomain = [ad.domain.com]
[DJOIN.EXE] Unattended Join: JoinWorkgroup = [NULL]
[DJOIN.EXE] Unattended Join: Domain = [NULL]
[DJOIN.EXE] Unattended Join: Username = [NULL]
[DJOIN.EXE] Unattended Join: Password = [secret not logged]
[DJOIN.EXE] Unattended Join: MachineObjectOU = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoin = [NULL]
[DJOIN.EXE] Unattended Join: DebugJoinOnlyOnThisError = [NULL]
[DJOIN.EXE] Unattended Join: TimeoutPeriodInMinutes = [NULL]
[DJOIN.EXE] Unattended Join: Checking that auto start services have started.
[DJOIN.EXE] Unattended Join: Calling DsGetDcName for ad.domain.com...
[DJOIN.EXE] Unattended Join: Constructed domain parameter [ad.domain.com\PDC.ad.domain.com]
[DJOIN.EXE] Unattended Join: NetJoinDomain attempt failed: 0x52e, will retry in 10 seconds...
Run Code Online (Sandbox Code Playgroud)

最后一行在退出之前的过程中重复了几次。

[DJOIN.EXE] Unattended Join: NetJoinDomain failed error code is [1326]
[DJOIN.EXE] Unattended Join: Unable to join; gdwError = 0x52e
Run Code Online (Sandbox Code Playgroud)

和...

NetUseAdd to \\PDC.ad.domain.com\IPC$ returned 1326
Trying add to \\PDC.ad.domain.com\IPC$ using NULL Session
NetpProvisionComputerAccount:
lpDomain: ad.domain.com
lpHostName: ComputerName
lpMachineAccountOU: (NULL)
lpDcName: PDC.ad.domain.com
lpMachinePassword: (non-null)
lpAccount: ad.domain.com\ComputerName$
lpPassword: (non-null)
dwJoinOptions: 0xe1
dwOptions: 0xc0000003
NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides
Run Code Online (Sandbox Code Playgroud)

最后一行翻译为“身份信息无效”或“凭据无效”。

NetpJoinCreatePackagePart: status:0x52e
NetpAddProvisioningPackagePart: status:0x52e
NetpJoinDomainOnDs: Function exits with status of: 0x52e
NetpDoDomainJoin: status: 0x52e
Run Code Online (Sandbox Code Playgroud)

我收到错误 1326 是无效凭据,但是,我正在使用带有 %machinepassword% 变量的不安全连接方法,所以我不确定为什么...

这是有问题的无人值守文件: 当我达到 30k 个字符限制时被编辑,无论如何它现在无关紧要

任何帮助将不胜感激。我已经尝试了几十个分步指南和技术网注释,它们都相互矛盾,或者建议使用 MDT,或者只是不清楚。如果无人值守部署的任何专家读到了这篇文章,如果您能指出可能是一个非常愚蠢的错误,我将永远感激不尽。

谢谢!

编辑:我没有提到它,因为我没有判断重要的信息,但 WDS 服务器和 DC 都在运行 2012 R2。

编辑2:如下面的评论中提到的,这里是将UnsecureJoin改为False并在UnattendJoin组件下添加Credentials信息后的相关NetSetup.log信息:

11/11/2014 14:22:54:558 -----------------------------------------------------------------
11/11/2014 14:22:54:558 NetpDoDomainJoin
11/11/2014 14:22:54:558 NetpDoDomainJoin: using new computer names
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/11/2014 14:22:54:558 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/11/2014 14:22:54:558 NetpMachineValidToJoin: 'IMAGE-TEST'
11/11/2014 14:22:54:558     OS Version: 6.3
11/11/2014 14:22:54:558     Build number: 9600 (9600.winblue_r3.140827-1500)
11/11/2014 14:22:54:589     SKU: Windows 8.1 Professionnel
11/11/2014 14:22:54:589     Architecture: 64-bit (AMD64)
11/11/2014 14:22:54:589 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/11/2014 14:22:54:589 NetpGetLsaPrimaryDomain: status: 0x0
11/11/2014 14:22:54:589 NetpMachineValidToJoin: status: 0x0
11/11/2014 14:22:54:589 NetpJoinDomain
11/11/2014 14:22:54:589     HostName: IMAGE-TEST
11/11/2014 14:22:54:589     NetbiosName: IMAGE-TEST
11/11/2014 14:22:54:589     Domain: ad.domain.com\PDC.ad.domain.com
11/11/2014 14:22:54:589     MachineAccountOU: (NULL)
11/11/2014 14:22:54:589     Account: domain\wdsclient
11/11/2014 14:22:54:589     Options: 0x23
11/11/2014 14:22:54:589 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:589 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:589 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:589 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/11/2014 14:22:54:589 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/11/2014 14:22:54:886 NetpLoadParameters: loading registry parameters...
11/11/2014 14:22:54:886 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1'     0x2
11/11/2014 14:22:54:886 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/11/2014 14:22:54:886 NetpLoadParameters: status: 0x2
11/11/2014 14:22:54:886 NetpDsGetDcName: status of verifying DNS A record name resolution for     'PDC.ad.domain.com': 0x0
11/11/2014 14:22:54:886 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/11/2014 14:22:54:902 NetpProvisionComputerAccount:
11/11/2014 14:22:54:902     lpDomain: ad.domain.com
11/11/2014 14:22:54:902     lpHostName: IMAGE-TEST
11/11/2014 14:22:54:902     lpMachineAccountOU: (NULL)
11/11/2014 14:22:54:902     lpDcName: PDC.ad.domain.com
11/11/2014 14:22:54:902     lpMachinePassword: (null)
11/11/2014 14:22:54:902     lpAccount: domain\wdsclient
11/11/2014 14:22:54:902     lpPassword: (non-null)
11/11/2014 14:22:54:902     dwJoinOptions: 0x23
11/11/2014 14:22:54:902     dwOptions: 0x40000003
11/11/2014 14:22:54:917 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com:     0x0
11/11/2014 14:22:54:917 NetpLdapGetLsaPrimaryDomain: reading domain data
11/11/2014 14:22:54:917 NetpGetNCData: Reading NC data
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:917 NetpGetDomainData: Lookup crossref data for:     CN=Partitions,CN=Configuration,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:949 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x0
11/11/2014 14:22:54:949 NetpCheckForDomainSIDCollision: returning 0x0(0).
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking DNS domain name ad.domain.com/ into     Netbios on \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results:     name = domain\
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Cracking account name domain\IMAGE-TEST$ on     \\PDC.ad.domain.com
11/11/2014 14:22:54:964 NetpGetComputerObjectDn: Crack results:     (Account already exists) DN =     CN=IMAGE-TEST,CN=Computers,DC=ad,DC=domain,DC=com
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Initial attribute values:
11/11/2014 14:22:54:964         objectClass  =  Computer
11/11/2014 14:22:54:964         SamAccountName  =  IMAGE-TEST$
11/11/2014 14:22:54:964         userAccountControl  =  0x1000
11/11/2014 14:22:54:964         DnsHostName  =  IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964         ServicePrincipalName  =  HOST/IMAGE-TEST.ad.domain.com      RestrictedKrbHost/IMAGE-TEST.ad.domain.com  HOST/IMAGE-TEST  RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964         unicodePwd  =  <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Computer Object already exists in OU:
11/11/2014 14:22:54:964         objectClass  =  top  person  organizationalPerson  user  computer
11/11/2014 14:22:54:964         SamAccountName  =  IMAGE-TEST$
11/11/2014 14:22:54:964         userAccountControl  =  0x1000
11/11/2014 14:22:54:964         DnsHostName  =
11/11/2014 14:22:54:964         ServicePrincipalName  =
11/11/2014 14:22:54:964         unicodePwd  =  Account exists, resetting password: <SomePassword>
11/11/2014 14:22:54:964 NetpModifyComputerObjectInDs: Attribute values to set:
11/11/2014 14:22:54:964         DnsHostName  =  IMAGE-TEST.ad.domain.com
11/11/2014 14:22:54:964         ServicePrincipalName  =  HOST/IMAGE-TEST.ad.domain.com      RestrictedKrbHost/IMAGE-TEST.ad.domain.com  HOST/IMAGE-TEST  RestrictedKrbHost/IMAGE-TEST
11/11/2014 14:22:54:964         unicodePwd  =  <SomePassword>
11/11/2014 14:22:54:980 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error     string: 00000005: SecErr: DSID-031A1256, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
11/11/2014 14:22:54:980 NetpModifyComputerObjectInDs: ldap_modify_s failed: 0x32 0x5
11/11/2014 14:22:54:980 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: LDAP creation failed: 0x5
11/11/2014 14:22:54:980 NetpProvisionComputerAccount: Retrying downlevel per options
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: NetUserAdd on 'PDC.ad.domain.com' for     'IMAGE-TEST$' failed: 0x8b0
11/11/2014 14:22:54:995 SamOpenUser on 1639 failed with 0xc0000022
11/11/2014 14:22:54:995 NetpManageMachineAccountWithSid: status of attempting to set password on     'PDC.ad.domain.com' for 'IMAGE-TEST$': 0x5
11/11/2014 14:22:54:995 NetpProvisionComputerAccount: retry status of creating account: 0x5
11/11/2014 14:22:54:995 ldap_unbind status: 0x0
11/11/2014 14:22:54:995 NetpJoinCreatePackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpAddProvisioningPackagePart: status:0x5.
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: Function exits with status of: 0x5
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com':     0x0
11/11/2014 14:22:54:995 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/11/2014 14:22:54:995 NetpDoDomainJoin: status: 0x5
11/11/2014 14:23:05:027 -----------------------------------------------------------------
Run Code Online (Sandbox Code Playgroud)

我确实注意到了“INSUFF_ACCESS_RIGHTS”标签,但使用的帐户是域管理员帐户,所以我不确定这里还有什么原因。想法?

编辑 3:此外,我正在测试的客户端计算机是 Hyper-V VM,它在映像之前有一个检查点。我恢复机器,从 AD 中删除对象,清除已批准设备的 WDS 服务器,然后在无人值守安装不起作用时重新启动整个过程。同样,我认为这无关紧要,但这是我可以提供的所有信息。

编辑 4:我想我开始明白发生了什么。无人值守操作后,我尝试使用我在无人值守文件中指定的相同帐户信息将工作站添加到域,但收到以下错误消息:

"The join operation was not successful. This could be because an existing computer
account having name “IMAGE” was previously created using a different set of
credentials. Use a different computer name, or contact your administrator to remove
any stale conflicting account. The error was:

Access is denied."
Run Code Online (Sandbox Code Playgroud)

我尝试使用另一个域管理员帐户,但出现相同的错误。我的猜测是,不知何故,某些东西在 AD 中没有被正确删除,并且由于该站之前已经加入域而导致混乱。我将通过重新创建一个全新的 VM 再试一次,并将回发结果。

编辑 5:使用空白硬盘驱动器创建全新的 VM 给了我相同的结果并使用凭据设置记录错误。我还尝试为 WDS 服务器添加复选标记,上面写着“安装后不要将客户端加入域”。认为那里可能与答案文件存在冲突但无济于事......我已经尝试再次将 UnsecureJoin 设置为 True 并使用全新的 VM 删除凭据设置,只是为了查看但我得到了以前的再次出错...帮助?

编辑 6:我怀疑的另一件事是计算机是 UEFI 而不是 BIOS。

编辑 7:使用以下应答文件,每次取消选中 WDS 中的“请求管理员批准”复选框时,我都能够成功加入域。一旦检查,它就会失败并以错误方式向我致意:

"NetpLdapBind: ldap_bind failed on PDC.ad.domain.com: 49: Informations d'identification non valides".
Run Code Online (Sandbox Code Playgroud)

最后一部分翻译为“身份信息无效”。

答案文件的重要部分,如果您需要其他任何内容,请告诉我:

<settings pass="specialize">
    <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
            <UnsecureJoin>true</UnsecureJoin>
        </Identification>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <ComputerName>%MACHINENAME%</ComputerName>
        <RegisteredOrganization>Organization</RegisteredOrganization>
        <RegisteredOwner>Utilisateur</RegisteredOwner>
    </component>
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>0c0c:00001009</InputLocale>
        <SystemLocale>0c0c:00001009</SystemLocale>
        <UILanguage>fr-CA</UILanguage>
        <UserLocale>en-US</UserLocale>
    </component>
</settings>
Run Code Online (Sandbox Code Playgroud)

编辑 8

专业部分现在看起来像:

<settings pass="specialize">
    <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <Identification>
            <UnsecureJoin>true</UnsecureJoin>
            <JoinDomain>%MACHINEDOMAIN%</JoinDomain>
        </Identification>
    </component>
    <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <RegisteredOrganization>Organization</RegisteredOrganization>
        <RegisteredOwner>Utilisateur</RegisteredOwner>
    </component>
    <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <InputLocale>1009:00001009</InputLocale>
        <SystemLocale>en-US</SystemLocale>
        <UILanguage>fr-FR</UILanguage>
        <UserLocale>en-US</UserLocale>
    </component>
</settings>
Run Code Online (Sandbox Code Playgroud)

NetSetup 日志反复给我这个:

11/20/2014 14:22:53:596 NetpDoDomainJoin
11/20/2014 14:22:53:612 NetpDoDomainJoin: using new computer names
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 14:22:53:612 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 14:22:53:612 NetpMachineValidToJoin: 'WIN-6PMPRQ5FVI5'
11/20/2014 14:22:53:612     OS Version: 6.3
11/20/2014 14:22:53:612     Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 14:22:53:659     SKU: Windows 8.1 Professionnel
11/20/2014 14:22:53:659     Architecture: 64-bit (AMD64)
11/20/2014 14:22:53:659 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 14:22:53:659 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:659 NetpMachineValidToJoin: status: 0x0
11/20/2014 14:22:53:659 NetpJoinDomain
11/20/2014 14:22:53:659     HostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659     NetbiosName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:659     Domain: ad.domain.com\PDC.ad.domain.com
11/20/2014 14:22:53:659     MachineAccountOU: (NULL)
11/20/2014 14:22:53:659     Account: (NULL)
11/20/2014 14:22:53:659     Options: 0x61
11/20/2014 14:22:53:659 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:659 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:659 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: Unsecure join requested.
11/20/2014 14:22:53:659 NetpDisableIDNEncoding: no domain dns available - IDN encoding will NOT be disabled
11/20/2014 14:22:53:659 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
11/20/2014 14:22:53:799 [000004e4] NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: status of connecting to dc '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpJoinDomainOnDs: Passed DC 'PDC.ad.domain.com' verified as DNS name '\\PDC.ad.domain.com'
11/20/2014 14:22:53:846 NetpLoadParameters: loading registry parameters...
11/20/2014 14:22:53:846 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
11/20/2014 14:22:53:846 NetpLoadParameters: status: 0x2
11/20/2014 14:22:53:846 NetpDsGetDcName: status of verifying DNS A record name resolution for 'PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:846 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.domain.com
11/20/2014 14:22:53:862 NetpProvisionComputerAccount:
11/20/2014 14:22:53:862     lpDomain: ad.domain.com
11/20/2014 14:22:53:862     lpHostName: WIN-6PMPRQ5FVI5
11/20/2014 14:22:53:862     lpMachineAccountOU: (NULL)
11/20/2014 14:22:53:862     lpDcName: PDC.ad.domain.com
11/20/2014 14:22:53:862     lpMachinePassword: (null)
11/20/2014 14:22:53:862     lpAccount: ad.domain.com\WIN-6PMPRQ5FVI5$
11/20/2014 14:22:53:862     lpPassword: (null)
11/20/2014 14:22:53:862     dwJoinOptions: 0x61
11/20/2014 14:22:53:862     dwOptions: 0xc0000007
11/20/2014 14:22:53:877 NetpLdapBind: Verified minimum encryption strength on PDC.ad.domain.com: 0x0
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: reading domain data
11/20/2014 14:22:53:877 NetpGetNCData: Reading NC data
11/20/2014 14:22:53:877 NetpGetDomainData: Lookup domain data for: DC=ad,DC=domain,DC=com
11/20/2014 14:22:53:877 NetpGetDomainData: Failed to find the domain data: 0x6e
11/20/2014 14:22:53:877 NetpLdapGetLsaPrimaryDomain: result of retrieving domain data: 0x6e
11/20/2014 14:22:53:893 ldap_unbind status: 0x0
11/20/2014 14:22:53:893 NetpJoinCreatePackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpAddProvisioningPackagePart: status:0x6e.
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: Function exits with status of: 0x6e
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: status of disconnecting from '\\PDC.ad.domain.com': 0x0
11/20/2014 14:22:53:893 NetpJoinDomainOnDs: NetpResetIDNEncoding on '(null)': 0x0
11/20/2014 14:22:53:893 NetpDoDomainJoin: status: 0x6e
Run Code Online (Sandbox Code Playgroud)

如您所见,“WIN-6PMPRQ5FVI5”上方的名称是自动生成的,而我提供的名称无处可见……更糟糕的是,这在 2012 WDS 之前运行良好,所以我不确定它们究竟更改了什么在显示的界面之外。谢谢你的帮助!

编辑 9:我再次尝试同时输入 %MACHINEDOMAIN% 和 %MACHINENAME% 值。这也不起作用,但我最终得到了来自 NetSetup.log 的以下信息:

11/20/2014 16:23:32:232 NetpDoDomainJoin
11/20/2014 16:23:32:232 NetpDoDomainJoin: using new computer names
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0
11/20/2014 16:23:32:232 NetpDoDomainJoin: NetpGetNewHostName returned 0x0
11/20/2014 16:23:32:232 NetpMachineValidToJoin: 'IMAGE-TEST'
11/20/2014 16:23:32:232     OS Version: 6.3
11/20/2014 16:23:32:232     Build number: 9600 (9600.winblue_r3.140827-1500)
11/20/2014 16:23:32:295     SKU: Windows 8.1 Professionnel
11/20/2014 16:23:32:295     Architecture: 64-bit (AMD64)
11/20/2014 16:23:32:295 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
11/20/2014 16:23:32:295 NetpGetLsaPrimaryDomain: status: 0x0
11/20/2014 16:23:32:295 NetpMachineValidToJoin: status: 0x0
11/20/2014 16:23:32:295 NetpJoinDomain
11/20/2014 16:23:32:295     HostName: IMAGE-TEST
11/20/2014 16:23:32:295     NetbiosName: IMAGE-TEST
11/20/2014 16:23:32:295     Domain: ad.domain.com\dc.ad.domain.com
11/20/2014 16:23:32:295     MachineAccountOU: (NULL)
11/20/2014 16:23:32:295     Account: (NULL)
11/20/2014 16:23:32:295     Options: 0x61
11/20/2014 16:23:32:295 NetpLoadParameters: loading registry parameters...
11/20/2014 16:23:32:295 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
11/20/2014 16:23:32:295 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0'

小智 6

这是 WDS 中的一个错误。当您批准 UEFI 设备时,它会提供错误的权限。如果您查看计算机对象的安全权限,您将看到它针对“更改密码”和“重置密码”为域管理员设置了拒绝。删除这两个的拒绝,你就可以开始了。

您需要为通过 WDS 批准的每台 UEFI 计算机执行此操作,但总比没有好。

  • 我不敢相信这仍然没有解决。它只花了我 30 个小时。 (2认同)

小智 2

补充信息,2008 Std R2 和 W7 Pro 机器也会出现这种情况。

对于所有可能关心的人,由于此问题仅适用于域管理员组级别,因此我想尝试使用一个帐户通过域根级别的委派控制授予所有权限,这也有效,因此无需去更改每个 UEFI 计算机对象上的安全设置:)。

如何:

  1. 我创建了一个用户 WDSinstall,其唯一的组成员身份是域用户。
  2. 然后,我只需运行“委派控制”向导(在本例中,右键单击您的根域节点并选择“委派控制”)。
  3. 添加您新创建的帐户,然后单击下一步。
  4. 选择创建要委派的自定义任务,然后单击下一步。
  5. 保持选中“此文件夹,现有对象在此......”,单击“下一步”。
  6. 确保“显示这些权限”下的所有 3 个选项均已勾选,这意味着:常规、特定属性和特定子对象的创建/删除。
  7. 在“权限”框中,只需勾选“完全控制”,这也会选择所有其他权限。点击下一步。
  8. 单击“完成”。

现在您拥有一个本质上是域管理员帐户的帐户,因此您可以使用它来满足您的所有 WDS 和部署需求。

我希望这对某人有帮助,就像这篇原始文章对我的帮助一样(很多)。

归档时间:

查看次数:

19677 次

最近记录:

6 年,11 月 前
相关归档
如何从命令提示符标题中删除“管理员:” 10
对于没有 MMC 的具有 GPO 的远程桌面用户,禁用服务器管理器启动 9
如何在整个 OU 中保持本地管理员密码一致? 8
您可以使用 Windows 命令行 FTP 客户端连接到 TLS FTP 站点吗? 5
如何将更改部署到暂存数据库,同时仍使其与生产主数据库保持同步? 5
Web 服务器场的 IIS 配置同步? 4
“bang account”一词的起源和/或标准是什么? 3
查找用户 - 不知道 IIS 的内部结构 2
Active Directory 重命名已断开连接的计算机 2
在我的 Win 8.1 LAN 中省略 PC 密码是否构成来自外部世界的安全风险? 1
难疑归档
如何以更少或更多的方式从文件末尾向后读取? 189
如何在 Linux 上设置无密码的 `sudo`? 186
磁盘满了,du 就不同了。如何进一步调查? 149
如何安全地使用每个主机的密码实现 ansible? 118
同一 IP 地址和同一端口上的多个 SSL 域? 110
Nginx:如何将 HTTP 请求转发到另一个端口? 104
如何完全记录所有 bash 脚本操作? 77
未知/不支持的存储引擎:InnoDB | MySQL Ubuntu 54
试图在 Route53 中创建 2 个记录集类型=TXT 53
通过 SSH 登录时运行 ssh-agent 和 ssh-add 的直接方法? 53