This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Hi there,
I'm facing some issues deploying Windows Server 2019 Datacenter.
Our VMs are deployed through automation tools (Ansible Tower) which execute all steps of the deployment (VM creation, copy of a template, etc.).
We already used this way to deploy Windows Server 2016 without any trouble, but with 2019, randomly, the step which consists to add the VM to our domain fails with these errors (I have modified sensitive information) :
06/01/2022 16:12:41:746 NetpGetComputerObjectDn: Cracking DNS domain name xxx.domain.fr/ into Netbios on \\server.domain.fr
06/01/2022 16:12:41:761 NetpGetComputerObjectDn: Crack results: name = DOMAIN\
06/01/2022 16:12:41:761 NetpGetComputerObjectDn: Cracking account name DOMAIN\WQNB0524$ on \\server.domain.fr
06/01/2022 16:12:41:761 NetpGetComputerObjectDn: Crack results: Account does not exist
06/01/2022 16:12:41:761 NetpGetComputerObjectDn: Got DN CN=WQNB0524,OU=OUM-A-SRD-T,OU=OUM-A-SRD,OU=OUM-A,OU=OUM,DC=domain,DC=fr from the passed OU
06/01/2022 16:12:06:393 NetpModifyComputerObjectInDs: Initial attribute values:
06/01/2022 16:12:06:393 objectClass = Computer
06/01/2022 16:12:06:393 SamAccountName = WQNB0524$
06/01/2022 16:12:06:393 userAccountControl = 0x1000
06/01/2022 16:12:06:393 DnsHostName = wqnb0524.
06/01/2022 16:12:06:393 ServicePrincipalName = HOST/wqnb0524. RestrictedKrbHost/wqnb0524. HOST/WQNB0524 RestrictedKrbHost/WQNB0524
06/01/2022 16:12:06:393 unicodePwd = <SomePassword>
06/01/2022 16:12:06:408 NetpModifyComputerObjectInDs: Computer Object does not exist in OU
06/01/2022 16:12:06:408 NetpModifyComputerObjectInDs: Attribute values to set:
06/01/2022 16:12:06:408 objectClass = Computer
06/01/2022 16:12:06:408 SamAccountName = WQNB0524$
06/01/2022 16:12:06:408 userAccountControl = 0x1000
06/01/2022 16:12:06:408 DnsHostName = wqnb0524.
06/01/2022 16:12:06:408 ServicePrincipalName = HOST/wqnb0524. RestrictedKrbHost/wqnb0524. HOST/WQNB0524 RestrictedKrbHost/WQNB0524
06/01/2022 16:12:06:408 unicodePwd = <SomePassword>
06/01/2022 16:12:06:408 NetpMapGetLdapExtendedError: Parsed [0x200b] from server extended error string: 0000200B: AtrErr: DSID-033E0EF5, #1:
0: 0000200B: DSID-033E0EF5, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9026b (dNSHostName)
06/01/2022 16:12:06:408 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x13 0x57
06/01/2022 16:12:06:408 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x57
06/01/2022 16:12:06:408 NetpProvisionComputerAccount: LDAP creation failed: 0x57
06/01/2022 16:12:06:408 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
06/01/2022 16:12:06:408 ldap_unbind status: 0x0
06/01/2022 16:12:06:408 NetpJoinCreatePackagePart: status:0x57.
06/01/2022 16:12:06:408 NetpJoinDomainOnDs: Function exits with status of: 0x57
06/01/2022 16:12:06:408 NetpJoinDomainOnDs: status of disconnecting from '\\xxx.domain.fr': 0x0
06/01/2022 16:12:06:424 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'xxx.domain.fr' returned 0x0
06/01/2022 16:12:06:424 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'xxx.domain.fr': 0x0
06/01/2022 16:12:06:424 NetpDoDomainJoin: status: 0x57
As I said, this issue occurs very randomly but very often (around 8 on 10 times), and sometimes if I run the job again on the same host, everything works fine.
We already checked every step before this one on automation workflow and everything is correct.
Any idea about what could be the origin of this issue ?
Regards.
Aurélien
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello FROTTIERAurelien-9329,
I would like to know how things are going on your end? If you have any further question or concern about this case, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hello FROTTIERAurelien-9329,
I have not heard back from you in a few days and wanted to check on the status of your problem. Please let me know the results of your troubleshooting. Your time is greatly appreciated.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Please run;
Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt
ipconfig /all > C:\problemworkstation.txt
then put unzipped text files up on OneDrive and share a link.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi DSPatrick,
sorry for my late answer, we are still doing some investigations here.
Unfortunately, DCs are managed by another team on our side so results for commands you requested may take some time.
I come back to you as soon as possible, thank you !
Regards,
Aurélien
Ok, sounds good then.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi DSPatrick,
my bad, I was in vacation last week so I didn't post any update.
We are still investigating on our side, I will take you informed as soon as we understand what is going on.
Thank you.
Hello FROTTIERAurelien-9329,
Thank you for posting here.
Here is a similar case for your reference.
SCCM task sequence domain join error
https://social.technet.microsoft.com/Forums/en-US/3bdba79f-7d7c-4497-afae-9d53acf5075e/sccm-task-sequence-domain-join-error?forum=configmanagerosd
Hope it helps.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Sorry for jumping in on this one late.
The error shown in the logs is a CONSTRAINT_ATT_TYPE error for the dnshostname attribute when trying to creating the computer object in AD, usually this means that value specified doesn't meet the required syntax or format. This is dnshostname reference page which includes the format requirements: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/5c578b15-d619-408d-ba17-380714b89fd1
I'm not sure if you have changed the fqdn details or not, but the hostname is missing the fullDomainDnsName portion of the dns name. It would be worth checking if a server that did work has FQDN listed in that log, if so I would look at your dhcp configuration and see if option 15 has been specified and received by the server or is set by the automation.
Gary.
Just checking if there is any update on this one?
Hello,
We finally figured it out.
There was a KB (I don't know his exact name, sorry) installed on one of our DCs which posed a problem with the delegation account used to join machines to the domain.
We bypassed temporarily this issue increasing the accounts rights, but our team is going to look for a better solution.
Thanks for your help.
Regards,
Aurélien