I have an Active Directory that is based on a primary domain controller as well as two additional domain controllers which are all Windows Server 2022 machines and are hardened according to the CIS benchmark.
I wanted to test joining several different Server versions ranging from Windows Server 2012R2 to Windows Server 2022. I tried all of this while the different Server versions were unhardened (i.e. with the default settings) as well as after hardening them according to the CIS benchmarks. On the Windows Server 2012R2 as well as the Windows Server 2022 machines, joining the domain is not a problem. However, I’m not able to join the Windows Server 2016 and Windows Server 2019 VMs to the domain in any case. I am always getting the message Access is denied
. The account used to join is the same on all machines. Some other things I have made sure before writing this question:
- DNS is setup properly and working
- NTP is configured correctly and all machines are in sync
- The machines that join the AD are able to contact the domain controllers on at least the following ports:
- 53/TCP
- 53/UDP
- 88/TCP
- 135/TCP
- 389/TCP
- 389/UDP
- 445/TCP
- 1024-65535/TCP
- Ensured that none of the listed points in this guide apply.
For all the VMs that are working and not working I ran the command systeminfo
and you’ll find the output below. Here the Windows Server 2016 and 2019 machines have not been hardened to rule out that this is the cause, yet the output in both cases is the same:
Further, these are the logs produced in the NetSetup.log
when trying to join as well as the EventLog entry that is generated:
Do you have any idea/hint what could be the cause of this and how I can resolve it?
Thanks very much in advance!