Join Domain Fail

癥狀

1.用戶端無法Join Domain

2.透過Terminal Server無法遠程登入伺服器，錯誤:存取被拒

3.RMS Server無法開啟檔案

解決方法

確認設置HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcDefaultShareInfo

使用net share IPC$ 確認沒有人有權限存取

刪除HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcDefaultShareInfo重新開機後解決

請參考以下分析報告

用戶端加入Domina 時錯誤訊息如下

加入網域的操做不成功。可能因為名為 ”%” 的現有電腦帳戶先前是使用不同的認證所建立。請使用其他電腦帳戶，或是聯絡系統管理員，已移除舊用戶的衝突帳號。錯誤是: 存取被拒

2008 Server Join 失敗錯誤

08/18/2011 10:20:31:564 NetpSetComputerNamesOffline: Setting Hostname to COMPUTERNAME

08/18/2011 10:20:31:564 NetpSetComputerNamesOffline: Setting Domain name to DC.msft.com

08/18/2011 10:20:31:564 NetpSetComputerNamesOffline: Setting NetBios computer name to COMPUTERNAME

08/18/2011 10:20:31:564 NetpDoInitiateOfflineDomainJoin: status: 0x0

08/18/2011 10:20:31:564 NetRequestOfflineDomainJoin: Successfully initiated the offline domain join

08/18/2011 10:20:31:564 NetpJoinDomainOnDs: Setting netlogon cache.

08/18/2011 10:20:31:564 NetpSetNetlogonDomainCache: DsEnumerateDomainTrustsW failed 0x5

08/18/2011 10:20:31:564 NetpJoinDomainOnDs: status of setting netlogon cache: 0x5

08/18/2011 10:20:31:564 NetpJoinDomainOnDs: Function exits with status of: 0x5

08/18/2011 10:20:31:564 NetpJoinDomainOnDs: status of disconnecting from '\\DC.msft.com': 0x0

08/18/2011 10:20:31:564 NetpDoDomainJoin: status: 0x5

 

Windows XP Join失敗錯誤

08/18 09:43:19 NetpDoDomainJoin

08/18 09:43:19 NetpMachineValidToJoin: 'ComputerName'

08/18 09:43:19 NetpGetLsaPrimaryDomain: status: 0x0

08/18 09:43:19 NetpMachineValidToJoin: status: 0x0

08/18 09:43:19 NetpJoinDomain

08/18 09:43:19     Machine: Computer

08/18 09:43:19     Domain: DC.msft.com

08/18 09:43:19     MachineAccountOU: (NULL)

08/18 09:43:19     Account: msft.com\Administrator

08/18 09:43:19     Options: 0x27

08/18 09:43:19     OS Version: 5.1

08/18 09:43:19     Build number: 2600

08/18 09:43:19     ServicePack: Service Pack 3

08/18 09:43:19 NetpValidateName: checking to see if ' msft.com ' is valid as type 3 name

08/18 09:43:19 NetpCheckDomainNameIsValid [ Exists ] for ' msft.com ' returned 0x0

08/18 09:43:19 NetpValidateName: name ' msft.com ' is valid for type 3

08/18 09:43:19 NetpDsGetDcName: trying to find DC in domain ' msft.com ', flags: 0x1020

08/18 09:43:23 NetpDsGetDcName: failed to find a DC having account 'ComputerName$': 0x525

08/18 09:43:23 NetpDsGetDcName: found DC '\\DC.msft.com ' in the specified domain

08/18 09:43:23 NetpJoinDomain: status of connecting to dc '\\DC.msft.com ': 0x0

08/18 09:43:23 NetpGetLsaHandle: LsaOpenPolicy on \\DC.msft.com failed: 0xc0000022

08/18 09:43:23 NetpGetLsaPrimaryDomain: status: 0xc0000022

08/18 09:43:23 NetpJoinDomain: initiaing a rollback due to earlier errors

08/18 09:43:23 NetpJoinDomain: status of disconnecting from '\\DC. msft.com ': 0x0

08/18 09:43:23 NetpDoDomainJoin: status: 0x5

封包分析

469 11:44:20 2011/8/18 15.672178 System {TCP:37, IPv4:22} 10.10.14.114 fisc-dc1.fisc.com.tw SMB2 SMB2:C TREE CONNECT (0x3), Path=\\DC.msft.com \IPC$, Mid = 3

470 11:44:20 2011/8/18 15.673031 System {TCP:37, IPv4:22} DC.msft.com 10.10.14.114 SMB2 SMB2:R TREE CONNECT (0x3), TID=0x1, Mid = 3

551 11:44:20 2011/8/18 15.783159 System {SMB2:53, TCP:37, IPv4:22} 10.10.14.114 DC.msft.com SMB2 SMB2:C CREATE (0x5), Name=NETLOGON@#551, Mid = 4

552 11:44:20 2011/8/18 15.784966 System {TCP:37, IPv4:22} DC.msft.com 10.10.14.114 SMB2 SMB2:R , Mid = 4 - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED

563 11:44:20 2011/8/18 15.994402 System {TCP:37, IPv4:22} 10.10.14.114 DC.msft.com TCP TCP:Flags=...A...., SrcPort=49241, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=264687530, Ack=4278783574, Win=509 (scale factor 0x8) = 130304

603 11:44:20 2011/8/18 16.081317 System {SMB2:67, TCP:37, IPv4:22} 10.10.14.114 DC.msft.com SMB2 SMB2:C CREATE (0x5), Name=NETLOGON@#603, Mid = 5

604 11:44:20 2011/8/18 16.081986 System {TCP:37, IPv4:22} DC.msft.com 10.10.14.114 SMB2 SMB2:R , Mid = 5 - NT Status: System - Error, Code = (34) STATUS_ACCESS_DENIED