Windows 10 Image constantly trying to join domain after join.

SKasai

Hi guys,

So we were on FOG version 1.4.3 and I have been putting up some Windows 10 boxes joining a SAMBA 4 PDC for Active Directory purposes.

It joins the domain and we can authenticate to it, but when I Iook into the logs, I see Errors where it is trying to re-join the domain.

I look into the fog.log and it shows the ollowing:

--------------------------------HostnameChanger-------------------------------

8/8/2019 9:53 AM Client-Info Client Version: 0.11.16
8/8/2019 9:53 AM Client-Info Client OS: Windows
8/8/2019 9:53 AM Client-Info Server Version: 1.5.7
8/8/2019 9:53 AM Middleware::Response Success
8/8/2019 9:53 AM HostnameChanger Checking Hostname
8/8/2019 9:53 AM HostnameChanger Hostname is correct
8/8/2019 9:53 AM HostnameChanger Attempting to join domain
8/8/2019 9:53 AM HostnameChanger The machine is already joined to the domain, code = 2691

(Note - I upgraded to 1.5.7 to see if this goes away, but as you can see from the log message, still having the same problem.)

When I look on System for the computer:

Computer name: <Hostname>
Full computer name: <Hostname>.<Domain>
Domain: <Domain>

In the past with Windows 7, it was usually:

Computer name: <hostname>
Full computer name: <hostname>
Domain: <domain>

So my guess is that given that the Full computer name is outputting with the <hostname>.<domain> instead of the normal <internet domain name> is what is causing fog to constantly try and join the domain, even though it is joined.

Is there something I should be looking at on Fog Side, or Windows side? Or even our Samba side, given we went from Samba 3 to Samba 4 and had to use an NT4 Domain trick to get LDAP to pass authentication to Samba 4 and to Windows 10.

Edited: I also checked with another guy in our area who is using FOG 1.5.5 and they are doing a similar setup and also having the same problem.

The only thing I can think of is that the FOG client doesn’t seem to recognize that it is joined to the domain, so it tries again, and keeps trying, despite the Domain being set. My guy and the other guy both think this is a Windows 10 problem, but I think the FOG client may need to be updated to recognize when Windows 10 is joined to a domain, given Windows 7 will be phasing out soon.

fry_p

@SKasai From the fog.log excerpt you posted, this appears to be regular behavior. I checked a log on one of my clients, it matches exactly. Correct me if I am wrong everyone, but I think the client checks to see if it is joined regardless of if it is already joined. This is only speaking to the fog.log message. It appears to me that the FOG client is successfully “talking” to AD as well judging by the “already joined” message.

May I ask what other behavior this is exhibiting? Is it trying to reboot to change the hostname endlessly? If not, and the only symptom is the log message, I myself would not worry too much about it as my clients also do the same. Others, please correct me if I am wrong!

SKasai

This post is deleted!

SKasai

@fry_p said in Windows 10 Image constantly trying to join domain after join.:

@SKasai From the fog.log excerpt you posted, this appears to be regular behavior. I checked a log on one of my clients, it matches exactly. Correct me if I am wrong everyone, but I think the client checks to see if it is joined regardless of if it is already joined. This is only speaking to the fog.log message. It appears to me that the FOG client is successfully “talking” to AD as well judging by the “already joined” message.

May I ask what other behavior this is exhibiting? Is it trying to reboot to change the hostname endlessly? If not, and the only symptom is the log message, I myself would not worry too much about it as my clients also do the same. Others, please correct me if I am wrong!

Well, the normal behavior for Windows 7 when the fog client joins a domain is that it stops trying to join the Domain after it was joined, as it is joined to the domain in question.

What it currently does is basically adds unnecessary event viewer errors, as it shows messages of trying to join a domain while it is already joined. Given the client does this almost every 4-6 minutes when not logged in, it sort of unnecessary, at least for my form of OCD of troubleshooting and wondering why there are errors like this.

While it is authenticating to the joined domain, it isn’t necessary to keep hammering the PDC with join requests.

Luckily, I don’t have it set to reboot on join attempts, so it isn’t an issue, but I do want to reduce the number of unnecessary error events being recorded.

Sebastian Roth

@SKasai said in Windows 10 Image constantly trying to join domain after join.:

Well, the normal behavior for Windows 7 when the fog client joins a domain is that it stops trying to join the Domain after it was joined, as it is joined to the domain in question.

Ok, so this seems to be an issue with Windows 10 I guess. I hope I get some time to look into this in the next weeks. It’s just very busy at the moment and I don’t get to work on all this at the same time.

@SKasai Would you possibly open an issue on github for us? It’s kind of easy to loose track of this kind of things in the forums. Not need to post all the details again, just link this forum topic…

SKasai

@Sebastian-Roth said in Windows 10 Image constantly trying to join domain after join.:

@SKasai said in Windows 10 Image constantly trying to join domain after join.:

Well, the normal behavior for Windows 7 when the fog client joins a domain is that it stops trying to join the Domain after it was joined, as it is joined to the domain in question.

Ok, so this seems to be an issue with Windows 10 I guess. I hope I get some time to look into this in the next weeks. It’s just very busy at the moment and I don’t get to work on all this at the same time.

@SKasai Would you possibly open an issue on github for us? It’s kind of easy to loose track of this kind of things in the forums. Not need to post all the details again, just link this forum topic…

Github issue submitted - Also should note that this is a Windows 10 Machine Joining a Samba 4 Domain (NT domain for Authentication)

We are doing it this way due to OpenLDAP requirements and this was the only way to get the Samba 4 Domain to work. I would have to get someone else to respond to this thread for particulars on the Samba 4 Domain setup.

I did speak with him and he feels it is also a Windows 10/FOG issue than a Samba 4 issue.

I also should clarify that the guys who are running a 1.5.5 (We are on the same campus) are doing a similar Samba 4/NT Domain authentication.

Sebastian Roth

@SKasai said in Windows 10 Image constantly trying to join domain after join.:

Also should note that this is a Windows 10 Machine Joining a Samba 4 Domain (NT domain for Authentication)

Well, that brings another variable into the equation. I do remember that Samba 4 and Windows 10 was a huge fight when Win 10. I will still try to replicate this and see if I can fix it in the next weeks.

SKasai

@Sebastian-Roth said in Windows 10 Image constantly trying to join domain after join.:

@SKasai said in Windows 10 Image constantly trying to join domain after join.:

Also should note that this is a Windows 10 Machine Joining a Samba 4 Domain (NT domain for Authentication)

Well, that brings another variable into the equation. I do remember that Samba 4 and Windows 10 was a huge fight when Win 10. I will still try to replicate this and see if I can fix it in the next weeks.

Sorry about that… But given I am in an Education (UC, in case), our groups were making use of most open source material (FOG Project included).

In the Samba 3 domain with Windows 7, we never had an issue. I just happen to notice it and with another department with regards to Samba 4 and Windows 10.

Sebastian Roth

@SKasai Just updated the github issue. Hope you see this here in the forums or on github…

Sebastian Roth

@fry_p You might want to follow this on github as well as it seems like the behaviour seems to have to do with DNS resolution. I can reproduce the problem only once after a client reboot but it’s not consistent. So if you have this on all your clients all the time you might want to look into this as well.

DBCountMan

i’ve noticed that when creating an image from the ground up, renaming the computer BEFORE capturing an image could cause problems. for some reason the netbios name of the original name that was created by the windows setup process will stick even though you renamed the pc. for example. i imaged a drive from our sccm server with a fresh windows 10 image, it had that minit-xxxx default name (cant remember exactly what it was but similar to that), so i changed the name to LAB-TEST then captured and deployed the image using acronis, renamed the pc to be unique to that workstation, then when the internet was connected, it pulled a major windows update (1607>1803). some of the workstations were automatically renamed back to the original image name that i set LAB-TEST. This caused trust relationship issues when trying to join to the domain. i found this entry in the registry HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\Active ComputerName and ComputerName. The string that reads ComputerName in each of those keys had LAB-TEST. So i disjoined from our domain, and changed both entries to read what the unique name i had set was and was able to join the domain. so the lesson here was to not touch the computer name until AFTER you install windows, capture the image, and then deploy the image. hope this helps.

Sebastian Roth

This topic is being discussed on github in detail: https://github.com/FOGProject/fog-client/issues/110

Windows 10 Image constantly trying to join domain after join.

--------------------------------HostnameChanger-------------------------------

206

11.6k

17.1k

154.6k