Error 2691 add to domain ok

lebrun78

@sebastian-roth
No, the native windows domain of the university, but the dns (runninx over linux) is local to the tic department.

lebrun78

@sebastian-roth
(Get-WmiObject Win32_ComputerSystem).Name
win10-3
(Get-WmiObject Win32_ComputerSystem).Domain
ur.local

How the client check the host is registred in the AD ?
What could I change to avert this DNS conflict ?

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

How the client check the host is registred in the AD ?

Check out the code: https://github.com/FOGProject/fog-client/blob/master/Modules/HostnameChanger/Windows/WindowsHostName.cs#L203

What could I change to avert this DNS conflict ?

I am not sure why this is happening in your environment.

lebrun78

@sebastian-roth
How could I create a small script in C to test this function ?
Have you a procedure ?
i used to use powershell

private bool IsJoinedToDomain(string idealDomain)
      {
          try
          {
              using (var domain = Domain.GetComputerDomain())
              {
                  var currentIP = Dns.GetHostAddresses(domain.Name);
                  var targetIP = Dns.GetHostAddresses(idealDomain);

                  return (currentIP.Intersect(targetIP).Any());
              }
          }
          catch (Exception)
          {
          }

          return false;
      }

Tom Elliott

@lebrun78 From what I can see in the error logs, it joined the domain successfully, but it never restarted the machine, for whatever reason.

Have you tried simply restarting the machine?

Error code 2691 = “Host is already joined to the domain” essentially.

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

How could I create a small script in C to test this function ?

Do you have MS Visual Studio? With that you should be able to come up with a simple C# console app.

But maybe try PowerShell first. Not sure if that yields the same results really:

PS > $o = [System.Net.Dns]::GetHostAddresses("domain.tld")
PS > $o

Address            : 2014353xx
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : 192.168.1.x

lebrun78

@sebastian-roth
Hello, thank you for your answer
Here is the result of this C# script:

// Main Method 
using System;
using System.Collections.Generic;
using System.DirectoryServices.ActiveDirectory;
using System.Linq;
using System.Net;
using System.Runtime.InteropServices;
//using Zazzles;
class test
{
    static public void Main(String[] args)
    {
        string idealDomain = "ur.local";
        Console.WriteLine("Main Method");
        var domain = Domain.GetComputerDomain();
        Console.WriteLine(domain);
        var currentIP = Dns.GetHostAddresses(domain.Name);
        Console.WriteLine(currentIP);
        var targetIP = Dns.GetHostAddresses(idealDomain);
        Console.WriteLine(targetIP);
        var result = currentIP.Intersect(targetIP).Any();
        Console.WriteLine(result);
    }
}

Exception levée : ‘System.Security.Authentication.AuthenticationException’ dans System.DirectoryServices.dll
Une exception non gérée du type ‘System.Security.Authentication.AuthenticationException’ s’est produite dans System.DirectoryServices.dll
User or password incorrect

Which user is used in the script ?

[admin07]: PS C:\Users\Administrateur\Documents>  $o = [System.Net.Dns]::GetHostAddresses("admin07")
[admin07]: PS C:\Users\Administrateur\Documents> $o


Address            :
AddressFamily      : InterNetworkV6
ScopeId            : 5
IsIPv6Multicast    : False
IsIPv6LinkLocal    : True
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : fe80::7164:xxxxxxxx:7d52%5

Address            : xxxx724
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : xxx.xx.6.250

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

Une exception non gérée du type ‘System.Security.Authentication.AuthenticationException’ s’est produite dans System.DirectoryServices.dll
User or password incorrect

Did you run the test program as administrator?

The output of the PowerShell stuff on your machine seems interesting. Possibly this is pointing us to it being an issue with IPv6?

lebrun78

@sebastian-roth
Yes I ran this script as administrator. But administrator is not member of the AD domain.
I tried disabling IPv6.

[admin07]: PS C:\Users\Administrateur\Documents>  $o = [System.Net.Dns]::GetHostAddresses("admin07")
[admin07]: PS C:\Users\Administrateur\Documents> $o


Address            :
AddressFamily      : InterNetworkV6
ScopeId            : 0
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : ::1

Address            : xxxx724
AddressFamily      : InterNetwork
ScopeId            :
IsIPv6Multicast    : False
IsIPv6LinkLocal    : False
IsIPv6SiteLocal    : False
IsIPv6Teredo       : False
IsIPv4MappedToIPv6 : False
IPAddressToString  : *.*.6.250

And with IPV6 disabled, I have error 2691

lebrun78

@sebastian-roth
I 've just run the script as a domain-admin.
domain as value ur.local (the ad domain name)
targetIP and targetIP contain the same address (the AD controler addresses )

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

targetIP and targetIP contain the same address (the AD controler addresses )

You mean currentIP and targetIP? What does it print for “result”?

Can you please try running the test tool as local SYSTEM account to see if it shows a different output than ran as AD admin. Download MS sysinternals tool PsExec and run psexec -s -i cmd.exe to get a command shell run as SYSTEM. Now start your script/tool here and compare the output to what you get running as AD admin.

lebrun78

@sebastian-roth
(currentIP.Intersect(targetIP).Any()) = true

Sebastian Roth

@lebrun78 Did you see this part of my post as well?

Can you please try running the test tool as local SYSTEM account to see if it shows a different output than ran as AD admin. Download MS sysinternals tool PsExec and run psexec -s -i cmd.exe to get a command shell run as SYSTEM. Now start your script/tool here and compare the output to what you get running as AD admin.

lebrun78

@sebastian-roth
Yes, I now unterdstand the problem, fog client is running with local\install account, not system.

We use install account for a long time to access samba share with snapin scripts. Have you example to access samba share with client running under system account ?

I have No error 2691 running fogservice with system account

Sebastian Roth

@lebrun78 said in Error 2691 add to domain ok:

Yes, I now unterdstand the problem, fog client is running with local\install account, not system.

Ahhhhhhh, there we go. One tiny bit of information that was still missing to solve this!

Have you example to access samba share with client running under system account ?

Just just a public readable share!?

lebrun78

@sebastian-roth
No actually, the share is only accessible to administrators.
I use a powershell script which mount with a samba share account the share and launch the installer.
but the script seems not working when run as system.
I’m investigating