Domain Join Not Working Since Moving To v1.2.0 (Error: 87)
I am having trouble getting machines to join our domain since moving to version 1.2.0 whilst trying to get our Intel NUC’s working with FOG. The service is able to rename the computer but is unable to add it to the domain and the FOG log shows an unknown error 87. I have also seen the occasional report in the FOG Log of unknown error 2692 the first time it tries to join the domain.
We have made sure the encrypted password for the AD account matches what is in the fog web interface and have left the passkey as it’s default value to avoid re-compiling the DLL file in the testing stage.
I have tried using a modified hostnamechange.dll file supplied: [url]https://github.com/mastacontrola/fogproject/blob/dev-branch/FOGService/src/FOG_HostNameChanger/MOD_HostNameChanger.cs[/url]
Which then errored and then wouldn’t change the name of the PC so have reverted back to default. I can upload fine from the computer and deploy to the computer but cannot get the domain join working in this new version.
I have rebuilt the image to make sure that it is not already attached to a domain and used sysprep to make it join a temporary workgroup on build through an automated mini-setup answer file. The client is the standard client since removing the modified hostnamechange.dll which is now able to rename the machine but still seems unable to join the domain.
Any help with this and my other post regarding the NUC not looking like it’s compatible with FOG is appreciated.
Thank you for your time helping us out.
Think I may have solved this, I didn’t realize that FOG saved the AD settings “inside” each host instead of using the settings specified in the configuration area. Will see if I’ve fixed it now. - Will update this post with result in case anyone else hits the same barrier.
That was the solution…
For people suffering with difficulties make sure the actual host has got the correct credentials as it didn’t apply globally when I changed it in the configuration area. See image below for the secondary configuration I needed to do.
Thank you for your help with this issue, I hope this helps others as well.
I just got that solution as well whilst looking at other threads for similar issues :) Thanks for letting me know personally.
I’ve just changed it but it looks like it’s still sending the data with the KINGSFIELD/ part - is there a way to force the setting to change? I have rebooted the server but it seems the same.
[SIZE=4][FONT=Times New Roman][COLOR=#000000]#!ok=CLASSROOMTEST #AD=1 #ADDom=kingsfield.int #ADOU=OU=Unassigned,OU=Computers,OU=Kingsfield,DC=kingsfield,DC=int #ADUser=kingsfield.int\KINGSFIELD\AD_USER [/COLOR][/FONT][/SIZE][SIZE=4][FONT=Times New Roman][COLOR=#000000]#ADPass=USER_PASS[/COLOR][/FONT][/SIZE]
Here’s the problem.
You have specified the AD Username WITH the domain\username.
In FOG 1.0.0, I’m sending the domain name automatically, so you only need to put the username in the username field.
I just saw another post asking to see the data sent to the client, as it may help to provide that to you as well here it is with the confidential data removed.
#!ok=CLASSROOMTEST #AD=1 #ADDom=kingsfield.int #ADOU=OU=Unassigned,OU=Computers,OU=Kingsfield,DC=kingsfield,DC=int #ADUser=kingsfield.int\KINGSFIELD\AD_USER #ADPass=USER_AUTH_PASSWORD