Adding Machine to Domain using Active Directory



  • Server
    • FOG Version: 1.4.0-RC-1
    • OS: Ubuntu 16.04.2 LTS
    Client
    • Service Version: Windows Server 2012 R2
    • OS: Windows 10
    Description

    Hey all,

    So I’ve attempted to deploy an image onto the domain however I’m getting this message when I attempt to log into the machine with an account on the domain “The security database on the server does not have a computer account for this workstation trust relationship.”

    I believe the issue is on the DC rather then anything to do with FOG as the FOG section appears to work fine, I can put in an incorrect password and the above message goes away and it replaced with an incorrect username/password. I’m assuming there’s something I need to change on my DC but I can’t find what that would be, hoping someone else on here has come across a similar issue or has an idea of what I could possibly do to fix it?

    Extra info:

    On the server event log I do get a 5723 Event ID error with the following message -


    The session setup from computer ‘L003’ failed because the security database does not contain a trust account ‘L003$’ referenced by the specified computer.

    USER ACTION
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn’t require any action at this time. If this is a Read-Only Domain Controller and ‘L003$’ is a legitimate machine account for the computer ‘L003’ then ‘L003’ should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:

    If ‘L003$’ is a legitimate machine account for the computer ‘L003’, then ‘L003’ should be rejoined to the domain.

    If ‘L003$’ is a legitimate interdomain trust account, then the trust should be recreated.

    Otherwise, assuming that ‘L003$’ is not a legitimate account, the following action should be taken on ‘L003’:

    If ‘L003’ is a Domain Controller, then the trust associated with ‘L003$’ should be deleted.

    If ‘L003’ is not a Domain Controller, it should be disjoined from the domain.


    Inside the DC it’s not creating the machine when it attempts to add the computer. I have tried to manually create the machine then deploy it again but I still get the same issue.

    I’ve also tried adding the laptop to the domain, capturing it, giving the computer a new name both using the AD section and not and deploying the image but I get the same issue as above every time. If I put the name back to what it was when I had it on the domain for the capture and redeploy with that it works.

    So obviously the issue is that for whatever reason it’s not creating the machine in the DC however I’m not sure what I should be looking at for that. Everything online with the above event ID error just says to remove the machine from the domain and re-add it however that defeats the whole purpose of it.

    Any thoughts/ideas would be great.



  • @Joe-Schmitt said in Adding Machine to Domain using Active Directory:

    @dylan123 said in Adding Machine to Domain using Active Directory:

    So I’ve attempted to deploy an image onto the domain

    Images should never be pre-joined to the domain, Active Directory is fundamentally incompatible with handling that scenario. Either use setupcomplete.cmd in sysprep to join the domain, or the FOG Client.

    Yeah wasn’t the first thing I tried, more was testing it just to see if it made a difference.

    Wasn’t aware the FOG Client was required to make the active directory feature work. Have since installed and tested, can confirm it worked.

    Thanks for your help Joe.


  • Senior Developer

    @dylan123 said in Adding Machine to Domain using Active Directory:

    So I’ve attempted to deploy an image onto the domain

    Images should never be pre-joined to the domain, Active Directory is fundamentally incompatible with handling that scenario. Either use setupcomplete.cmd in sysprep to join the domain, or the FOG Client.


Log in to reply
 

393
Online

39.3k
Users

11.0k
Topics

104.6k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.