• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Adding Machine to Domain using Active Directory

Scheduled Pinned Locked Moved Solved
Windows Problems
2
3
2.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    dylan123
    last edited by Mar 29, 2017, 2:52 AM

    Server
    • FOG Version: 1.4.0-RC-1
    • OS: Ubuntu 16.04.2 LTS
    Client
    • Service Version: Windows Server 2012 R2
    • OS: Windows 10
    Description

    Hey all,

    So I’ve attempted to deploy an image onto the domain however I’m getting this message when I attempt to log into the machine with an account on the domain “The security database on the server does not have a computer account for this workstation trust relationship.”

    I believe the issue is on the DC rather then anything to do with FOG as the FOG section appears to work fine, I can put in an incorrect password and the above message goes away and it replaced with an incorrect username/password. I’m assuming there’s something I need to change on my DC but I can’t find what that would be, hoping someone else on here has come across a similar issue or has an idea of what I could possibly do to fix it?

    Extra info:

    On the server event log I do get a 5723 Event ID error with the following message -


    The session setup from computer ‘L003’ failed because the security database does not contain a trust account ‘L003$’ referenced by the specified computer.

    USER ACTION
    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn’t require any action at this time. If this is a Read-Only Domain Controller and ‘L003$’ is a legitimate machine account for the computer ‘L003’ then ‘L003’ should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:

    If ‘L003$’ is a legitimate machine account for the computer ‘L003’, then ‘L003’ should be rejoined to the domain.

    If ‘L003$’ is a legitimate interdomain trust account, then the trust should be recreated.

    Otherwise, assuming that ‘L003$’ is not a legitimate account, the following action should be taken on ‘L003’:

    If ‘L003’ is a Domain Controller, then the trust associated with ‘L003$’ should be deleted.

    If ‘L003’ is not a Domain Controller, it should be disjoined from the domain.


    Inside the DC it’s not creating the machine when it attempts to add the computer. I have tried to manually create the machine then deploy it again but I still get the same issue.

    I’ve also tried adding the laptop to the domain, capturing it, giving the computer a new name both using the AD section and not and deploying the image but I get the same issue as above every time. If I put the name back to what it was when I had it on the domain for the capture and redeploy with that it works.

    So obviously the issue is that for whatever reason it’s not creating the machine in the DC however I’m not sure what I should be looking at for that. Everything online with the above event ID error just says to remove the machine from the domain and re-add it however that defeats the whole purpose of it.

    Any thoughts/ideas would be great.

    1 Reply Last reply Reply Quote 0
    • J
      Joe Schmitt Senior Developer
      last edited by Joe Schmitt Mar 28, 2017, 10:12 PM Mar 29, 2017, 4:09 AM

      @dylan123 said in Adding Machine to Domain using Active Directory:

      So I’ve attempted to deploy an image onto the domain

      Images should never be pre-joined to the domain, Active Directory is fundamentally incompatible with handling that scenario. Either use setupcomplete.cmd in sysprep to join the domain, or the FOG Client.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      D 1 Reply Last reply Mar 29, 2017, 10:18 PM Reply Quote 2
      • D
        dylan123 @Joe Schmitt
        last edited by Mar 29, 2017, 10:18 PM

        @Joe-Schmitt said in Adding Machine to Domain using Active Directory:

        @dylan123 said in Adding Machine to Domain using Active Directory:

        So I’ve attempted to deploy an image onto the domain

        Images should never be pre-joined to the domain, Active Directory is fundamentally incompatible with handling that scenario. Either use setupcomplete.cmd in sysprep to join the domain, or the FOG Client.

        Yeah wasn’t the first thing I tried, more was testing it just to see if it made a difference.

        Wasn’t aware the FOG Client was required to make the active directory feature work. Have since installed and tested, can confirm it worked.

        Thanks for your help Joe.

        1 Reply Last reply Reply Quote 1
        • 1 / 1
        1 / 1
        • First post
          2/3
          Last post

        167

        Online

        12.0k

        Users

        17.3k

        Topics

        155.2k

        Posts
        Copyright © 2012-2024 FOG Project