my situation looks like this:
Server 2008 domain controller (standard setup)
with WDS installed (native mode)
syspreped WinXP SP2 image.
everything concerning the deployment works like a charm except the
domain joining process.
during the minisetup it should join the domain but returns with the
message
"The user you have specified is not permitted to join the machine to
the domain"
if i choose to enter the credentials manually at the error message and
i use the exact same user (domainadmin) and password the domain join
works perfectly.
when looking in the netsetup.log i see this:
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09
-----------------------------------------------------------------
04/30 12:29:09 NetpDoDomainJoin
04/30 12:29:09 NetpMachineValidToJoin: 'COMPNAME'
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpMachineValidToJoin: status: 0x0
04/30 12:29:09 NetpJoinDomain
04/30 12:29:09 Machine: COMPNAME
04/30 12:29:09 Domain: DOMAIN.LOCAL
04/30 12:29:09 MachineAccountOU: (NULL)
04/30 12:29:09 Account: (NULL)
04/30 12:29:09 Options: 0x40003
04/30 12:29:09 OS Version: 5.1
04/30 12:29:09 Build number: 2600
04/30 12:29:09 ServicePack: Service Pack 2
04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
valid as type 3 name
04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
'DOMAIN.LOCAL' returned 0x0
04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
3
04/30 12:29:09 NetpDsGetDcName: trying to find DC in domain
'DOMAIN.LOCAL', flags: 0x1020
04/30 12:29:09 NetpDsGetDcName: found DC '\\DC1.DOMAIN.LOCAL' in the
specified domain
04/30 12:29:09 NetpJoinDomain: status of connecting to dc '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
04/30 12:29:09 NetpGetDnsHostName: Read NV Hostname: COMPNAME
04/30 12:29:09 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS
domain name: DOMAIN.LOCAL
04/30 12:29:09 NetpLsaOpenSecret: status: 0xc0000034
04/30 12:29:09 NetpManageMachineAccountWithSid: NetUserAdd on '\
\DC1.DOMAIN.LOCAL' for 'COMPNAME$' failed: 0x5
04/30 12:29:09 NetpJoinDomain: status of creating account: 0x5
04/30 12:29:09 NetpJoinDomain: initiaing a rollback due to earlier
errors
04/30 12:29:09 NetpLsaOpenSecret: status: 0x0
04/30 12:29:09 NetpJoinDomain: rollback: status of deleting secret:
0x0
04/30 12:29:09 NetpJoinDomain: status of disconnecting from '\
\DC1.DOMAIN.LOCAL': 0x0
04/30 12:29:09 NetpDoDomainJoin: status: 0x5
I had exactly the same problem. Because of netlogon events 5805 and 5722 I
found the KB-Article 942564 with the solution in it:
Change the Default Domain Controllers Policy with "Allow cryptography
algorithms compatible with Windows NT 4.0"
After I changed that, everything worked.
"randall" <pen_69@yahoo.com> schrieb im Newsbeitrag
news:a57fb2c0-d8be-405e-b8a3-2d414b9008e9@z72g2000hsb.googlegroups.com...
> Hi there
>
> my situation looks like this:
> Server 2008 domain controller (standard setup)
> with WDS installed (native mode)
>
> syspreped WinXP SP2 image.
>
> everything concerning the deployment works like a charm except the
> domain joining process.
>
> during the minisetup it should join the domain but returns with the
> message
> "The user you have specified is not permitted to join the machine to
> the domain"
>
> if i choose to enter the credentials manually at the error message and
> i use the exact same user (domainadmin) and password the domain join
> works perfectly.
>
> when looking in the netsetup.log i see this:
> 04/30 12:29:09
> -----------------------------------------------------------------
> 04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
> valid as type 3 name
> 04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
> 'DOMAIN.LOCAL' returned 0x0
> 04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
> 3
> 04/30 12:29:09
> -----------------------------------------------------------------
> 04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
> valid as type 3 name
> 04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
> 'DOMAIN.LOCAL' returned 0x0
> 04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
> 3
> 04/30 12:29:09
> -----------------------------------------------------------------
> 04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
> valid as type 3 name
> 04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
> 'DOMAIN.LOCAL' returned 0x0
> 04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
> 3
> 04/30 12:29:09
> -----------------------------------------------------------------
> 04/30 12:29:09 NetpDoDomainJoin
> 04/30 12:29:09 NetpMachineValidToJoin: 'COMPNAME'
> 04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
> 04/30 12:29:09 NetpMachineValidToJoin: status: 0x0
> 04/30 12:29:09 NetpJoinDomain
> 04/30 12:29:09 Machine: COMPNAME
> 04/30 12:29:09 Domain: DOMAIN.LOCAL
> 04/30 12:29:09 MachineAccountOU: (NULL)
> 04/30 12:29:09 Account: (NULL)
> 04/30 12:29:09 Options: 0x40003
> 04/30 12:29:09 OS Version: 5.1
> 04/30 12:29:09 Build number: 2600
> 04/30 12:29:09 ServicePack: Service Pack 2
> 04/30 12:29:09 NetpValidateName: checking to see if 'DOMAIN.LOCAL' is
> valid as type 3 name
> 04/30 12:29:09 NetpCheckDomainNameIsValid [ Exists ] for
> 'DOMAIN.LOCAL' returned 0x0
> 04/30 12:29:09 NetpValidateName: name 'DOMAIN.LOCAL' is valid for type
> 3
> 04/30 12:29:09 NetpDsGetDcName: trying to find DC in domain
> 'DOMAIN.LOCAL', flags: 0x1020
> 04/30 12:29:09 NetpDsGetDcName: found DC '\\DC1.DOMAIN.LOCAL' in the
> specified domain
> 04/30 12:29:09 NetpJoinDomain: status of connecting to dc '\
> \DC1.DOMAIN.LOCAL': 0x0
> 04/30 12:29:09 NetpGetLsaPrimaryDomain: status: 0x0
> 04/30 12:29:09 NetpGetDnsHostName: Read NV Hostname: COMPNAME
> 04/30 12:29:09 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS
> domain name: DOMAIN.LOCAL
> 04/30 12:29:09 NetpLsaOpenSecret: status: 0xc0000034
> 04/30 12:29:09 NetpManageMachineAccountWithSid: NetUserAdd on '\
> \DC1.DOMAIN.LOCAL' for 'COMPNAME$' failed: 0x5
> 04/30 12:29:09 NetpJoinDomain: status of creating account: 0x5
> 04/30 12:29:09 NetpJoinDomain: initiaing a rollback due to earlier
> errors
> 04/30 12:29:09 NetpLsaOpenSecret: status: 0x0
> 04/30 12:29:09 NetpJoinDomain: rollback: status of deleting secret:
> 0x0
> 04/30 12:29:09 NetpJoinDomain: status of disconnecting from '\
> \DC1.DOMAIN.LOCAL': 0x0
> 04/30 12:29:09 NetpDoDomainJoin: status: 0x5
>
> this is the relevant part of the sysprep.inf
>
> [Identification]
> JoinDomain=domain.local
> DoOldStyleDomainJoin=Yes
> DomainAdmin=administrator
> DomainAdminPassword=password
>
> any hints?
>
> and Yes i am using the domain admin account and it gives me 0x5
> (access denied)
>
> thanks in advance
WDS Windows XP cannot join domain 
Linear Mode
