TheScarfedOne

Ok... picture the scene...

You have a nice existing RIS setup - which deals with all your machines quite nicely. If course - it has to run on Server 03. You then go and update your DCs to Server 2008.

Problem - you notice that some of your image builds stop joining the domain. Cue pulling your hair out time! Have you changed anything in the images etc....

No... the problem as I eventually found out is you Server 2008 DCs. So long as they are the only DCs (ie no Server 03 DCs) the new security settings will screw it up!

The installation stops on with the message:
Network Configuration
The user you have specified is not permitted to join the machine to the
domain. Would you like to proceed for now an try joining a domain later?

With 2003 DC it worked perfect.
Do i need to change something on the DC or in my SIF file?
My [Identification] section look like
JoinDomain = %MACHINEDOMAIN%
DoOldStyleDomainJoin = Yes

I also tryed differnent options i found in the net. e.g.:
[Identification]
JoinDomain = %MACHINEDOMAIN%
DomainAdmin = %USERNAME%
DomainAdminPassword = %PASSWORD%
CreateComputerAccountInDomain = Yes

On the DC i get the error messages NETLOGON 5722 and 5805.

Solution... Enable the GP "Allow cryptography algorithms compatible with Windows NT 4.0"
on Default DC Policy.

This is nicely described in http://technet.microsoft.com/en-us/l...54(WS.10).aspx

and on support in http://support.microsoft.com/kb/942564