Windows Server 2008 Thread, RIS Stopped after 2008 Upgrade in Technical; We have been running RIS since I started here a good number of years ago, but after upgrading my domain ...
27th August 2008, 10:05 AM #1
RIS Stopped after 2008 Upgrade
We have been running RIS since I started here a good number of years ago, but after upgrading my domain controllers to windows server 2008 ent, we have been receiving the following error on RIS down;
"The user you have specified is not permitted to join the machine to the domain. Would you like to proceed for now and try and join the domain later"
If you click no, and then re-enter the same username and password that you used to start the RIS session it will join fine.
I have tried the following:
Blank Windows Image
Different Accounts e.g. domain Administrator
New RIS server
All to no help, the RIS server is still running 2003 server as we are still using RIS image and donít want to use the new style images.
Any help would be great,
27th August 2008, 10:28 AM #2
Have you checked that the user account that you use to add machines to the domain still has those rights since the upgrade?
27th August 2008, 10:30 AM #3
Have you changed you password policy recently?
27th August 2008, 10:40 AM #4
Yeh i have checked all the security permissions, it is strange as when you click no and re-enter the domain users accunt details it joins fine.
We have also not change our password policy.
27th August 2008, 10:41 AM #5
does the account work? have you tried logging into a computer with that account?
27th August 2008, 10:45 AM #6
i have tried 4 account all on the domain Administators and domain admins and enterprise admins. none have worked i am currently using the domain administrator account and all can login to workstations and server etc.
27th August 2008, 10:50 AM #7
Do you have the username and password specified in the ristndrd.sif file?
27th August 2008, 11:18 AM #8
I have just put that in this morning, to see if that has made any differeance but it doesnt seem to have fixed it.
27th August 2008, 11:41 AM #9
I was thinking that it might of had an old password in.
At what point is it failing is it right at the start of the build process when you give the client a name and enter the username and password?
A long shot but it might be worth a read, i is possible that the users token has increased in size due to membership changes in the upgrade.
Last edited by cookie_monster; 27th August 2008 at 11:44 AM.
27th August 2008, 11:47 AM #10
It is very strange it lets me start the install, finished copying files reboots then when it is trying to create the new computer account in the domain that when it fails with the error box, but if you goto AD the account is there! if you click continue and finish the install it will not allow login due to not been able to find the computer account. and as i said previously if i click no i want to try join to the domain during the steup and enter the same cridentials as i started with it works!
27th August 2008, 11:57 AM #11
Oh that's odd on my setup the computer account is created right at the start of the file copy straight after i've entered the username and password.
I wonder if it's some kind of DNS issue so it's failing to use kerberos and using NTLM the second time, i'm reaching a bit there as i'm not sure 2008 allows that but it might be worth double checking your DNS settings.
27th August 2008, 12:01 PM #12
Yeh i hav checked that now and mine creates the account at the start as well. I have check dns and it seems to be fine, the problem started after i promoted my intersite toplogy generator to win 2008, once the new generator was 2008 it stopped. I have been looking into how 2008 handles requests differently to 2003 but to no joy.
5th September 2008, 12:36 AM #13
fix for the windows 2008 ris problem
Edit the default domain controllers policy
Polices\Admin Templates\System\Net Logon
Enable the Allow cryptography algorithms compatible with windows nt 4.0
Also changed in AD the delegation properties of the RIS server (right click server, properties, delegation) and set that to trust (kerboros)
this seems to work for us.
Thanks to no_reason from:
maf_001 (5th September 2008)
5th September 2008, 09:23 AM #14
Thanks that seems to have rersolved our RIS issue.
By pooley in forum Windows Server 2008
Last Post: 10th June 2008, 01:58 PM
Last Post: 6th May 2008, 09:34 AM
By cf23 in forum MIS Systems
Last Post: 8th April 2008, 11:21 AM
By AnnDroyd in forum MIS Systems
Last Post: 22nd December 2007, 04:23 PM
By Geoff in forum Jokes/Interweb Things
Last Post: 14th September 2007, 09:49 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread