+ Post New Thread
Results 1 to 14 of 14
Windows Server 2008 Thread, RIS Stopped after 2008 Upgrade in Technical; ...
  1. #1
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16

    RIS Stopped after 2008 Upgrade

    We have been running RIS since I started here a good number of years ago, but after upgrading my domain controllers to windows server 2008 ent, we have been receiving the following error on RIS down;

    "The user you have specified is not permitted to join the machine to the domain. Would you like to proceed for now and try and join the domain later"

    If you click no, and then re-enter the same username and password that you used to start the RIS session it will join fine.

    I have tried the following:

    New images
    Blank Windows Image
    Different Accounts e.g. domain Administrator
    New RIS server
    Google

    All to no help, the RIS server is still running 2003 server as we are still using RIS image and donít want to use the new style images.


    Any help would be great,

  2. #2
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Have you checked that the user account that you use to add machines to the domain still has those rights since the upgrade?

    http://technet.microsoft.com/en-us/l.../cc780195.aspx

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Have you changed you password policy recently?

    Z

  4. #4
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    Yeh i have checked all the security permissions, it is strange as when you click no and re-enter the domain users accunt details it joins fine.

    We have also not change our password policy.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    does the account work? have you tried logging into a computer with that account?

    Z

  6. #6
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    i have tried 4 account all on the domain Administators and domain admins and enterprise admins. none have worked i am currently using the domain administrator account and all can login to workstations and server etc.

  7. #7
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Do you have the username and password specified in the ristndrd.sif file?

  8. #8
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    I have just put that in this morning, to see if that has made any differeance but it doesnt seem to have fixed it.

  9. #9
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    I was thinking that it might of had an old password in.

    At what point is it failing is it right at the start of the build process when you give the client a name and enter the username and password?


    A long shot but it might be worth a read, i is possible that the users token has increased in size due to membership changes in the upgrade.

    http://support.microsoft.com/default.aspx/kb/920599
    Last edited by cookie_monster; 27th August 2008 at 10:44 AM.

  10. #10
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    It is very strange it lets me start the install, finished copying files reboots then when it is trying to create the new computer account in the domain that when it fails with the error box, but if you goto AD the account is there! if you click continue and finish the install it will not allow login due to not been able to find the computer account. and as i said previously if i click no i want to try join to the domain during the steup and enter the same cridentials as i started with it works!

  11. #11
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Oh that's odd on my setup the computer account is created right at the start of the file copy straight after i've entered the username and password.

    I wonder if it's some kind of DNS issue so it's failing to use kerberos and using NTLM the second time, i'm reaching a bit there as i'm not sure 2008 allows that but it might be worth double checking your DNS settings.

  12. #12
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    Yeh i hav checked that now and mine creates the account at the start as well. I have check dns and it seems to be fine, the problem started after i promoted my intersite toplogy generator to win 2008, once the new generator was 2008 it stopped. I have been looking into how 2008 handles requests differently to 2003 but to no joy.

  13. #13
    no_reason's Avatar
    Join Date
    Sep 2008
    Posts
    2
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    0
    fix for the windows 2008 ris problem
    Edit the default domain controllers policy

    Polices\Admin Templates\System\Net Logon

    Enable the Allow cryptography algorithms compatible with windows nt 4.0

    Also changed in AD the delegation properties of the RIS server (right click server, properties, delegation) and set that to trust (kerboros)

    this seems to work for us.

  14. Thanks to no_reason from:

    maf_001 (5th September 2008)

  15. #14
    maf_001's Avatar
    Join Date
    Feb 2008
    Posts
    51
    Thank Post
    2
    Thanked 12 Times in 10 Posts
    Rep Power
    16
    Thanks that seems to have rersolved our RIS issue.

SHARE:
+ Post New Thread

Similar Threads

  1. New server - 2003 or upgrade to 2008 ??
    By pooley in forum Windows Server 2008
    Replies: 27
    Last Post: 10th June 2008, 12:58 PM
  2. SchoolGuardian 2008 Upgrade problem
    By Gatt in forum *nix
    Replies: 13
    Last Post: 6th May 2008, 08:34 AM
  3. SIMS Feb 2008 upgrade - SOLUS error
    By cf23 in forum MIS Systems
    Replies: 8
    Last Post: 8th April 2008, 10:21 AM
  4. SQL Backups stopped working
    By AnnDroyd in forum MIS Systems
    Replies: 3
    Last Post: 22nd December 2007, 03:23 PM
  5. Stopped for not speeding
    By Geoff in forum Jokes/Interweb Things
    Replies: 19
    Last Post: 14th September 2007, 08:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •