-
-
Notifications
You must be signed in to change notification settings - Fork 996
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error joining Windows 10 and EFR to domain #579 is now an issue again #801
Error joining Windows 10 and EFR to domain #579 is now an issue again #801
Comments
I'm able to reproduce this like 1/20 times, but I have never been able to determine a root cause :( |
@jt0dd Can you provide OS/Provider/etc |
The root cause could be due to duplicated SID for win10, so solve this generate a new SID in win10 by going to the path ( C:\Windows\System32\Sysprep) Out-of-Box Experience (OOBE) is selected from the System Cleanup Action menu and that Generalize selected then OK . Then try rejoin to the domain |
@faisal6me That shouldn't be the issue as I believe the domain join would fail with an error regarding duplicate SIDs. The Win10 image is sysprepped, plus a reboot solves this problem almost 100% of the time and a reboot doesn't have any effect on the SID. |
@jt0dd Can you provide OS/Provider/etc |
Windows 11 Pro, not at PC but can provide more detailed info later
…On Sun, May 22, 2022 at 20:19 Chris Long ***@***.***> wrote:
@jt0dd <https://github.com/jt0dd> Can you provide OS/Provider/etc
—
Reply to this email directly, view it on GitHub
<#801 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKCZLXUFHU6B6HIA33KK5UDVLLFHLANCNFSM5TZYPUDQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
If anyone can reliably reproduce this, I'd love to test some potential fixes |
I've been trying over the last few hours to get this to work and seems like I'm coming up with the same error. Full reboot of the physical host, destroy and rebuild with vagrant, and the recommended reload with --provision haven't done anything. Happy to be your guinea pig if you have specific scenarios you want me to test? Running this on a Server 2019 host with Vagrant 2.3.0 and the latest commit from the master branch.
|
Sorry but I'm going to have to rescind that offer - in one last act of desperation I completely removed the cloned repo and re-cloned and rebuilt everything using the Vagrant scripts, which eventually ended up working. I did come across a few unrelated issues though that I managed to get around - initially it failed because the join-domain PowerShell script was being flagged as malicious by Defender, and while adding an exception to the scripts folder didn't work, disabling Defender altogether did. The second error came when the vagrant-shell script tried to add exclusions, but a simple reload with the --provision flag sorted that out. Defender blocking the join-domain script
Errors adding Defender Exclusions
|
For me personally, this experience caused me to entirely lose any shred of confidence in Vagrant as a tool (it just seems entirely unreliable, a colleague and I went through probably 5 issues like this one trying to get this one project up and running) and switch to Terraform. You should not have to go through this much "uncertain" trouble. Debugging is fine when building a complex infrastructure set. But bugs that people can't reproduce and just happen randomly to some and not others for no clear reason, that's a serious problem in my view, and a dealbreaker. (OpenStack + Terraform lets you do a lot of what Vagrant does, and yes, locally without needing to pay for cloud resources) |
I just realized I was being waited on for details here, far too late, because I abandoned the usage of Vagrant after making this issue. Device name DESKTOP-4KS9BL7 |
While troubleshooting installation problems for a colleague's Virtualbox setup I came across this same issue, which didn't get fixed with just restarting or provisioning again, but I got it fixed in a way that hasn't been mentioned yet.
After tshooting session and while writing this I tried to replicate the issue on my own setup, but I wasn't able to and I'm starting to question if I was just lucky. My idea to replicate was to remove win10 from domain, then setting the static interface's metric to higher value and joining the host to domain again. I thought, this should have failed the DNS query during domain join and give the same error message. However, that didn't work. There was more precise route in routing table, which took probaly preference over default gw / preferred interface. While digging more how windows does DNS querries it also seems much more complicated process than I thought (2). In the end I suspect the issue is related on which interface and DNS is used to send the DNS query of dc.windomain.local during the domain joining process. My fix suggestions would be to lower the Interface metric (=increase preference) of the static interface and make a static entry for dc.windomain.local in the hosts file. https://learn.microsoft.com/en-us/windows-server/networking/technologies/network-subsystem/net-sub-interface-metric (1) |
@juho-nurmi wow, thank you so much for this information! That actually makes a LOT of sense and seems like the likely culprit here. I'll open a PR with this change implemented and we'll see how it goes! |
I can verify that after changing the metric value as you suggested all I had to do was re-run the provisioner without any other changes and it worked. |
Having this issue on logger and wef too not just win10. Tried changing the metrics no luck. Any ideas? |
@clong Hi! How to reproduce error: add another win10 instance in the Vagrantfile, and give new definition-name, new IP-address, and hostname.
Proposed fix, based on wugglesworth's suggestions.
This ps1 script works, but I haven't been able to reliably integrate it with the provisioning phase. Maybe just call the script in
|
Based on clong#801 (comment) so credit goes to him
Set low interface metric for domain interface. fixes clong#801
Set low interface metric for domain interface. fixes clong#801
#579
This issue was solved and closed, but I and a separate commenter seem to be experiencing it again as of now.
have tried:
vagrant reload win10 --provision
The text was updated successfully, but these errors were encountered: