ForensiT Homepage
Forum Home Forum Home > ForensiT Support > Domain Migration
  New Posts New Posts RSS Feed - Can't join XP after upgrade from 3.0 to 3.5
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Can't join XP after upgrade from 3.0 to 3.5

 Post Reply Post Reply Page  12>
Author
Message
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Topic: Can't join XP after upgrade from 3.0 to 3.5
    Posted: 28 Nov 2011 at 1:38am
Good day,
 
It seems that I can't join XP clients using profwiz 3.5 with a command line script (Windows 7 clients seem to join without a hitch). It should also be noted that the script works fine with XP clients but only when I use profwiz 3.0... The error I'm seeing is the following:
 
Error 0x8007052e. ログオン失敗: ユーザー名を認識できない (Unrecognized user or something like that)
 
Previously I was also seeing "WARNING: NBNS lookup failure", but I added  <ProtocolPriority>LDAP</ProtocolPriority> to the profwiz.config file and so the warning message went away.
 
I tried switching around the the user format from <domain>\<username> to <username>@<domain> but it didn't seem to matter.
 
The parameters I'm currently passing to profwiz.exe via the command line are basically the following:
 
"\\server\path\to\Profwiz.exe" /DOMAIN mydomain.local /ACCOUNT myuser@mydomain.local /RENAME CN=newpcname,OU=organization,DC=mydomain,DC=local /LOCALACCOUNT oldpcname\localaccount /DOMAINADMIN domain_join_user@mydomain.local /DOMAINPWD XXXXXXXXX /KEY mykey /NODEFAULT /LOG \\server\path\to\log\newpcname.Log /NOREBOOT /DISABLE
 
What is going on here? Please help!
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 29 Nov 2011 at 4:31am

The best approach would be to address the underlying problem. You say you were seeing a "NBNS lookup failure" warning. This should not happen. On a correctly configured network, the NetBIOS name of the computer will be resolved to an IP address by a Windows DNS server. (No WINS server is required.) If you are getting a lookup failure, the NBNS (NetBIOS Naming Service) request is not being forwarded correctly by the DNS servers accessed by the workstation. Using LDAP is a workaround for this problem: it is not a solution.

There is no doubt that XP and Windows 7 impliment the Windows network stack differently. In our experience Windows 7 finally works as documented! However, we know of no reason why version 3.5 and version 3.0 should behave differently. What build of 3.5 are you using?

Back to Top
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Posted: 30 Nov 2011 at 2:06am
Thank you for your reply.
 
To answer your question, we are using version 3.5.4200.18247
 
We have NetBIOS over TCP/IP disabled and LMHOSTS lookups disabled on all the domain controllers/DNS servers. This is because NetBIOS is not secure and is currently not being used in our environment. When we used version 3.0 we did not experience any problems in our environment... does 3.5 have some sort of dependency on NetBIOS?
 
So I guess there are/were two problems: 1) the NBNS lookup failure problem, 2) and the user not recognized problem. In trying to solve problem number 1 I modified the script changing a few parameters from <domain.local>\<username> to <username>@<domain.local> which may have contributed to problem number 2 but I am not really certain.
 
For starters, can you please tell me if NetBIOS needs to be enabled for profwiz to work via the command line, and which particular username format profwiz requires in order to carry out the domain join operation from the command line? (BTW, right now I can complete the domain join without any problems when I use the profwiz GUI, but not the command line.)
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 30 Nov 2011 at 3:15am

NetBIOS does not need to be enabled - as you have shown by running Profwiz via the GUI. Running from the command line makes no difference to the way User Profile Wizard joins the machine to the domain in itself. Are you using the same Profwiz.config settings when using the GUI? Specifically, are you still specifying an ADsPath and using LDAP? If you want to use the same Profwiz.config with the GUI, you need to set the <All> and <NoGUI> values to False.

3.5.4200.18247 is the Deployment Kit version. The User Profile Wizard version is on the Welcome page of the GUI and in any log files.

Back to Top
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Posted: 02 Dec 2011 at 1:23am
I was able to to scrounge up the old profwiz.exe file and check the version number. The version numbers are as follows:
 
New profwiz: 3.5.1160
Old profwiz: 2.5.1107
 
So I guess I was wrong--the old profwiz version what we were using was 2.5, not 3.0.
 
When we were using profwiz 2.5 we passed all the parameters needed to complete the domain join operation via the command line, thereby leaving the Profwiz.config file untouched (i.e. all values in the config file at their default setting). When we switched over to 3.5 we just replaced the old profwiz executable and configuration files with the new ones--we did not make any changes to the Profwiz.config file.
 
I entered the parameters that were being passed via the command line into the Profwiz.config file and tried running profwiz.exe, but now I'm seeing a different error: "The Profwiz.config file could not be found". It seems that profwiz pukes on any UTF-8 characters it finds in the Profwiz.conf file (i.e. <ADsPath> and <Log>) because when I remove said characters the program seems to run smoothly.  Do newer versions of profwiz allow you to use UTF-8 characters in the configuration file?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 02 Dec 2011 at 4:55am
It is not true to say Profwiz does not support UTF-8 characters. The software uses multi-byte Unicode strings throughout.
 
Please send a problem Profwiz.config file to support@ForensiT.com
 
Many thanks.
 
 
Back to Top
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Posted: 05 Dec 2011 at 1:01am
Well, for whatever reason Profwiz.config doesn't seem to work with Japanese characters in file paths, etc.  I submitted the problem config file to support so we will see what happens.
 
Back to Top
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Posted: 06 Dec 2011 at 1:22am
Okay, I received word back from support, and they were able to amend the problem related to Japanese characters in the profwiz.config file.  I guess the lesson to be learned here is to never use Windows notepad to save files with a character encoding other than ANSI.
 
So I tried running the profwiz executable directly (no command line parameters) with all the necessary configuration settings specified in the profwiz.conf file. I saw a single warning, "WARNING: LDAP Access Error," but aside from that the domain join/profile migration operations completed sucessfully.
 
Now I'm trying to run profwiz via a script on the command line again, but I'm seeing the same error as before. The parameters I'm passing via the command line are the same as those used in profwiz.config. The error is as follows:
 
Error 0x8007052e. ログオン失敗: ユーザー名を認識できない・
Migration Fails.
 
(The above translates to "unrecognized user" or something like that.)
 
I'm at a loss as to what do do next. The parameters I'm passing to profwiz.exe via the command line are the same as before:
 
"\\server\path\to\Profwiz.exe" /DOMAIN mydomain.local /ACCOUNT myuser@mydomain.local /RENAME CN=newpcname,OU=organization,DC=mydomain,DC=local /LOCALACCOUNT oldpcname\localaccount /DOMAINADMIN domain_join_user@mydomain.local /DOMAINPWD XXXXXXXXX /KEY mykey /NODEFAULT /LOG \\server\path\to\log\newpcname.Log /NOREBOOT /DISABLE
 
The Profwiz.conf file is essentially the same one I sent support earlier. (One thing I did not mention is that I'm passing parameters that contain Japanese characters on the command line. I don't know if that makes any difference).
 
What I don't understand is why the domain join will work sucessfully when I run profwiz.exe directly with profwiz.config and fail when I run it using command line parameters. Something somewhere is different in terms of the way the two operations are being being executed. Any ideas?
Back to Top
Support View Drop Down
Moderator Group
Moderator Group


Joined: 09 Nov 2006
Location: United Kingdom
Status: Offline
Points: 1844
Post Options Post Options   Thanks (0) Thanks(0)   Quote Support Quote  Post ReplyReply Direct Link To This Post Posted: 06 Dec 2011 at 12:02pm

Passing Japanese characters on the command line should not cause a problem.

When you run Profwiz.exe directly you are not renaming the machine: when you run from the command line you are.That is the difference.

Back to Top
grittyminder View Drop Down
Newbie
Newbie


Joined: 21 Dec 2010
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote grittyminder Quote  Post ReplyReply Direct Link To This Post Posted: 06 Dec 2011 at 5:31pm
Is that where the problem lies--in the renaming?
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.

This page was generated in 0.063 seconds.