Print Page | Close Window

Can't join XP after upgrade from 3.0 to 3.5

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Domain Migration
Forum Discription: User Profile Wizard questions, suggestions, comments and bug reports
URL: http://forum.ForensiT.com/forum_posts.asp?TID=428
Printed Date: 23 Aug 2019 at 3:28pm


Topic: Can't join XP after upgrade from 3.0 to 3.5
Posted By: grittyminder
Subject: Can't join XP after upgrade from 3.0 to 3.5
Date Posted: 28 Nov 2011 at 1:38am
Good day,
 
It seems that I can't join XP clients using profwiz 3.5 with a command line script (Windows 7 clients seem to join without a hitch). It should also be noted that the script works fine with XP clients but only when I use profwiz 3.0... The error I'm seeing is the following:
 
Error 0x8007052e. ログオン失敗: ユーザー名を認識できない (Unrecognized user or something like that)
 
Previously I was also seeing "WARNING: NBNS lookup failure", but I added  <ProtocolPriority>LDAP</ProtocolPriority> to the profwiz.config file and so the warning message went away.
 
I tried switching around the the user format from <domain>\<username> to <username>@<domain> but it didn't seem to matter.
 
The parameters I'm currently passing to profwiz.exe via the command line are basically the following:
 
" file://%5C%5Cserver%5Cpath%5Cto%5CProfwiz.exe - \\server\path\to\Profwiz.exe " /DOMAIN mydomain.local /ACCOUNT myuser mailto:myuser@mydomain.local - @mydomain.local /RENAME CN=newpcname,OU=organization,DC=mydomain,DC=local /LOCALACCOUNT oldpcname\localaccount /DOMAINADMIN mailto:domain_join_user@mydomain - domain_join_user@mydomain .local /DOMAINPWD XXXXXXXXX /KEY mykey /NODEFAULT /LOG file://%5C%5Cserver%5Cpath%5Cto%5Clog%5Cnewpcname.Log - \\server\path\to\log\newpcname.Log /NOREBOOT /DISABLE
 
What is going on here? Please help!



Replies:
Posted By: Support
Date Posted: 29 Nov 2011 at 4:31am

The best approach would be to address the underlying problem. You say you were seeing a "NBNS lookup failure" warning. This should not happen. On a correctly configured network, the NetBIOS name of the computer will be resolved to an IP address by a Windows DNS server. (No WINS server is required.) If you are getting a lookup failure, the NBNS (NetBIOS Naming Service) request is not being forwarded correctly by the DNS servers accessed by the workstation. Using LDAP is a workaround for this problem: it is not a solution.

There is no doubt that XP and Windows 7 impliment the Windows network stack differently. In our experience Windows 7 finally works as documented! However, we know of no reason why version 3.5 and version 3.0 should behave differently. What build of 3.5 are you using?



Posted By: grittyminder
Date Posted: 30 Nov 2011 at 2:06am
Thank you for your reply.
 
To answer your question, we are using version 3.5.4200.18247
 
We have NetBIOS over TCP/IP disabled and LMHOSTS lookups disabled on all the domain controllers/DNS servers. This is because NetBIOS is not secure and is currently not being used in our environment. When we used version 3.0 we did not experience any problems in our environment... does 3.5 have some sort of dependency on NetBIOS?
 
So I guess there are/were two problems: 1) the NBNS lookup failure problem, 2) and the user not recognized problem. In trying to solve problem number 1 I modified the script changing a few parameters from <domain.local>\<username> to <username>@<domain.local> which may have contributed to problem number 2 but I am not really certain.
 
For starters, can you please tell me if NetBIOS needs to be enabled for profwiz to work via the command line, and which particular username format profwiz requires in order to carry out the domain join operation from the command line? (BTW, right now I can complete the domain join without any problems when I use the profwiz GUI, but not the command line.)


Posted By: Support
Date Posted: 30 Nov 2011 at 3:15am

NetBIOS does not need to be enabled - as you have shown by running Profwiz via the GUI. Running from the command line makes no difference to the way User Profile Wizard joins the machine to the domain in itself. Are you using the same Profwiz.config settings when using the GUI? Specifically, are you still specifying an ADsPath and using LDAP? If you want to use the same Profwiz.config with the GUI, you need to set the <All> and <NoGUI> values to False.

3.5.4200.18247 is the Deployment Kit version. The User Profile Wizard version is on the Welcome page of the GUI and in any log files.



Posted By: grittyminder
Date Posted: 02 Dec 2011 at 1:23am
I was able to to scrounge up the old profwiz.exe file and check the version number. The version numbers are as follows:
 
New profwiz: 3.5.1160
Old profwiz: 2.5.1107
 
So I guess I was wrong--the old profwiz version what we were using was 2.5, not 3.0.
 
When we were using profwiz 2.5 we passed all the parameters needed to complete the domain join operation via the command line, thereby leaving the Profwiz.config file untouched (i.e. all values in the config file at their default setting). When we switched over to 3.5 we just replaced the old profwiz executable and configuration files with the new ones--we did not make any changes to the Profwiz.config file.
 
I entered the parameters that were being passed via the command line into the Profwiz.config file and tried running profwiz.exe, but now I'm seeing a different error: "The Profwiz.config file could not be found". It seems that profwiz pukes on any UTF-8 characters it finds in the Profwiz.conf file (i.e. <ADsPath> and <Log>) because when I remove said characters the program seems to run smoothly.  Do newer versions of profwiz allow you to use UTF-8 characters in the configuration file?


Posted By: Support
Date Posted: 02 Dec 2011 at 4:55am
It is not true to say Profwiz does not support UTF-8 characters. The software uses multi-byte Unicode strings throughout.
 
Please send a problem Profwiz.config file to mailto:support@ForensiT.com - support@ForensiT.com
 
Many thanks.
 
 


Posted By: grittyminder
Date Posted: 05 Dec 2011 at 1:01am
Well, for whatever reason Profwiz.config doesn't seem to work with Japanese characters in file paths, etc.  I submitted the problem config file to support so we will see what happens.
 


Posted By: grittyminder
Date Posted: 06 Dec 2011 at 1:22am
Okay, I received word back from support, and they were able to amend the problem related to Japanese characters in the profwiz.config file.  I guess the lesson to be learned here is to never use Windows notepad to save files with a character encoding other than ANSI.
 
So I tried running the profwiz executable directly (no command line parameters) with all the necessary configuration settings specified in the profwiz.conf file. I saw a single warning, "WARNING: LDAP Access Error," but aside from that the domain join/profile migration operations completed sucessfully.
 
Now I'm trying to run profwiz via a script on the command line again, but I'm seeing the same error as before. The parameters I'm passing via the command line are the same as those used in profwiz.config. The error is as follows:
 
Error 0x8007052e. ログオン失敗: ユーザー名を認識できない・
Migration Fails.
 
(The above translates to "unrecognized user" or something like that.)
 
I'm at a loss as to what do do next. The parameters I'm passing to profwiz.exe via the command line are the same as before:
 
" file://%5C%5Cserver%5Cpath%5Cto%5CProfwiz.exe - \\server\path\to\Profwiz.exe " /DOMAIN mydomain.local /ACCOUNT myuser mailto:myuser@mydomain.local - @mydomain.local /RENAME CN=newpcname,OU=organization,DC=mydomain,DC=local /LOCALACCOUNT oldpcname\localaccount /DOMAINADMIN mailto:domain_join_user@mydomain - domain_join_user@mydomain .local /DOMAINPWD XXXXXXXXX /KEY mykey /NODEFAULT /LOG file://%5C%5Cserver%5Cpath%5Cto%5Clog%5Cnewpcname.Log - \\server\path\to\log\newpcname.Log /NOREBOOT /DISABLE
 
The Profwiz.conf file is essentially the same one I sent support earlier. (One thing I did not mention is that I'm passing parameters that contain Japanese characters on the command line. I don't know if that makes any difference).
 
What I don't understand is why the domain join will work sucessfully when I run profwiz.exe directly with profwiz.config and fail when I run it using command line parameters. Something somewhere is different in terms of the way the two operations are being being executed. Any ideas?


Posted By: Support
Date Posted: 06 Dec 2011 at 12:02pm

Passing Japanese characters on the command line should not cause a problem.

When you run Profwiz.exe directly you are not renaming the machine: when you run from the command line you are.That is the difference.



Posted By: grittyminder
Date Posted: 06 Dec 2011 at 5:31pm
Is that where the problem lies--in the renaming?


Posted By: grittyminder
Date Posted: 09 Dec 2011 at 2:40am
I modified my domain join script to use the older (i.e. 2.5) and newer (i.e. 3.5) versions of profwiz. The script detects the operating system and from there determines which version profwiz to use (i.e. 2.5 for XP and 3.5 for Windows 7). There is also the option to forcibly override the default profwiz version using command line parameters, so that, for example, it is possible to attempt to use profwiz 3.5 with an XP PC.
 
The script passes the _exact same parameters_ (excuding /DOMAINPWD) to both versions of profwiz, and yet 3.5 still refuses to join XP computers. Naturally 2.5 works just fine, as always. This is part of the reason I urged my company to provide the funds to upgrade to 3.5, because 2.5 worked so flawlessly--I never, not once, experienced any problems with 2.5.  However, my experience using 3.5 thus far has been wholely negative.
 
I would appreciate your help getting to the bottom of this problem so that I won't have to akwardly switch between profwiz versions depending on the operating system. I mentioned this before, but profwiz 3.5 still works via the gui, but not the command line...


Posted By: Support
Date Posted: 10 Dec 2011 at 5:03am

Fix the network and you fix the problem. NBNS errors do not occur on well configured networks.

There is no evidence that there is any kind of problem with User Profile Wizard 3.5. We stopped selling version 2.5 several years ago. Hundreds of customers use User Profile Wizard to migrate XP machines; some of those customers are migrating many thousands of machines. They do not have this issue.

It may well be that in getting User Profile Wizard to work well with Windows 7 we have removed whatever it was that allowed version 2.5 to circumvent this network problem. The fact that version 2.5 does not expose the same error is certainly curious. We will look to see what might be going on. It would be useful if you could email your configuration files/command lines to mailto:support@ForensiT.com - support@ForensiT.com  In return, there are some code revisions we can get you to try.

Thanks.


Posted By: grittyminder
Date Posted: 12 Dec 2011 at 12:39am

> Fix the network and you fix the problem. NBNS errors do not occur on well configured networks.

The client computers that are to be joined to the domain receive all the networking information they need to function (DNS server info, DNS serch suffix info) via DHCP. The DHCP configuration has remained unchanged for years, meaning that the current DHCP configuration was in affect when we used Profwiz 2.5 to migrate a few dozen computers a year or so ago.
 
The only thing that I can think of that might be different about our computing environment is that we have NetBIOS and lmhosts lookups disabled on the dns servers/domain controlers. That and all our PCs are Japanese. I tried enabling/disabling NetBIOS and lmhost lookups on the client side but it didn't seem to matter.
 
Anyhow, I sent all the requested information/files to support so we will see what happens.
 
 



Print Page | Close Window