目前我正在帮助我的公司通过networking自动化安装Windows。 我正在使用Server 2008r2和Windows部署服务与Windows 7作为正在安装在客户端计算机上的操作系统。 一切工作正常除了join客户端电脑的域名。 DNSconfiguration正确,客户端计算机已作为密码为“password”的用户“Client1”预先login在Active Directory计算机中。 我发布了我的unattend xml文件和Panther / UnattendGC setupact.log和setuperr.log文件的相关部分。
Setupact.log :
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:开始
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:加载input参数…
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:AccountData = [NULL]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:UnsecureJoin = [NULL]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:MachinePassword = [秘密未logging]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:JoinDomain = [master.local]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:JoinWorkgroup = [NULL]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:域= [master.local]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:用户名= [Client1]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:密码= [密码未logging]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人值守join:MachineObjectOU = [NULL]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:DebugJoin = [false]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:DebugJoinOnlyOnThisError = [NULL]
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:检查自动启动服务是否已经启动。
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:join域[master.local] …
2017-06-29 09:25:04,信息[DJOIN.EXE]无人参与join:调用master.local的DsGetDcName …
2017-06-29 09:25:04,警告[DJOIN.EXE]无人值守join:DsGetDcName失败:0x2746,最后一个错误是0x0,将在5秒内重试… [[[我个人logging:此时它重试并在最后退出前多次显示上述错误]]]
2017-06-29 09:32:04,错误[DJOIN.EXE]无人值守join:NetJoinDomain失败的错误代码是[10054]
2017-06-29 09:32:04,错误[DJOIN.EXE]无人值守join:无法join; gdwError = 0x2746
2017-06-29 09:32:04,信息[DJOIN.EXE]无人参与join:退出,返回0x0
Setuperr.log :
2017-06-29 09:32:04,错误[DJOIN.EXE]无人值守join:NetJoinDomain失败的错误代码是[10054]
2017-06-29 09:32:04,错误[DJOIN.EXE]无人值守join:无法join; gdwError = 0x2746
Unattend.xml :
<?xml version='1.0' encoding='utf-8'?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize" wasPassProcessed="true"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password>*SENSITIVE*DATA*DELETED*</Password> <Domain>master.local</Domain> <Enabled>true</Enabled> <LogonCount>5</LogonCount> <Username>Client1</Username> </AutoLogon> <RegisteredOrganization>MyCompany</RegisteredOrganization> <RegisteredOwner>MyCompany</RegisteredOwner> <TimeZone>eastern standard time</TimeZone> <ComputerName></ComputerName> <ProductKey>*SENSITIVE*DATA*DELETED*</ProductKey> </component> <component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Interfaces> <Interface wcm:action="add"> <DNSServerSearchOrder> <IpAddress wcm:action="add" wcm:keyValue="1">122.45.36.1</IpAddress> </DNSServerSearchOrder> <DisableDynamicUpdate>false</DisableDynamicUpdate> <DNSDomain>master.local</DNSDomain> <EnableAdapterDomainNameRegistration>true</EnableAdapterDomainNameRegistration> <Identifier>Local Area Connection</Identifier> </Interface> </Interfaces> <DNSDomain>master.local</DNSDomain> <UseDomainNameDevolution>false</UseDomainNameDevolution> <DNSSuffixSearchOrder> <DomainName wcm:action="add" wcm:keyValue="1">master.local</DomainName> </DNSSuffixSearchOrder> </component> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <Credentials> <Domain>master.local</Domain> <Password>*SENSITIVE*DATA*DELETED*</Password> <Username>Client1</Username> </Credentials> <JoinDomain>master.local</JoinDomain> <DebugJoin>false</DebugJoin> </Identification> </component> </settings> <settings pass="oobeSystem" wasPassProcessed="true"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Display> <ColorDepth>32</ColorDepth> <DPI>96</DPI> <HorizontalResolution>1280</HorizontalResolution> <RefreshRate>60</RefreshRate> <VerticalResolution>1024</VerticalResolution> </Display> <UserAccounts> <AdministratorPassword>*SENSITIVE*DATA*DELETED*</AdministratorPassword> <DomainAccounts> <DomainAccountList wcm:action="add"> <Domain>master.local</Domain> <DomainAccount wcm:action="add"> <Group>Domain Users</Group> <Name>Client1</Name> </DomainAccount> </DomainAccountList> </DomainAccounts> <LocalAccounts> <LocalAccount wcm:action="add"> <Password>*SENSITIVE*DATA*DELETED*</Password> <Description>MyCompany</Description> <DisplayName>MyCompany</DisplayName> <Name>MyCompany</Name> <Group>Administrators</Group> </LocalAccount> </LocalAccounts> </UserAccounts> <TimeZone>eastern standard time</TimeZone> <RegisteredOwner>MyCompany</RegisteredOwner> <RegisteredOrganization>MyCompany</RegisteredOrganization> <OOBE> <HideEULAPage>true</HideEULAPage> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> </OOBE> </component> <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <InputLocale>en-us</InputLocale> <SystemLocale>en-us</SystemLocale> <UILanguage>en-us</UILanguage> <UILanguageFallback>en-us</UILanguageFallback> <UserLocale>en-us</UserLocale> </component> </settings> <cpi:offlineImage cpi:source="catalog://51esm549353-6/reminst/wdsclientunattend/windows 7 professional_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi"></cpi:offlineImage> </unattend>
我已经试过了,它仍然没有工作。 值得注意的是,当我将UnsecureJoin设置为true时,我没有包含凭据,因为执行UnsecureJoin时不应该包含凭据。 此外,我尝试了将MachinePassword设置为该机器的本地pipe理员帐户密码的UnsecureJoin = true的变体,并且还将MachinePassword字段留空,并且仍然无效。
有人可以帮我找出为什么客户端电脑没有join域? 此外,DsGetDCName错误代码0x2746和NetJoinDomain错误代码10054似乎是无证的,因此任何洞察到这些错误代码将不胜感激?
以下是我如何做到的:在WDS中,答案文件有两个不同的部分,我通常将它们保存在单独的文件中 – winPE位(连接到服务器,磁盘分区,将文件复制到工作站上,设置不安全的连接) OOBE位(设置本地密码,区域设置,完成域连接)。 您可以将PE文件链接到机器上,或者将其全局设置,然后在“允许无人参与安装”位中将OOBE文件链接到映像。
这里有一个关于WDS的ragtag笔记的链接
这里是我的文件:PE.xml(对于UEFI – 您需要更改非UEFI启动时的驱动器分区):
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <settings pass="windowsPE"> <component name="Microsoft-Windows-Setup" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="amd64"> <WindowsDeploymentServices> <Login> <WillShowUI>OnError</WillShowUI> <Credentials> <Username>wdsinst</Username> <Domain>beastquest.com</Domain> <Password>AbCd1234</Password> </Credentials> </Login> <ImageSelection> <WillShowUI>OnError</WillShowUI> <InstallImage> <ImageGroup>Win10</ImageGroup> <ImageName>Win10x64take5</ImageName> <Filename>win10x64take5.wim</Filename> </InstallImage> <InstallTo> <DiskID>0</DiskID> <PartitionID>3</PartitionID> </InstallTo> </ImageSelection> </WindowsDeploymentServices> <DiskConfiguration> <WillShowUI>OnError</WillShowUI> <Disk wcm:action="add"> <CreatePartitions> <CreatePartition wcm:action="add"> <Type>EFI</Type> <Size>200</Size> <Order>1</Order> </CreatePartition> <CreatePartition wcm:action="add"> <Order>2</Order> <Size>128</Size> <Type>MSR</Type> </CreatePartition> <CreatePartition wcm:action="add"> <Extend>true</Extend> <Order>3</Order> <Type>Primary</Type> </CreatePartition> </CreatePartitions> <ModifyPartitions> <ModifyPartition wcm:action="add"> <Active>true</Active> <Format>FAT32</Format> <Label>EFI</Label> <Order>1</Order> <PartitionID>1</PartitionID> </ModifyPartition> <ModifyPartition wcm:action="add"> <Order>2</Order> <PartitionID>3</PartitionID> <Format>NTFS</Format> <Label>Windows</Label> </ModifyPartition> </ModifyPartitions> <DiskID>0</DiskID> <WillWipeDisk>true</WillWipeDisk> </Disk> </DiskConfiguration> <ImageInstall> <OSImage> <InstallTo> <PartitionID>3</PartitionID> <DiskID>0</DiskID> </InstallTo> </OSImage> </ImageInstall> </component> <component name="Microsoft-Windows-International-Core-WinPE" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" processorArchitecture="amd64"> <SetupUILanguage> <UILanguage>en-US</UILanguage> </SetupUILanguage> </component> </settings> </unattend>
更改图像细节以适合您的图像。
和OOBE.xml:将其链接到上面指定的安装映像(作为允许无人参与的文件):)
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="specialize"> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Identification> <UnsecureJoin>true</UnsecureJoin> </Identification> </component> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideEULAPage>true</HideEULAPage> <NetworkLocation>Work</NetworkLocation> <ProtectYourPC>1</ProtectYourPC> <SkipMachineOOBE>true</SkipMachineOOBE> <SkipUserOOBE>true</SkipUserOOBE> </OOBE> </component> </settings> <cpi:offlineImage cpi:source="catalog:c:/win7-64bit/sources/install_windows 7 professional.clg" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>
您还需要向WDSInst帐户授予一些权限,以便它可以pipe理AD中的计算机帐户。 设置要在WDS服务器属性中创build的新计算机帐户的OU,然后将委派的权限授予该OU的wdsinst。 该帐户将需要:
您不能使用域pipe理员帐户。 你需要给wdsinst尽可能less的权限,因为这些答案文件不是超级安全的(我认为PE是TFTP的)。
这适用于Win7 – > win10