VMware: Computer Account is disabled after deploying Windows Clients

Hello,

last week I had to deploy 25virtual Windows (XP) Clients an on VMware ESX Cluster. One of the requirements was that the clients must be member of a Windows Active Directory.

After setting up vCenter (copy sysprep) I installed a reference Windows XP vm, convert them to a template and defined a Customization Specification like this:

Initial Customization Specification
Initial Customization Specification

During the cloning process, by using the template with the recently created custom spec, the domain join always fails and the Computer Account was disabled at each try.

Ok, now I tried modify some parameter of the Custom Specification:

  • Changing the Domain from fqdn to the NetBIOS Domain “SUB”
  • Altered the Username to SUB\joinuser or joinuser@SUB or joinuser@sub.domain.org


But the result was always the same. The domain join fails or/and the computer account was disabled. One of the following error messagse was written to %temp%\vmware-inc\guestcust.log

  • Joining domain SUB using account joinuser and password ‘*****’
    Unable to update the password. The value provided as the current password is incorrect.
  • Joining domain sub.domain.org using account joinuser and password ‘*****’
    Unable to update the password. The value provided as the current password is incorrect.
  • Joining domain SUB using account joinuser and password ‘*****’
    The specified domain either does not exist or could not be contacted.
  • Retrying SUB operation with user = joinuser@SUB
    Join domain failed with error ‘1355’.Retrying the operation after attempt 1
    The specified domain either does not exist or could not be contacted.

“Unable to update the password. The value provided as the current password is incorrect.” means that the computer account is already disabled while vmware’s guestcustutil tries to join the domain.

After some retries a found a setup which works stable.

  1. Add the FQDN to the domain field of the Customization Specifcation => sub.domain.org
  2. Add the Username in this format username@NetbiosDomainName => joinuser@sub

    Domain Settings

  3. Specify  custom Network Settings for NIC0
    Add  the domain name and the parent domain to the DNS Suffix Searchlist

    Custom Spec Network Settings

Now, it is ensured that FQDN and the NetBIOS Domainname can be resolved and the parameters are specified as guestcustutil it expects.

Michael

Leave a Reply Cancel reply