Q. Domain join during an unattended setup fails with an unexpected error message in computers that are running Windows NT 5.x (Windows 2000, Windows XP, or Windows Server 2003)?

When you configure and unattended install and domain join, computers running Windows NT 5.x receive:

An unexpected error has occurred while changing your computer's network identification. Would you like to proceed for now and try joining a domain later?

This problem is symptomatic of the Kerberos version 5 tokens for a user account in the unattended answer file being too large, because the user is a member of multiple security groups, each of which's SID is added to the token, exceeding its' fixed size.

To workaround this problem, modify the i386\Hivesys.inf file in the distribution share:

1. Make a backup copy of the Hivesys.inf file before you open it in Notepad.exe.

2. Locate the HKLM,"SYSTEM\CurrentControlSet\Control\MediaProperties",,0x00000012 line.

3. Add a line containing:

HKLM,"SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters","MaxTokenSize",0x00010003,0xffff
above the line you found in step 2.

4. Save and then close the Hivesys.inf file.


Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish