Sysprep and joining domain

[Aaron Wright]

We recently got a new model of laptop in our company. They are Dell
Latitude D610's. We build Ghost images for each new model, and we have
a list of steps we follow for each image so they are consistant. We've
followed the same steps for this image as we have all others. The last
step before we create the image is to run sysprep -mini.

Problem is that sometimes the computer won't automatically join the
domain. Approx. half the time it's fine, and the other half it fails
with the message "An invalid domain was specified. Would you like to
proceed for now and try joining a domain later?" If I choose "No" and
type in everything by hand, it still fails. I tried it several times.


It almost behaves as if it doesn't have network connectivity. It's
plugged into our network, and the link and activity lights are lit.
The D610 has a BroadCom GigE adapter, and I have the latest drivers
installed on the image. I'm wondering if it's still buggy because it's
fairly new.

Can anyone offer some ideas to help me dig further into this?
Thanks!
Aaron

 

[Jordan]

Gigabit network adapters have some problems with the DHCP autodetect
feature. There are issues where Domain Group Policies do not apply either.
I beleive the explaination is that the adapter momentarily breaks the
connection during network detection and this cause Group Policies and other
things not to apply.

MS has a paper on this in the KB if you search for "Gigabit and Group
Policies". The tell you to disable the autodetect by adding the following
registry key. Open notepad and save the following as
DisableDHCPMediaSensing.reg

====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableDHCPMediaSense"=dword:00000001
====================

The downside of this is that when you unplug your laptops NIC from one
network and plug it into another or if you boot without the network
connected you will not autodetect the new connection. You will have to
Release and Renew your IP manually.

Go back to your original machine and add this registry entry, then reGhost
an you should be all set.

 

[Aaron Wright]

I'm not sure management is going to be okay with using that as a
solution. Are there any other alternatives? Perhaps I'll disable
media sense on the image, and re-enable it in the scripts that are run
after it's imaged.

Not sure if this makes a difference or not, but I found some more info
when I was researching the problem. The c:\windows\debug\netsetup.log
file has several instances of the following:
NetpCheckDomainNameIsValid for MyDomain.TLD returned 0x54b
NetpCheckDomainNameIsValid [ Exists ] for 'MyDomain.TLD' returned 0x54b

Does that change anything?
Thanks!
Aaron

 

[Jordan]

I'm not crazy about having to disable something that is really a nice
feature, but I think management will like it plenty when you tell them
unless they turn of the auto sensing they will not be able to enforce Group
Policies or deploy managed software. I am not sure if you use Group
Policies, but they are really a life saver when it comes to a lot of
security and configurations issues.

The users of the laptops who might want to have the ability to just hook on
and off a network willy-nilly will not like it, but to bad. Its the
company's stuff. The only inconvienience is the release/renew manually
drawback, but you can just create a batch file for that. All the user will
have to do is double click an icon to do what the autosensing does
automatically.

I had a user that complained about it so I said, "We can elimiate the
ability to manage all the computers uniformly, elimate the ability to keep
software up to date uniformly, and eliminate the ability to deploy new
software uniformly - OR- we can just have you double click an icon once in
a while when you are hooking your notebook (company property) up to your
home network when you are trying to use the company property to help your
kids with their homework.

They usually drop it after that......



]

 

[Aaron Wright]

Actually, I already talked to my supervisior about it, and he said no.
But I didn't realize that there might be cases where the laptop won't
pick up our group policies. I think he'll change his mind after he
hears that.

Isn't someone (Dell, Microsoft, Broadcom) working on fixing this? I
can't believe they would accept the fact that we have to break
functionality to make things such as Group Policy work.

Thanks!
Aaron

 

[Aaron Wright]

I added this registry key to the image and I've been testing it through
the morning. It doesn't seem to make a difference. It still doesn't
join the domain about half the time. I hit Shift + F10 for a command
prompt when it gives the error about not being able to join the domain.
It has an IP address, but can't ping anything. I can release/renew
the IP, and sometimes it works after that, but other times does not.

 

[Jordan]

MS is aware of the problem and they advised using the reg setting. They
noted that the Gigabit adapter vendors may choose to create a fix in their
driver. It looks like they are passing the buck to the hardware vendors.

I usally side with MS most of the time when people jump on them because
their software doesn't work properly, but in this case I have to say that MS
should do something about it. I have 3 different mfgs of GB adapters on
various laptops and desktops and all of them have to do this registry
setting. MS article does not specify certain adapters, but instead says GB
adapters in general so this shows that it must be MS routines that are the
problem, not everyone else's.

 

[Jordan]

If you can't get an IP address it may be that something is interfering on
bootup. Some Antivirus programs may be causing the problem and some things
like firewall clients can as well.

Do you have anything that monitors in the background like Antivirus,
AntiSPAM ware, Network Monitors? If you do, try to set the service startup
setting to Disabled prior to creating the SYSPREP image. You can always use
Group Policies to reset them to Enabled.

I had a problem where syspreping a machine caused my Administrator password
to be screwed up during sysprep. I had to use a reset utility to fix the
problem. It appeared to be the Anti-virus program causing the problem.

 

[Aaron Wright]

The computer does get an IP address at that point. The problem was
that it couldn't ping anything. Releasing and renewing the IP fixed it
sometimes. We don't have any antivirus, antispam, or network monitors
on the image.

I saw a post on Dell's forums where someone said SP2 fixed a similar
problem. I installed SP2 on this particular image, and it does seem to
have resolved the problems I was having. I'm just going to run with it
for now.

Thanks!
Aaron

 

[Geerty]

Hello Aaron,

I've searched the internet and newsgroups concerning the same issue as
yours. I'm responsible for the initial computer setup for a rather
large company and have recently received the new Dell Latitude D810
and D610 portables on my desk. We use unatteded installations scripts
to setup the new hardware with Windows 2000 SP4. The methodology in
joining the domain is fairly the same as creating an image with a
sysprep afterwards. Anyway it results in the same error message: An
invalid domain was specified. Would you like to proceed for now and
try joining a domain later?

I don't think however that it the cause is due to the incompatible
Broadcom Gigabit card (or driver) like stated in previous posts. It is
rather the combination of the broadcom wired networkcard and the dell
wireless networkcard, who both are active and loaded at the time the
computer is joined in the domain. I think that at this time the
computer is trying to join the domain through the wireless card, witch
doesn't work in our case, because we actually have no wireless network
configured in the company.

How did I come to this: In my first test both driver paths were
included in the OemPnPDriversPath parameter of my unattended file. So
on setup both devices we're discovered and provided with the correct
driver. But when joining the domain I received the above error, just
like you. In my new test today I removed the path of the wireless
networkcard and added the setup.exe of it to the [GuiRunOnce] section
of the unattended file, witch will run after the domain join. And
guess: no errors anymore when joining the domain and every device is
provided with the correct driver.

I think the same is possible with imaging. Don't apply the driver for
the wireless networkcard in the image. I'm not an sysprep expert, but
I think you can also include an [GuiRunOnce] section in it. Make the
driver files and iss file (installshield silent setup file) available
on the harddisk of the image and include the setup.exe command with -s
parameter in the sysprep file like specified below:

[GuiRunOnce]
Command0="C:\drivers\dell\R94827\setup.exe -s"

Everything is still installed in an automated way. If you have
troubles with this, please send me a mail.

Regards, Geerty

 

[Guest]

I have been trying to use DisableDHCPMediaSense for Remote Installation
Images....kind of similar to what you're doing. The thing I've found is that
once you upload the image to the server, this registry setting is lost. Does
anyone know of a way to specify this registry setting in the riprep.sif file??

Micah

 

[jermain]

We had the same problem with the DELL D610 and our ghost image. I solve
the problem by using a docking station or port replicator. The lapto
will register in the Active directory automaticaly. I am in contac
with a Dell technician. If you reinstall your image on a laptop tha
was once registred in AD you won't received that message.

Jermain

*We recently got a new model of laptop in our company. They ar
Dell
Latitude D610's. We build Ghost images for each new model, and w
have
a list of steps we follow for each image so they are consistant.
We've
followed the same steps for this image as we have all others. Th
last
step before we create the image is to run sysprep -mini.

Problem is that sometimes the computer won't automatically join the
domain. Approx. half the time it's fine, and the other half i
fails
with the message "An invalid domain was specified. Would you lik
to
proceed for now and try joining a domain later?" If I choose "No
and
type in everything by hand, it still fails. I tried it severa
times.

It almost behaves as if it doesn't have network connectivity. It's
plugged into our network, and the link and activity lights are lit.
The D610 has a BroadCom GigE adapter, and I have the latest drivers
installed on the image. I'm wondering if it's still buggy becaus
it's
fairly new.

Can anyone offer some ideas to help me dig further into this?
Thanks!
Aaron

-
jermai