MDT 2013 - Multiple connections to a server or shared resource

CptRetro 496 Reputation points
2021-03-09T07:26:56.177+00:00

Hello all,

in my home lab I installed the current Microsoft Deployment Toolkit 2013 with ADK and ADKWinPE. After installing a machine with windows 2019 with MDT I put a script on the end of the task sequence to join the machine into my domain.

It fails always with the following error:

Add-Computer : Computer 'SRVINFRA01' failed to join domain 'LAB.lcl' from its current workgroup'WORKGROUP' with following error message: Multiple connections to a server or shared resource bythe same user, using more than one user name, are not allowed. Disconnect all previousconnections to the server or shared resource and try again.At \SRVDC01.LAB.lcl\DeploymentShare$\Applications\APP_Join-Domain\Join.ps1:258 char:41+ ... Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainNam ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : OperationStopped: (SRVINFRA01:String) [Add-Computer], InvalidOperationException+ FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand

I could find out that there was a problem with MDT2010 that causes the same error and there was a fix by editing the ZTIUtility.vbs but it is not applikable to the file that comes with MDT2013.

Thats the code:

$TaskXML = [xml]@'
<LAB>
    <Accounts>
 <DomainMembership UserName = "LAB\ACC_DomainAction" Password = "UGEkJHcwcmQ=" /> #it's just Pa$$w0rd
 </Accounts>
    <App TaskName = "LAB" Active = "True" >
        <Task Name = "DomainMembership" Active = "True" Order = "0" Action = "Join" Domain = "LAB.lcl" />
    </App>
</LAB>
'@

Function LAB-Decode-Password() {

 PARAM(

        [Parameter(Mandatory=$True)]
        [String]$EncPassword = ""

    )

    BEGIN {}

 PROCESS {

        <# Usage: LAB-Decode-Password -EncPassword 'UGEkJHcwcmQ=' #>
 $Temp = [system.convert]::FromBase64String($EncPassword)
        $DecPassword = [system.text.encoding]::UTF8.Getstring($temp)

    }

    END { Return $DecPassword } 

}

$DAUserName = $($Global:TaskXML.LAB.Accounts.DomainMembership.Username) 
$DAPassword = LAB-Decode-Password -EncPassword $($Global:TaskXML.LAB.Accounts.DomainMembership.Password)
$DACred = New-Object System.Management.Automation.PSCredential -ArgumentList @($DAUserName,(ConvertTo-SecureString -String $DAPassword -AsPlainText -Force))

If((Get-module ActiveDirectory).Name -eq 'ActiveDirectory'){
 Write-Host "PS module ActiveDirectory already imported" -BackgroundColor Green -ForegroundColor Black
}Else{
    Import-Module ActiveDirectory
    Write-Host "PS module ActiveDirectory imported" -BackgroundColor Green -ForegroundColor Black
}

Try{
    Get-ADComputer -Identity "$env:COMPUTERNAME" -Server "$((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -Credential $DACred -ErrorAction SilentlyContinue
    Write-Host "$env:COMPUTERNAME found in $((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -BackgroundColor Green -ForegroundColor Black
}
Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
    Write-Host "$env:COMPUTERNAME not found in $((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -BackgroundColor Yellow -ForegroundColor Black
}

If($Error[0].CategoryInfo.Category -eq "ObjectNotFound" -and $Error[0].CategoryInfo.TargetName -eq "$env:COMPUTERNAME"){

    $DomainJoin = Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainName ($Global:TaskXML.LAB.App | Where-Object { $_.Name -eq "DomainMembership"}).Domain -Credential $DACred -Force -PassThru -Verbose -ErrorAction SilentlyContinue
    #$Error[0] | Select -Property *

    $WaitTimer = "3"
    ForEach ($Step in (1..$WaitTimer)) {
        Write-Progress -Activity "Waiting" -Status "Waiting - Press any key to stop" -SecondsRemaining ($WaitTimer-$Step) -PercentComplete  ($Step/$WaitTimer*100)
        Start-Sleep -seconds 1
    }

    If(($DomainJoin.HasSucceeded) -eq $True){
        Write-Host "$env:COMPUTERNAME did not joined domain" -BackgroundColor Green -ForegroundColor Black
    }
    If(($DomainJoin.HasSucceeded) -eq $False){
        Write-Host "$env:COMPUTERNAME did not joined domain" -BackgroundColor Red -ForegroundColor White
    }
}

I also try net use * /delete and also to stop and start the server service but without any effect.

Any idea

  • how to fix it?
  • or where is the cause of that message?

Cheers

Microsoft Deployment Toolkit
Microsoft Deployment Toolkit
A collection of Microsoft tools and documentation for automating desktop and server deployment. Previously known as Microsoft Solution Accelerator for Business Desktop Deployment (BDD).
812 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AllenLiu-MSFT 39,131 Reputation points Microsoft Vendor
    2021-03-10T08:34:36.247+00:00

    Hi, @CptRetro
    Thank you for posting in Microsoft Q&A forum.
    I found this from another thread:
    Generally this happens if the local administrator has permissions to that share via pass through security (that is the same password) as the local administrator account or anonymous access has permissions to that particular folder. In that case the permissions for anonymous or local administrator would conflict with the credentials from the build account and you would get that error. I would try to connect to each of those locations manually without specifying credentials and see which one lets you in. You will need to modify the permissions on that folder.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. CptRetro 496 Reputation points
    2021-03-23T05:32:02.197+00:00

    I changed the credentials like:
    Domain Admin: Administrator with password DomainAdminPa$$w0rd
    Local Admin: SysAdmin with password LocalAdminPa$$w0rd

    The deployment share mapped with the domain admin credentials.
    So basically no use of same passwords with different accounts but still the same issue

    0 comments No comments