question

CptRetro-6424 avatar image
0 Votes"
CptRetro-6424 asked CptRetro-6424 answered

MDT 2013 - Multiple connections to a server or shared resource

Hello all,

in my home lab I installed the current Microsoft Deployment Toolkit 2013 with ADK and ADKWinPE. After installing a machine with windows 2019 with MDT I put a script on the end of the task sequence to join the machine into my domain.

It fails always with the following error:

Add-Computer : Computer 'SRVINFRA01' failed to join domain 'LAB.lcl' from its current workgroup'WORKGROUP' with following error message: Multiple connections to a server or shared resource bythe same user, using more than one user name, are not allowed. Disconnect all previousconnections to the server or shared resource and try again.At \\SRVDC01.LAB.lcl\DeploymentShare$\Applications\APP_Join-Domain\Join.ps1:258 char:41+ ... Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainNam ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : OperationStopped: (SRVINFRA01:String) [Add-Computer], InvalidOperationException+ FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand

I could find out that there was a problem with MDT2010 that causes the same error and there was a fix by editing the ZTIUtility.vbs but it is not applikable to the file that comes with MDT2013.

Thats the code:

 $TaskXML = [xml]@'
 <LAB>
     <Accounts>
  <DomainMembership UserName = "LAB\ACC_DomainAction" Password = "UGEkJHcwcmQ=" /> #it's just Pa$$w0rd
  </Accounts>
     <App TaskName = "LAB" Active = "True" >
         <Task Name = "DomainMembership" Active = "True" Order = "0" Action = "Join" Domain = "LAB.lcl" />
     </App>
 </LAB>
 '@
    
 Function LAB-Decode-Password() {
    
  PARAM(
    
         [Parameter(Mandatory=$True)]
         [String]$EncPassword = ""
            
     )
        
     BEGIN {}
        
  PROCESS {
    
         <# Usage: LAB-Decode-Password -EncPassword 'UGEkJHcwcmQ=' #>
  $Temp = [system.convert]::FromBase64String($EncPassword)
         $DecPassword = [system.text.encoding]::UTF8.Getstring($temp)
            
     }
        
     END { Return $DecPassword } 
        
 }
    
 $DAUserName = $($Global:TaskXML.LAB.Accounts.DomainMembership.Username) 
 $DAPassword = LAB-Decode-Password -EncPassword $($Global:TaskXML.LAB.Accounts.DomainMembership.Password)
 $DACred = New-Object System.Management.Automation.PSCredential -ArgumentList @($DAUserName,(ConvertTo-SecureString -String $DAPassword -AsPlainText -Force))
    
 If((Get-module ActiveDirectory).Name -eq 'ActiveDirectory'){
  Write-Host "PS module ActiveDirectory already imported" -BackgroundColor Green -ForegroundColor Black
 }Else{
     Import-Module ActiveDirectory
     Write-Host "PS module ActiveDirectory imported" -BackgroundColor Green -ForegroundColor Black
 }
    
 Try{
     Get-ADComputer -Identity "$env:COMPUTERNAME" -Server "$((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -Credential $DACred -ErrorAction SilentlyContinue
     Write-Host "$env:COMPUTERNAME found in $((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -BackgroundColor Green -ForegroundColor Black
 }
 Catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{
     Write-Host "$env:COMPUTERNAME not found in $((Get-ADDomainController -Discover -DomainName $Global:TaskXML.LAB.App.Task | Where-Object { $_.Name -eq "DomainMembership"}).HostName)" -BackgroundColor Yellow -ForegroundColor Black
 }
    
 If($Error[0].CategoryInfo.Category -eq "ObjectNotFound" -and $Error[0].CategoryInfo.TargetName -eq "$env:COMPUTERNAME"){
    
     $DomainJoin = Add-Computer -ComputerName "$env:COMPUTERNAME" -DomainName ($Global:TaskXML.LAB.App | Where-Object { $_.Name -eq "DomainMembership"}).Domain -Credential $DACred -Force -PassThru -Verbose -ErrorAction SilentlyContinue
     #$Error[0] | Select -Property *
    
     $WaitTimer = "3"
     ForEach ($Step in (1..$WaitTimer)) {
         Write-Progress -Activity "Waiting" -Status "Waiting - Press any key to stop" -SecondsRemaining ($WaitTimer-$Step) -PercentComplete  ($Step/$WaitTimer*100)
         Start-Sleep -seconds 1
     }
    
     If(($DomainJoin.HasSucceeded) -eq $True){
         Write-Host "$env:COMPUTERNAME did not joined domain" -BackgroundColor Green -ForegroundColor Black
     }
     If(($DomainJoin.HasSucceeded) -eq $False){
         Write-Host "$env:COMPUTERNAME did not joined domain" -BackgroundColor Red -ForegroundColor White
     }
 }

I also try net use * /delete and also to stop and start the server service but without any effect.

Any idea
- how to fix it?
- or where is the cause of that message?



Cheers

mem-mdt
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT commented

Hi, @CptRetro-6424
Thank you for posting in Microsoft Q&A forum.
I found this from another thread:
Generally this happens if the local administrator has permissions to that share via pass through security (that is the same password) as the local administrator account or anonymous access has permissions to that particular folder. In that case the permissions for anonymous or local administrator would conflict with the credentials from the build account and you would get that error. I would try to connect to each of those locations manually without specifying credentials and see which one lets you in. You will need to modify the permissions on that folder.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AllenLiu-MSFT
Thank you for your reply. In basically use 3 different accounts but with the same password. Now all of them have different passwords. I also change permission on the DeploymentShare but same error message.

Can you maybe tell me where this message came from?

0 Votes 0 ·
CptRetro-6424 avatar image
0 Votes"
CptRetro-6424 answered

I changed the credentials like:
Domain Admin: Administrator with password DomainAdminPa$$w0rd
Local Admin: SysAdmin with password LocalAdminPa$$w0rd

The deployment share mapped with the domain admin credentials.
So basically no use of same passwords with different accounts but still the same issue

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.