Domain Join 실패 원인 분석
네트워크 방화벽이 설치된 환경에서 port 차단에 의한 도메인 Join 실패 현상과 관련하여 아래와 같이 정리하였습니다.
Windows Server 2003 EE SP2
Domain Controller에 Join 을 시도할 때 계정/패스워드 입력 후 아래 메시지 발생합니다.
도메인 ""에 가입하는 동안 다음 오류가 발생했습니다:
종점 매퍼에서 사용 가능한 종점이 더 이상 없습니다.
(There are no more endpoints available from the endpoint mapper)
방화벽으로 인해 Client 1024-65535 port 가 차단되어 있습니다.
서버, 클라이언트 측 도메인 트러스트에 필요한 해당 포트를 개방합니다.
1. Portqry 사용으로 DC Join에 필요한 해당 포트 LISTENING 상태 확인
- 아래 port 가 개방되어 있지 않습니다.
Client(1024-65535/TCP/UDP) | Server(389/TCP/UDP) - LDAP
Client(1024-65535/TCP) | Server(636/TCP) - LDAP SSL
Client(1024-65535/TCP) | Server(3268/TCP) - LDAP GC
Client(1024-65535/TCP) | Server(3269/TCP) - LDAP GC SSL
Client(53.1024-65535/TCP/UDP) | Server(53/TCP/UDP) - DNS
Client(1024-65535/TCP/UDP) | Server(88/TCP/UDP) - Kerberos
Client(1024-65535/TCP) | Server(445/TCP) - SMB
2. %systemroot%\debug\Netsetup.log
09/25 11:03:29 -----------------------------------------------------------------
09/25 11:03:29 NetpValidateName: checking to see if '' is valid as type 3 name
09/25 11:03:29 NetpCheckDomainNameIsValid [ Exists ] for '' returned 0x0
09/25 11:03:29 NetpValidateName: name '' is valid for type 3
09/25 11:03:38 -----------------------------------------------------------------
09/25 11:03:38 NetpDoDomainJoin
09/25 11:03:38 NetpMachineValidToJoin: 'laigo01'
09/25 11:03:38 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:03:38 NetpMachineValidToJoin: status: 0x0
09/25 11:03:38 NetpJoinDomain
09/25 11:03:38 Machine: laigo01
09/25 11:03:38 Domain:
09/25 11:03:38 MachineAccountOU: (NULL)
09/25 11:03:38 Account:\user11
09/25 11:03:38 Options: 0x25
09/25 11:03:38 OS Version: 5.2
09/25 11:03:38 Build number: 3790
09/25 11:03:38 ServicePack: Service Pack 2
09/25 11:03:38 NetpValidateName: checking to see if '' is valid as type 3 name
09/25 11:03:38 NetpCheckDomainNameIsValid [ Exists ] for '' returned 0x0
09/25 11:03:38 NetpValidateName: name '' is valid for type 3
09/25 11:03:38 NetpDsGetDcName: trying to find DC in domain '', flags: 0x1020
09/25 11:03:53 NetpDsGetDcName: failed to find a DC having account 'laigo01$': 0x525
09/25 11:03:53 NetpDsGetDcName: found DC '\\' in the specified domain
09/25 11:04:03 NetpJoinDomain: status of connecting to dc '\\': 0x0
09/25 11:04:03 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:03 NetpGetDnsHostName: Read NV Hostname: laigo01
09/25 11:04:03 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name:
09/25 11:04:03 NetpLsaOpenSecret: status: 0xc0000034
09/25 11:04:03 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:03 NetpLsaOpenSecret: status: 0xc0000034
09/25 11:04:03 NetpJoinDomain: status of setting machine password: 0x0
09/25 11:04:24 NetpGetComputerObjectDn: Unable to bind to DS on '\\': 0x6d9
09/25 11:04:24 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6d9
09/25 11:04:24 ldap_unbind status: 0x0
09/25 11:04:24 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6d9
09/25 11:04:24 NetpJoinDomain: initiaing a rollback due to earlier errors
09/25 11:04:24 NetpLsaOpenSecret: status: 0x0
09/25 11:04:24 NetpJoinDomain: rollback: status of deleting secret: 0x0
09/25 11:04:24 NetpJoinDomain: status of disconnecting from '\\': 0x0
09/25 11:04:24 NetpDoDomainJoin: status: 0x6d9
09/25 11:04:24 -----------------------------------------------------------------
09/25 11:04:24 NetpDoDomainJoin
09/25 11:04:24 NetpMachineValidToJoin: 'laigo01'
09/25 11:04:24 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:24 NetpMachineValidToJoin: status: 0x0
09/25 11:04:24 NetpJoinDomain
09/25 11:04:24 Machine: laigo01
09/25 11:04:24 Domain:
09/25 11:04:24 MachineAccountOU: (NULL)
09/25 11:04:24 Account:\user11
09/25 11:04:24 Options: 0x27
09/25 11:04:24 OS Version: 5.2
09/25 11:04:24 Build number: 3790
09/25 11:04:24 ServicePack: Service Pack 2
09/25 11:04:24 NetpValidateName: checking to see if '' is valid as type 3 name
09/25 11:04:24 NetpCheckDomainNameIsValid [ Exists ] for '' returned 0x0
09/25 11:04:24 NetpValidateName: name '' is valid for type 3
09/25 11:04:24 NetpDsGetDcName: trying to find DC in domain '', flags: 0x1020
09/25 11:04:25 NetpDsGetDcName: found DC '\\' in the specified domain
09/25 11:04:29 NetpJoinDomain: status of connecting to dc '\\': 0x0
09/25 11:04:29 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:29 NetpGetDnsHostName: Read NV Hostname: laigo01
09/25 11:04:29 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name:
09/25 11:04:29 NetpLsaOpenSecret: status: 0xc0000034
09/25 11:04:29 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:29 NetpLsaOpenSecret: status: 0xc0000034
09/25 11:04:29 NetpManageMachineAccountWithSid: NetUserAdd on '\\' for 'laigo01$' failed:
09/25 11:04:29 NetpManageMachineAccountWithSid: status of attempting to set password on
\\' for 'laigo01$': 0x0
09/25 11:04:29 NetpJoinDomain: status of creating account: 0x0
09/25 11:04:51 NetpGetComputerObjectDn: Unable to bind to DS on '\\': 0x6d9
09/25 11:04:51 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6d9
09/25 11:04:51 ldap_unbind status: 0x0
09/25 11:04:51 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6d9
09/25 11:04:51 NetpJoinDomain: initiaing a rollback due to earlier errors
09/25 11:04:51 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:04:51 NetpManageMachineAccountWithSid: status of disabling account 'laigo01$' on
\\': 0x0
09/25 11:04:51 NetpJoinDomain: rollback: status of deleting computer account: 0x0
09/25 11:04:51 NetpLsaOpenSecret: status: 0x0
09/25 11:04:51 NetpJoinDomain: rollback: status of deleting secret: 0x0
09/25 11:04:51 NetpJoinDomain: status of disconnecting from '\\': 0x0
09/25 11:04:51 NetpDoDomainJoin: status: 0x6d9
09/25 11:09:06 -----------------------------------------------------------------
09/25 11:09:06 NetpValidateName: checking to see if '' is valid as type 3 name
09/25 11:09:06 NetpCheckDomainNameIsValid [ Exists ] for '' returned 0x0
09/25 11:09:06 NetpValidateName: name '' is valid for type 3
09/25 11:09:24 -----------------------------------------------------------------
09/25 11:09:24 NetpDoDomainJoin
09/25 11:09:24 NetpMachineValidToJoin: 'laigo01'
09/25 11:09:24 NetpGetLsaPrimaryDomain: status: 0x0
09/25 11:09:24 NetpMachineValidToJoin: status: 0x0
09/25 11:09:24 NetpJoinDomain
09/25 11:09:24 Machine: laigo01
09/25 11:09:24 Domain:
09/25 11:09:24 MachineAccountOU: (NULL)
09/25 11:09:24 Account:\user11
09/25 11:09:24 Options: 0x25
09/25 11:09:24 OS Version: 5.2
09/25 11:09:24 Build number: 3790
09/25 11:09:24 ServicePack: Service Pack 2
09/25 11:09:24 NetpValidateName: checking to see if '' is valid as type 3 name
09/25 11:09:24 NetpCheckDomainNameIsValid [ Exists ] for '' returned 0x0
09/25 11:09:24 NetpValidateName: name '' is valid for type 3
09/25 11:09:24 NetpDsGetDcName: trying to find DC in domain '', flags: 0x1020
Troubleshooting RPC Endpoint Mapper errors using the Windows Server 2003 Support Tools from the product CD
도메인 및 트러스트를 위한 방화벽을 구성하는 방법
Join and Authentication issues
PortQry Command Line Port Scanner Version 2.0 (PortQry 다운로드)
작성자 : Lai Go / 작성일자 : 2008.09.25