On a Microsoft MDT 2012 Update 1 installation that had worked during a test period we needed to deploy a new batch of laptops with a different product number as this batch was different from our tests because the fingerprint readers were removed from the device.

The issue:

In this case we used MDT 2012 with RES Automation Manager to configure the devices, the MDT ran and the task sequence kicked in. The last step of the task sequence was to install the RES AM agent and that would automatically launch a project to configure the laptop.

With this new batch of laptops the project would give an error and stop so the first thing that came to mind was a driver issue with this new batch but all hardware was installed correctly.

Finding the source of the problem

The error in the RES AM Project was an authentication error so when I tried to logon to the laptop I noticed the laptop wasn’t joined to the domain. I went to the log directory %windir%\Temp\Deploymentlogs as stated in MDT 2010 & 2012 – My deployment failed. What and where are logs I should review? I found the following error in the ZTIDomainJoin.log:

<![LOG[JoinDomain Failure: The account *may* already exist in a different OU. Retrying without the specified OU.]LOG]!>

I checked AD and there was no (pre-staged) Computer account for this device so it couldn’t be a case of duplicated computer accounts. Next step was to manually add the computer to the domain to reproduce an error in Windows, I tried to add the computer to the domain with the service account we provided in the customsettings.ini using the following settings:

SkipDomainMembership=YES
JoinDomain=contoso.local
MachineObjectOU=OU=Workstations,DC=contoso,DC=local
DomainAdmin=sa_account
DomainAdminDomain=contoso
DomainAdminPassword=*********

But I received the following error:

Your computer could not be joined to the domain

“Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased”

 The solution

I found  the following kb article: KB251335 which states:

1. Run Adsiedit.msc as an administrator of the domain.
2. Expand the Domain NC node. This node contains an object that begins with “DC=” and reflects the correct domain name. Right-click this object, and then click Properties.
3. In the Select which properties to view box, click Both.
4. In the Select a property to view box, click ms-DS-MachineAccountQuota.
5. In the Edit Attribute box, type a number. This number represents the number of workstations that you want users to be able to maintain concurrently.
6. Click Set, and then click OK.

After adjusting this value I was able to deploy the new batch of laptops.

The following two tabs change content below.

• Bio
• Latest Posts

Kees Baggerman

Kees Baggerman is a Staff Solutions Architect for End User Computing at Nutanix. Kees has driven numerous Microsoft and Citrix, and RES infrastructures functional/technical designs, migrations, implementations engagements over the years.

Latest posts by Kees Baggerman (see all)

• Nutanix AHV and Citrix MCS: Adding a persistent disk via Powershell – v2 - November 19, 2019
• Recovering a Protection Domain snapshot to a VM - September 13, 2019
• Checking power settings on VMs using powershell - September 11, 2019
• Updated: VM Reporting Script for Nutanix with Powershell - July 3, 2019
• Updated (again!): VM Reporting Script for Nutanix AHV/vSphere with Powershell - June 17, 2019