update

Deland-Han · Deland-Han · commit f65b0760f2e7 · 2025-03-25T21:03:23.000+08:00
diff --git a/support/windows-server/active-directory/domain-join-error-0x40-the-specified-network-name-is-no-longer-available.md b/support/windows-server/active-directory/domain-join-error-0x40-the-specified-network-name-is-no-longer-available.md
@@ -74,33 +74,34 @@ The issue is related to Server Message Block (SMB).
 
 #### Example
 
-The following is an example of a network trace and its analysis:
+The following is an example of a network trace:
 
 ```output
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:Flags=......S., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=0, Seq=1299628969, Ack=0, Win=8192 (  ) = 8192           {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A..S., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785282675, Ack=1299628970, Win=8192 ( Scale factor not supported ) = 8192           {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=0, Seq=1299628970, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           KerberosV5      KerberosV5:TGS Request Realm: ADATUM.COM Sname: cifs/DC1.ADATUM.COM {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785282676, Ack=1299628970, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[ReTransmit #1539]Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=1460, Seq=1299628970 - 1299630430, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[ReTransmit #1539]Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=1460, Seq=1299628970 - 1299630430, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[ReTransmit #1539]Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=536, Seq=1299628970 - 1299629506, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785282676, Ack=1299629506, Win=63704 (scale factor 0x0) = 63704   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[Continuation to #0]Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=536, Seq=1299629506 - 1299630042, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[Continuation to #0]Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=536, Seq=1299630042 - 1299630578, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785282676, Ack=1299630042, Win=63168 (scale factor 0x0) = 63168   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[Continuation to #0]Flags=...AP..., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=536, Seq=1299630578 - 1299631114, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785282676, Ack=1299630738, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           KerberosV5      KerberosV5:     {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:[Continuation to #0]Flags=...AP..., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=290, Seq=2785284136 - 2785284426, Ack=1299630738, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:Flags=...A...., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=0, Seq=1299632186, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785284426, Ack=1299631114, Win=63864 (scale factor 0x0) = 63864   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:[Continuation to #1552]Flags=...AP..., SrcPort=59259, DstPort=Kerberos(88), PayloadLen=320, Seq=1299632186 - 1299632506, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240     {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785284426, Ack=1299632186, Win=62792 (scale factor 0x0) = 62792   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785284426, Ack=1299632506, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-CLIENT1    DC1.ADATUM.COM           TCP      TCP:Flags=...A...F, SrcPort=59259, DstPort=Kerberos(88), PayloadLen=0, Seq=1299632506, Ack=2785282676, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A...., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785284136, Ack=1299632507, Win=64240 (scale factor 0x0) = 64240   {TCP:267, IPv4:5}
-DC1.ADATUM.COM         CLIENT1            TCP      TCP:Flags=...A.R.., SrcPort=Kerberos(88), DstPort=59259, PayloadLen=0, Seq=2785284136, Ack=1299632507, Win=0 (scale factor 0x0) = 0 
+Source             Destination       Protocol Info
+CLIENT1            DC1.ADATUM.COM    TCP        59259 → 88 [SYN] Seq=1299628969 Win=8192 Len=0
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [SYN, ACK] Seq=2785282675 Ack=1299628970 Win=8192 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        59259 → 88 [ACK] Seq=1299628970 Ack=2785282676 Win=64240 Len=0
+CLIENT1            DC1.ADATUM.COM    Kerberos   TGS-REQ Realm: ADATUM.COM Sname: cifs/DC1.ADATUM.COM
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785282676 Ack=1299628970 Win=64240 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        [ReTransmit] 59259 → 88 [ACK] Seq=1299628970 Ack=2785282676 Win=64240 Len=1460
+CLIENT1            DC1.ADATUM.COM    TCP        [ReTransmit] 59259 → 88 [ACK] Seq=1299628970 Ack=2785282676 Win=64240 Len=1460
+CLIENT1            DC1.ADATUM.COM    TCP        [ReTransmit] 59259 → 88 [ACK] Seq=1299628970 Ack=2785282676 Win=64240 Len=536
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785282676 Ack=1299629506 Win=63704 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        [Continuation] 59259 → 88 [ACK] Seq=1299629506 Ack=2785282676 Win=64240 Len=536
+CLIENT1            DC1.ADATUM.COM    TCP        [Continuation] 59259 → 88 [ACK] Seq=1299630042 Ack=2785282676 Win=64240 Len=536
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785282676 Ack=1299630042 Win=63168 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        [Continuation] 59259 → 88 [PSH, ACK] Seq=1299630578 Ack=2785282676 Win=64240 Len=536
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785282676 Ack=1299630738 Win=64240 Len=0
+CLIENT1            DC1.ADATUM.COM    Kerberos   KerberosV5 Message 
+DC1.ADATUM.COM     CLIENT1           TCP        [Continuation] 88 → 59259 [PSH, ACK] Seq=2785284136 Ack=1299630738 Win=64240 Len=290
+CLIENT1            DC1.ADATUM.COM    TCP        59259 → 88 [ACK] Seq=1299632186 Ack=2785282676 Win=64240 Len=0
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785284426 Ack=1299631114 Win=63864 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        [Continuation] 59259 → 88 [PSH, ACK] Seq=1299632186 Ack=2785282676 Win=64240 Len=320
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785284426 Ack=1299632186 Win=62792 Len=0
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785284426 Ack=1299632506 Win=64240 Len=0
+CLIENT1            DC1.ADATUM.COM    TCP        59259 → 88 [FIN, ACK] Seq=1299632506 Ack=2785282676 Win=64240 Len=0
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [ACK] Seq=2785284136 Ack=1299632507 Win=64240 Len=0
+DC1.ADATUM.COM     CLIENT1           TCP        88 → 59259 [RST, ACK] Seq=2785284136 Ack=1299632507 Win=0 Len=0
 ```
 
 From the trace, we can find the Domain Controller (DC) doesn't respond to the Ticket Granting Service (TGS) request from the client for the Service Principal Name (SPN) CIFS/DC1.ADATUM.COM. It sends back a Transmission Control Protocol (TCP) acknowledgment, which suggests the DC received the TGS request. However, it doesn't reply with a valid TGS Response. Finally, the client terminates the TCP connection.
diff --git a/support/windows-server/active-directory/domain-join-error-0x534-no-mapping-between-account-names-and-security-ids-was-done.md b/support/windows-server/active-directory/domain-join-error-0x534-no-mapping-between-account-names-and-security-ids-was-done.md
@@ -23,12 +23,12 @@ When you try to join a computer to a domain, you receive the following error mes
 You review the *netsetup.log* log and found error messages that resemble the following:
 
 ```output
-mm/dd/yyyy hh:mm:ss:ms NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x534
-mm/dd/yyyy hh:mm:ss:ms NetpProvisionComputerAccount: LDAP creation failed: 0x534
-mm/dd/yyyy hh:mm:ss:ms ldap_unbind status: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomainOnDs: Function exits with status of: 0x534
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomainOnDs: status of disconnecting from '\\<DC name>': 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpDoDomainJoin: status: 0x534
+NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x534
+NetpProvisionComputerAccount: LDAP creation failed: 0x534
+ldap_unbind status: 0x0
+NetpJoinDomainOnDs: Function exits with status of: 0x534
+NetpJoinDomainOnDs: status of disconnecting from '\\<DC name>': 0x0
+NetpDoDomainJoin: status: 0x534
 ```
 
 ### Error detail
diff --git a/support/windows-server/active-directory/domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md b/support/windows-server/active-directory/domain-join-error-0x6d9-there-are-no-more-endpoints-available-from-the-endpoint-mapper.md
@@ -23,26 +23,26 @@ When you try to join a computer to a domain, you receive the following error mes
 You review the *netsetup.log* log and found error messages that resemble the following:
 
 ```output
-mm/dd/yyyy hh:mm:ss:ms NetpGetDnsHostName: Read NV Hostname: <hostname>
-mm/dd/yyyy hh:mm:ss:ms NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: <DNS domain>.<TLD>
-mm/dd/yyyy hh:mm:ss:ms NetpLsaOpenSecret: status: 0xc0000034
-mm/dd/yyyy hh:mm:ss:ms NetpGetLsaPrimaryDomain: status: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpLsaOpenSecret: status: 0xc0000034
-mm/dd/yyyy hh:mm:ss:ms NetpManageMachineAccountWithSid: NetUserAdd on \\<hostname>.<domain> for <computername>$ failed: 0x8b0
-mm/dd/yyyy hh:mm:ss:ms NetpManageMachineAccountWithSid: status of attempting to set password on \\<DC name>.<domain>.<tld> for <hostname>$: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: status of creating account: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpGetComputerObjectDn: Unable to bind to DS on \\<DC name>.<domain>.<tld>: 0x6d9
-mm/dd/yyyy hh:mm:ss:ms NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6d9
-mm/dd/yyyy hh:mm:ss:ms ldap_unbind status: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: status of setting DnsHostName and SPN: 0x6d9
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: initiaing a rollback due to earlier errors
-mm/dd/yyyy hh:mm:ss:ms NetpGetLsaPrimaryDomain: status: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpManageMachineAccountWithSid: status of disabling account <hostname>$ on \\<DC name>.<domain>.<tld>: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: rollback: status of deleting computer account: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpLsaOpenSecret: status: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: rollback: status of deleting secret: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpJoinDomain: status of disconnecting from \\<DC name>.<domain>.<tld>: 0x0
-mm/dd/yyyy hh:mm:ss:ms NetpDoDomainJoin: status: 0x6d9
+NetpGetDnsHostName: Read NV Hostname: <hostname>
+NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: <DNS domain>.<TLD>
+NetpLsaOpenSecret: status: 0xc0000034
+NetpGetLsaPrimaryDomain: status: 0x0
+NetpLsaOpenSecret: status: 0xc0000034
+NetpManageMachineAccountWithSid: NetUserAdd on \\<hostname>.<domain> for <computername>$ failed: 0x8b0
+NetpManageMachineAccountWithSid: status of attempting to set password on \\<DC name>.<domain>.<tld> for <hostname>$: 0x0
+NetpJoinDomain: status of creating account: 0x0
+NetpGetComputerObjectDn: Unable to bind to DS on \\<DC name>.<domain>.<tld>: 0x6d9
+NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6d9
+ldap_unbind status: 0x0
+NetpJoinDomain: status of setting DnsHostName and SPN: 0x6d9
+NetpJoinDomain: initiaing a rollback due to earlier errors
+NetpGetLsaPrimaryDomain: status: 0x0
+NetpManageMachineAccountWithSid: status of disabling account <hostname>$ on \\<DC name>.<domain>.<tld>: 0x0
+NetpJoinDomain: rollback: status of deleting computer account: 0x0
+NetpLsaOpenSecret: status: 0x0
+NetpJoinDomain: rollback: status of deleting secret: 0x0
+NetpJoinDomain: status of disconnecting from \\<DC name>.<domain>.<tld>: 0x0
+NetpDoDomainJoin: status: 0x6d9
 ```
 
 ### Error detail
@@ -53,25 +53,23 @@ mm/dd/yyyy hh:mm:ss:ms NetpDoDomainJoin: status: 0x6d9
 
 ## Cause
   
-Error 0x6D9 is logged when network connectivity is blocked between the joining client and the helper DC. The network connectivity services the domain join operation over port 135 or a port in the ephemeral range between 1025 to 5000 or 49152 to 65535. For more information, see [Service overview and network port requirements for Windows](../networking/service-overview-and-network-port-requirements.md).  
+Error 0x6D9 is logged when network connectivity is blocked between the joining client and the Domain Controller (DC). The network connectivity services the domain join operation over port 135 or a port in the ephemeral range between 1025 to 5000 or 49152 to 65535. For more information, see [Service overview and network port requirements for Windows](../networking/service-overview-and-network-port-requirements.md).  
 
-The network connectivity issue can be caused by several factors, including Symantec Endpoint Protection (if it is installed on the helper DC), port exhaustion, and other potential issues.
+The network connectivity issue can be caused by several factors, including advanced security solutions with host firewalls installed on the DC, port exhaustion, and other potential issues.
 
 ## Resolution
 
-1. On the joining client, open the *%systemroot%\\debug\\NETSETUP.LOG* file and determine the name of the helper DC selected by the joining client to perform the join operation. For example: the following NETSETUP.LOG sample shows that the joining client "APP_SRV" is using helper DC "DC1.CONTOSO.COM ":
+1. On the joining client, open the *%systemroot%\\debug\\NETSETUP.LOG* file and determine the name of the DC selected by the joining client to perform the join operation. For example: the following NETSETUP.LOG sample shows that the joining client "APP_SRV" is using DC "DC1.CONTOSO.COM ":
 
    ```output
-   mm/dd hh:mm:ss NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1.CONTOSO.COM' for 'APP_SRV$' failed: 0x8b0
-   mm/dd hh:mm:ss NetpManageMachineAccountWithSid: status of attempting to set password on '\\DC1.CONTOSO.COM' for '<APP_SRV>$': 0x0
-   mm/dd hh:mm:ss NetpJoinDomain: status of creating account: 0x0
-   mm/dd hh:mm:ss NetpGetComputerObjectDn: Unable to bind to DS on '\\DC1.CONTOSO.COM': 0x6d9
+   NetpManageMachineAccountWithSid: NetUserAdd on '\\DC1.CONTOSO.COM' for 'APP_SRV$' failed: 0x8b0
+   NetpManageMachineAccountWithSid: status of attempting to set password on '\\DC1.CONTOSO.COM' for '<APP_SRV>$': 0x0
+   NetpJoinDomain: status of creating account: 0x0
+   NetpGetComputerObjectDn: Unable to bind to DS on '\\DC1.CONTOSO.COM': 0x6d9
    ```
 
-2. Verify that the joining client has network connectivity to the DC over the required ports and protocols used by the applicable operating system (OS) versions. Domain join clients connect a helper DC over Transmission Control Protocol (TCP) port 135 by the dynamically assigned port in the range between 49152 and 65535.
+2. Verify that the joining client has network connectivity to the DC over the required ports and protocols used by the applicable operating system (OS) versions. Domain join clients connect a DC over Transmission Control Protocol (TCP) port 135 by the dynamically assigned port in the range between 49152 and 65535.
 3. Ensure that the OS, software and hardware routers, firewalls, and switches allow connectivity over the required ports and protocols.
 4. Ensure that there are enough available ports for the operation. You can use tools like netstat to check for port availability and usage.
-5. If Symantec Endpoint Protection is installed on the helper DC, review its settings to ensure it isn't blocking the required ports.
+5. If advanced security solutions with host firewalls is installed on the DC, review its settings to ensure it isn't blocking the required ports.
 6. Consider other potential causes and troubleshoot accordingly. For example, check firewall rules, ensure proper DNS resolution, and verify the health of the DC.
-
-[!INCLUDE [Third-party disclaimer](../../includes/third-party-disclaimer.md)]
diff --git a/support/windows-server/active-directory/failure-when-you-use-an-existing-computer-account-to-join-a-domain.md b/support/windows-server/active-directory/failure-when-you-use-an-existing-computer-account-to-join-a-domain.md
