WDS not adding clients to domain

[pinkpanther56]

We have recently upgraded our Active Directory from 2003 R2 to 2008 SP2 and it all seemed to work we don't receive any errors and everything has worked fine for two weeks now. The problem is that I’ve just tried to build a client from the WDS server and it fails to join the domain, the client will PXE boot and load an OS it also creates an account in Active Directory so I know there's connectivity but it ultimately fails to join the domain. If I logon at this point all drivers have been installed including the network card.

These client built ok before the upgrade so I'm thinking it's something to do with 2008 security settings.

I can see this error in the setuperr.log file.

Error:
NetSetup: Join domain ****** in full unattended mode failed. Setup will proceed to join the default workgroup.

Can anyone shed any light?

Thanks.

 

[pinkpanther56]

Ok i've found the answer in the MS KB article below, you have to enable the "Allow cryptography algorithms compatible with Windows NT 4.0" setting in group policy.

As we don't have any clients or servers running less than XP SP2/2003 SP2 can anyone tell me why we need to allow a policy that puts back the encryption to NT4 levels.

I noticed in my ristndrd.sif file it says "DoOldStyleDomainJoin = yes" could this have something to do with it?

http://support.microsoft.com/kb/942564

Thanks.