Hallo,
wenn ich über die Linux Shell die Opsi Clients auf die Win10 Desktops deploye erscheint folgender Fehler:
/var/lib/opsi/depot/opsi-client-agent/opsi-deploy-client-agent --username DOMAIN/ADMIN --password PASS -c --smbclient -r TQDSK22.TEMAQ.LOCAL
Starting deployment to host u'tqdsk22.temaq.local'
Querying for ip address of host u'tqdsk22.temaq.local'
Got ip address '10.20.9.6' from syscall
Pinging host '10.20.9.6' ...
Host 10.20.9.6 is up
Testing winexe
Deployment to 'TQDSK22.TEMAQ.LOCAL' failed: Failed to execute command on host u'tqdsk22.temaq.local': winexe error: Command '/usr/bin/winexe -U 'TEMAQ/TQ-SA-OPSI-Admin%*** confidential ***' //tqdsk22.temaq.local 'cmd.exe /C "del /s /q c:\tmp\opsi-client-agent_inst && rmdir /s /q c:\tmp\opsi-client-agent_inst || echo not found"'' failed (1):
ERROR: Failed to install service winexesvc - NT_STATUS_DOMAIN_LIMIT_EXCEEDED
winexe debug
root@tqinf05:~# winexe -U 'DOMAIN/USER%PASS' //tqdsk22.domain.local 'dir C:' -d7
adding hidden service IPC$
adding hidden service ADMIN$
failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_0): No such file or directory
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
Using binding ncacn_np:tqdsk22.temaq.local
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.20.11.227 nmask=255.255.252.0
added interface ip=10.20.11.227 nmask=255.255.252.0
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs@tqdsk22.temaq.local failed: Miscellaneous failure (see text): unable to find realm of host tqinf05
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] FB 80 6F 97 26 19 75 F3 ..o.&.u.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
added interface ip=10.20.11.227 nmask=255.255.252.0
added interface ip=10.20.11.227 nmask=255.255.252.0
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs@tqdsk22.temaq.local failed: Miscellaneous failure (see text): unable to find realm of host tqinf05
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] A9 07 78 A0 65 17 61 FE ..x.e.a.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
svc_UploadService: Installing 64bit winexesvc.exe
ERROR: StartService failed. NT_STATUS_DOMAIN_LIMIT_EXCEEDED.
added interface ip=10.20.11.227 nmask=255.255.252.0
added interface ip=10.20.11.227 nmask=255.255.252.0
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs@tqdsk22.temaq.local failed: Miscellaneous failure (see text): unable to find realm of host tqinf05
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] AD 3E AC FA 91 A2 34 50 .>....4P
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
IN: async_open(\ahexec, 2)
IN: async_open_recv
ERROR: smb_raw_open_recv - NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR: on_ctrl_pipe_error - NT_STATUS_OBJECT_NAME_NOT_FOUND
Using binding ncacn_np:tqdsk22.temaq.local
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.20.11.227 nmask=255.255.252.0
added interface ip=10.20.11.227 nmask=255.255.252.0
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs@tqdsk22.temaq.local failed: Miscellaneous failure (see text): unable to find realm of host tqinf05
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] C7 82 BB 7D F6 CF 4C C4 ...}..L.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
added interface ip=10.20.11.227 nmask=255.255.252.0
added interface ip=10.20.11.227 nmask=255.255.252.0
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs@tqdsk22.temaq.local failed: Miscellaneous failure (see text): unable to find realm of host tqinf05
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 50 85 39 AF 94 5C 74 20 P.9..\t
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
svc_UploadService: Installing 64bit winexesvc.exe
ERROR: StartService failed. NT_STATUS_DOMAIN_LIMIT_EXCEEDED.
ERROR: Failed to install service winexesvc - NT_STATUS_DOMAIN_LIMIT_EXCEEDED
Windows 10 1709 mit September Update
PS C:\WINDOWS\system32> Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol
FeatureName : SMB1Protocol
State : Enabled
OPSI
Distributor ID: Ubuntu
Description: Ubuntu 16.04.5 LTS
Release: 16.04
Codename: xenial
mit den letzten Updates
Winexe Version 1.00.1-1
WinExe Fehler beim OPSI Client deployment - NT_STATUS_DOMAIN_LIMIT_EXCEEDED
-
tobiasburg
- Beiträge: 1
- Registriert: 04 Nov 2018, 21:48
-
uncle_scrooge
- Beiträge: 650
- Registriert: 21 Feb 2012, 12:03
- Wohnort: Mainz
Re: WinExe Fehler beim OPSI Client deployment - NT_STATUS_DOMAIN_LIMIT_EXCEEDED
Das übliche Frage-Antwort-Spiel...
- hat das jemals in eurer Umgebung funktioniert?
- wenn ja, wann? (Lies: was ist mittlerweile an Updates installiert worden.)
- wenn ja, gegen welche Betriebssysteme?
- wenn es noch nie funktioniert hat - habt ihr ggfs. euren OPSI-Server mit einer Windows Domäne verheiratet?
- gibt es auf dem Zielsystem im Eventlog Meldungen, die zeitlich mit deinen Versuchen zusammenfallen?
- hat das jemals in eurer Umgebung funktioniert?
- wenn ja, wann? (Lies: was ist mittlerweile an Updates installiert worden.)
- wenn ja, gegen welche Betriebssysteme?
- wenn es noch nie funktioniert hat - habt ihr ggfs. euren OPSI-Server mit einer Windows Domäne verheiratet?
- gibt es auf dem Zielsystem im Eventlog Meldungen, die zeitlich mit deinen Versuchen zusammenfallen?