Can't Join Computer To Domain - Event 4097 Error Code 384
The error code returns the following information:
C:\>net helpmsg 384
You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
Your system requires SMB2 or higher. For more info on resolving this issue, see: https://go.microsoft.com/fwlink/?linkid=852747
Verify that SMB1 support is enabled on the client machine in Windows Features and reboot the machine afterwards:
Warning: This is NOT recommended, and should only serve as a temporary workaround to let you join a 2003 domain.
Related videos on Youtube
pi905
Updated on September 18, 2022Comments
-
pi905 over 1 year
I am trying to connect a laptop to my work domain. This computer has been connected to this same domain before, however it was wiped and setup as new for a new employee. I changed the hostname back to what it originally was when it was on the from when it was on the domain (denoted by placeholder LAPTOP in the error reports), but now when I try to connect it to the domain, I get the message "Can't join this domain." This has not happened to me before, and I can't find anything out there that matches my case save for a couple of posts with no resolution. I have also included the Event Viewer error as well as what was logged in C:\Windows\debug\NetSetup.
Event Viewer, Error 4097:
The machine LAPTOP attempted to join the domain DOMAIN.local but failed. The error code was 384.
NetSetup:
06/21/2018 13:40:27:514 NetpDoDomainJoin 06/21/2018 13:40:27:514 NetpDoDomainJoin: using new computer names 06/21/2018 13:40:27:514 NetpDoDomainJoin: NetpGetNewMachineName returned 0x0 06/21/2018 13:40:27:514 NetpDoDomainJoin: NetpGetNewHostName returned 0x0 06/21/2018 13:40:27:514 NetpMachineValidToJoin: 'LAPTOP' 06/21/2018 13:40:27:514 NetpMachineValidToJoin: status: 0x0 06/21/2018 13:40:27:514 NetpJoinDomain 06/21/2018 13:40:27:514 HostName: LAPTOP 06/21/2018 13:40:27:514 NetbiosName: LAPTOP 06/21/2018 13:40:27:514 Domain: DOMAIN.local 06/21/2018 13:40:27:514 MachineAccountOU: (NULL) 06/21/2018 13:40:27:514 Account: DOMAIN.local\ADMINUSER 06/21/2018 13:40:27:514 Options: 0x403 06/21/2018 13:40:27:546 NetpValidateName: checking to see if 'DOMAIN.local' is valid as type 3 name 06/21/2018 13:40:27:608 NetpCheckDomainNameIsValid [ Exists ] for 'DOMAIN.local' returned 0x0 06/21/2018 13:40:27:608 NetpValidateName: name 'DOMAIN.local' is valid for type 3 06/21/2018 13:40:27:608 NetpDsGetDcName: trying to find DC in domain 'DOMAIN.local', flags: 0x40001010 06/21/2018 13:40:28:077 NetpDsGetDcName: failed to find a DC having account 'LAPTOP$': 0x525, last error is 0x0 06/21/2018 13:40:28:093 NetpDsGetDcName: status of verifying DNS A record name resolution for 'DC.DOMAIN.local': 0x0 06/21/2018 13:40:28:093 NetpDsGetDcName: found DC '\\DC.DOMAIN.local' in the specified domain 06/21/2018 13:40:28:093 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 06/21/2018 13:40:28:093 NetpDisableIDNEncoding: using FQDN DOMAIN.local from dcinfo 06/21/2018 13:40:28:093 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'DOMAIN.local' succeeded 06/21/2018 13:40:28:093 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 06/21/2018 13:40:28:187 NetUseAdd to \\DC.DOMAIN.local\IPC$ returned 384 06/21/2018 13:40:28:187 NetpJoinDomainOnDs: status of connecting to dc '\\DC.DOMAIN.local': 0x180 06/21/2018 13:40:28:187 NetpJoinDomainOnDs: Function exits with status of: 0x180 06/21/2018 13:40:28:187 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'DOMAIN.local' returned 0x0 06/21/2018 13:40:28:187 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'DOMAIN.local': 0x0 06/21/2018 13:40:28:187 NetpDoDomainJoin: status: 0x180
As a final note, I did see something on SMB, and after going into the registry I did not find an entry under the key path, which as I understand means that it is enabled. The DC is on Windows Server 2003.
Thank you for any and all advice.
-
Ramhound almost 6 yearsWhat operating system is the client machine running? The error indicates the domain controller hostname could not even be resolved. You should contact your network administrator for assistance with this problem.
-
pi905 almost 6 years@Ramhound The domain controller hostname was replaced with DC for the sake of general privacy, and the same applies to the domain, which was replaced with DOMAIN. My apologies for not making that clear in the original post. With that information, do you still see an issue? Also, the client machine is running on Windows 10.
-
Ramhound almost 6 yearsIt was clear. Does not change the fact, the error message still indicates, the client machine was unable to communicate with the domain controller. This cannot be solved by anyone that isn't an Administrator. Even if this is an SMB compatibility issue, only the Administrator on the Active Directory can solve that problem.
-
-
pi905 almost 6 yearsThis was the solution. I was able to enable it to join the domain, and then turn it off after and still be able to connect. I didn't know that the feature was disabled after recent updates, so that makes sense that it seemed to happen "all of a sudden." Thank you.
-
FastEthernet almost 6 years@pi905 Be aware that you probably won't be able to apply logon scripts and group policies to this machine if it cannot reach the shares on the domain controller. Therefore you may want to keep SMB1 enabled on the client.
-
pi905 almost 6 yearsthat is something I did not take into account. I will probably need to apply some group policies in the future, so thank you for that reminder.