[Symptom] Error "Failed to create a computer domain account on the AD." is reported when QuickPrep VMs and linked clone VMs are provisioned.
[Keyword] 12292, quick encapsulation, linked clone, computer domain account, AD, and rights
[Applicable version] All versions of FusionAccess V100R005C00/V100R005C10/V100R005C20
[Description] In newly established environment, provisioning full copy VMs succeeds, but provisioning QuickPrep VMs and linked clone VMs fails. Error code 12292 is reported stating "Failed to create a computer domain account on the AD. Please check whether the AD is normal in the system alarm module, and try again.".
[Analysis]
(1) adUtils.log records interconnection logs between the ITA and the AD. The following information is displayed in the error log: 2014-12-15 09:45,963 [133] DEBUG computerDn=CN=xxgg001,CN=Computers,DC=intranet,DC=net, password=******, timeout=30000, adAccount=intranet\vdsadmin, adPassword=******, authType=Secure 2014-12-15 09:45,107 [31] ERROR Failed to operate AD. System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A restriction conflict occurs in System.DirectoryServices.DirectoryEntry.CommitChanges() and ActiveDirectoryUtils.ADUtils.CreateComputerAccount(CreateInvokeInfo info)
(2) The domain account is not granted rights to create computer accounts. It is found that vdsadmin is not added to the right group of Domain Admins in the AD.
[Solution]
(1) Log in to the AD server, choose . Locate the domain account. Right-click Properties, the Member Of tab page is displayed. Click Add, select Domain Admins, and click Save.
[Summary] 1. If the interaction with an AD fails, check the following two aspects:
① Has the password of the domain account expired or is changed?
② Does the domain account have sufficient rights?
2. During the environment deployment, perform operations strictly following the GPI operation guide
