long domain/UPN name in AD causing bug in ZCM bundles?
Using ZCM 11.2.4 with AD (2008 R2 forest/domain functional level) as user-source, we experience the following problem, and (what seems to be) the following trigger:
When logging in with “abcdefghi-groep\username” (name scrambled somewhat for privacy purposes) bundles work mostly as expected, and the following key is written to the registry:
Now, when logging on using the full domain name “ad.abcdefghi-groep.nl\username”, ZCM writes this value as the following in the registry:
Notice the shortened keyname (“-gr” instead of “–groep.nl”) like it were a NETBIOS/Computername (15 characters max length)?
When running scripts or registry edit actions you'll now see the following errors:
Error generating input file for Run Script Action.
There was an error setting file rights for C:\Users\rdtest2\AppData\Local\Temp\3\00b07fa4-7c11-4aaf-b26c-8bc78587d372\e81efbfbf0510cc1e25c916262452f56-rename_local_normal.dotm-430112Input.xml on Value was invalid. Parameter name: sddlForm.
The same thing happens when logging in using the default UPN "email@example.com" except no key seems to be written then, whatsoever. We then also get the above errors.
Is the value of the keyname or an equivalent used in the credentials setting the file rights on the .XML files?, this would explain the error.
Or is it being caused by something else? Looks to me like a bug (if reproducable by someone else, obviously), and took me a while to at least figure out how to work around this problem (or so it seems for now).
I’m the first to admit that logging on with the lengthier versions described above is usually not practical. We normally always just type abcdefghi-groep\username, and I would shorten the UPN if we actually would let our users use it. But since we had an .RDP file in an image that actually had the ad.abcdefghi-groep.nl entry in the “Domain” field a whole bunch of ThinPC’s displayed the errors nonetheless.
As did random workstations/laptops with handmade RDP shortcuts by our helpdesk to some RD servers. And bundles should nevertheless just work in those cases in my humble opinion.
Thanks in advance for any information,