VMware Cloud Community
lkimble932
Contributor
Contributor
‎05-03-2012 11:15 AM
Jump to solution

Cold Migration of Domain Controller

Hello.

I'm migrating from from one ESXi 5.0u1 server with direct-attached storage to another.  I have three systems to move, all in a Windows 2008/2003 domain.

The three systems are a Windows 7 workstation, a Windows 2008 DC and a Windows 2008 Exchange 2010 server.  They were all created directly on this ESXi host.

I tested my migration first by trying to move the Windows 7 workstation.

I powered off the workstation and used Veeam FastSCP to copy the vm guest files over.  I added the .vmx file to the new host's inventory and tol the host that I was doing a Move instead of a Copy.

When I powered on the migrated guest system and tried to login I got the following error:

"The trust relationship between this workstation and the primary domain failed"

I found some posts that suggested taking the system out and rejoining the domain.  Not that big a deal I guess for a workstation.  But I'd like to avoid this error when I migrate my DC and Exchange Server.

What can I do to properly migrate these domain systems?  Should I use Vmware Converter instead of Veeam?

Does Vmware offer a trial license of a tool that would allow a live migration (vmotion)?  Still concerned with avoiding that domain error issue, though.

Thanks.

Reply
0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
‎05-03-2012 12:51 PM
Jump to solution

Yes, you can see the current time - as well as the NTP settings which you hopefully configured - in the Configuration tab "Software" -> "Time Configuration".

Btw. when installing an ESXi host the time in the BIOS should be set to the current UTC time.

André

View solution in original post

Reply
0 Kudos
11 Replies
mittim12
Immortal
Immortal
‎05-03-2012 12:19 PM
Jump to solution

I have moved this from the VMware View forum to the vSphere ESXi 5 forum.  

Reply
0 Kudos
a_p_
Leadership
Leadership
‎05-03-2012 12:34 PM
Jump to solution

Only a thought. Do date and time match on the two ESXi hosts?

André

Reply
lkimble932
Contributor
Contributor
‎05-03-2012 12:43 PM
Jump to solution

Interesting.  I'll check.  Is there a way to check the Host's time from the Vsphere Client?

Reply
0 Kudos
mittim12
Immortal
Immortal
‎05-03-2012 12:44 PM
Jump to solution

Great call Andre.. Wrong date/time on Windows 7 machine would skew the ability to successfully login and authenticate to that domain controller.

Reply
a_p_
Leadership
Leadership
‎05-03-2012 12:51 PM
Jump to solution

Yes, you can see the current time - as well as the NTP settings which you hopefully configured - in the Configuration tab "Software" -> "Time Configuration".

Btw. when installing an ESXi host the time in the BIOS should be set to the current UTC time.

André

Reply
0 Kudos
mittim12
Immortal
Immortal
‎05-03-2012 12:54 PM
Jump to solution

You should be able to view it via configuration/time configuration inside the VI Client.

Reply
0 Kudos
lkimble932
Contributor
Contributor
‎05-03-2012 12:59 PM
Jump to solution

The clock on my target host was off by a few hours.  I corrected that.  However, I just started up the host and got the same error when I try to login.  I just tried resetting the computer's domain account and rebooting the workstation.  Same thing...

Does it matter that I told vsphere that I was doing a Move instead of a Copy?  I mean.  This really is a Move. So that seemed like the right answer to me.

Reply
0 Kudos
a_p_
Leadership
Leadership
‎05-03-2012 01:15 PM
Jump to solution

I just tried resetting the computer's domain account and rebooting the workstation

How did you do that? Moving the system to a workgroup and then back into the domain?

Any chance you migrate the original VM a second time after the date/time matches now?

"I moved Moved" it was the correct choice. "I copied it" would have created a new UUID and MAC address for the VM. However, this should not case such an issue anyway.

André

Reply
0 Kudos
lkimble932
Contributor
Contributor
‎05-03-2012 01:20 PM
Jump to solution

I went into AD Users and Computers, right-clicked on the system and chose Reset Account.  I have not moved it to a workgroup. In fact I'd rather not go that route, since I don't dare try that with my DC or my Exchange server.

The copying of the VM takes a couple hours (another issue I'm sure).  But I will blow this one away and try copying it again while the two date/times re accurate.  Guess I'll report back in a few hours.

Reply
0 Kudos
lkimble932
Contributor
Contributor
‎05-04-2012 05:45 AM
Jump to solution

Success.  The windows 7 workstation started up and I logged in successfully after copying it again after correcting the time.  Thanks everyone.  Hopefully this means I should have no issues moving my DC and Exchange Server.

Reply
0 Kudos
Cyberfed27
Hot Shot
Hot Shot
‎05-10-2012 12:29 PM
Jump to solution

Out of curiosity did you check your event logs on the domain controller, they may very well tell you why that Win7 machine couldn't authenticate to the domain.

Reply
0 Kudos