We have a Vmware View Environment hosting a floating pool off Windows 7 machines. We have a strange fenomenon after recomposing our machines.
* Floating pool with Windows 7 machines.
* After a user logs off, the machine is deleted and a new one (if needed) is build.
* We use Quickprep to customize the machine.
* The computeraccounts are deleted from AD after the machine is deleted.
* The first time a new machine boots, its generates an netlogon error 5719 with the computername of the GI.
* The second time is boots, it generates an netlogon error 3210 with the computername it will use from now on.
* The third time it boots to finalize the job and make it ready for use, it doenst generate errors anymore and everything works fine. Also a secure channel is created with a domaincontroller. When we do a refresh on the VM after that the error also doesnt show anymore.
The annoying part is that it pollutes the eventlogs of our DC's and the machine itself. Does anyone have the same issue and hopefully some comments on how to prevent these kind of errors?
The error: 3210 in the system event log
This computer could not authenticate with <domain controller>, a Windows domain controller for domain <domain>, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
Well, I can tell you that I "resolved" the issue by deleting the computer accounts in question out of Active Directory. I had a 3 desktop pool (we will just call it Test) and all 3 desktops (TEST1, TEST2, TEST3) were having the same issue where they were unable to communicate with the domain because of the error you described. I deleted the computer accounts out of Active Directory, then deleted the desktops in the pool and allowed them to be recreated with the same snapshot that was failing and now everything is fine.
Ok the problem with us is that we are using floating pools and everytime a VM logs off its deleted and recreated. During the recompose the Computer account in AD is removed and recreated during the customization. So, in fact we are allready doing what you described here. May I ask which domain and forest functional levels you are using in AD?
Are you sure its removing the AD accounts? From what I know Composer calls a function ServiceCore.Action.ResetAccountAction. This actually doesn't remove the account but just modifies it. If you remove the account it should solve the issue. I pretty sure the issue has to do with the machine password being older than 30days (domain default). Enabling "Disable machine password reset" on your master should solve this issue or doing a remove then recompose.