JayJason
Contributor
Contributor

Netlogon errors 3210 after recompose VDI

Hello,

We have a Vmware View Environment hosting a floating pool off Windows 7 machines. We have a strange fenomenon after recomposing our machines.

Background info:

* Floating pool with Windows 7 machines.

* After a user logs off, the machine is deleted and a new one (if needed) is build.

* We use Quickprep to customize the machine.

* The computeraccounts are deleted from AD after the machine is deleted.

The problem:

* The first time a new machine boots, its generates an netlogon error 5719 with the computername of the GI.

* The second time is boots, it generates an netlogon error 3210 with the computername it will use from now on.

* The third time it boots to finalize the job and make it ready for use, it doenst generate errors anymore and everything works fine. Also a secure channel is created with a domaincontroller. When we do a refresh on the VM after that the error also doesnt show anymore.

The annoying part is that it pollutes the eventlogs of our DC's and the machine itself. Does anyone have the same issue and hopefully some comments on how to prevent these kind of errors?

The error: 3210 in the system event log

This computer could not authenticate with <domain controller>, a Windows domain controller for domain <domain>, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

Kind regards,

0 Kudos
9 Replies
azhskr
Enthusiast
Enthusiast

Did you ever solve this issue? I am having the EXACT same problem, and can't figure out what is wrong.

0 Kudos
JayJason
Contributor
Contributor

Nope, still have the same issue. Do you have any more info or suggestions other then i discribed about this matter?

0 Kudos
azhskr
Enthusiast
Enthusiast

Well, I can tell you that I "resolved" the issue by deleting the computer accounts in question out of Active Directory.  I had a 3 desktop pool (we will just call it Test) and all 3 desktops (TEST1, TEST2, TEST3) were having the same issue where they were unable to communicate with the domain because of the error you described.  I deleted the computer accounts out of Active Directory, then deleted the desktops in the pool and allowed them to be recreated with the same snapshot that was failing and now everything is fine.

0 Kudos
JayJason
Contributor
Contributor

Ok the problem with us is that we are using floating pools and everytime a VM logs off its deleted and recreated. During the recompose the Computer account in AD is removed and recreated during the customization. So, in fact we are allready doing what you described here. May I ask which domain and forest functional levels you are using in AD?

0 Kudos
azhskr
Enthusiast
Enthusiast

Both are Windows Server 2008R2

0 Kudos
JayJason
Contributor
Contributor

Anyone experciecing this behauvior or have any comments on this?

0 Kudos
RCW420
Contributor
Contributor

Did you ever find out what the issue was? I am having a similar issue.

0 Kudos
mteofrio
VMware Employee
VMware Employee

Are you sure its removing the AD accounts? From what I know Composer calls a function ServiceCore.Action.ResetAccountAction. This actually doesn't remove the account but just modifies it. If you remove the account it should solve the issue. I pretty sure the issue has to do with the machine password being older than 30days (domain default). Enabling "Disable machine password reset" on your master should solve this issue or doing a remove then recompose.

0 Kudos
sjesse
Leadership
Leadership

make sure this patch is installed

VMware Knowledge Base

I had the exact same problem, it worked for a short time then stopped.

0 Kudos