VMware Communities
GSFusion
Contributor
Contributor

Active Directory Authentication issues

I have been successfully running a Windows XP SP2 VM for quite a while. It was created by migrating my work PC into VMWare Fusion.

If I'm on the company network (Cisco VPN on the mac "side" or directly attached in the office) and try to boot up into XP, the system will not authenticate and will not allow me to login. But if I'm off of the network, authentication and login proceed normally.

Is there something in AD authentication that was somehow tied to the actual hardware that this OS was originally running on? Based on MAC address or something specific like that?

Should I be able to have an XP system authenticated against Active Directory within a virtual machine?

Apologies if I've munged some of the Active directory terminology or concepts. I only speak windows as a second (or maybe third) language.

Thanks,

Greg in Nashville

Reply
0 Kudos
10 Replies
dtracey
Expert
Expert

Hi Greg,

Just to get my head around this - when you aren't connected to the corporate network your XP guest logs in ok? It will be using cached credentials to do this...

When you are on the network - i'm assuming you are using bridged networking within Fusion - it will obviously try and locate a DC for the domain. Does the computer account in AD still exist for the machine you have P2V'd?

What is the exact login error message?

Thanks,

Dan

Reply
0 Kudos
GSFusion
Contributor
Contributor

I'm not in the office, so at the moment, all I can do is over VPN.

I actually operate in NAT mode - that way, the XP VM can go through the Macintosh-side Cisco-client VPN connection. That way, only one VPN connection, and I can still keep getting email on the mac side from the corporate Exchange server.

I just activated the VM - it was already logged in. Went to a company intranet page, and I get in fine. Same with going to Outlook 2007. So my credentials seem to in order.

Now, I'll shut down the VM, while the macintosh VPN connection is still in place. From within VMWare, I tell it to launch this XP VM.

Startup is proceeding normally. I am then faced with the login dialog "Press Ctrl-Alt-Delete to begin."

I use VMWare to send those keys, and have the windows login panel, with my user name and domain already inserted. The domain popup shows all the company's domains. (Are those live or cached?)

I enter my password, and hit OK and i get the message:

"Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this messae continues to appear, contact your system administrator for assistance."

Unfortunately, the windows box that was the source of this VM has died - drive failure, it appears. So I am unable to go it for any other testing.

Anything of value?

Reply
0 Kudos
curlet91
Enthusiast
Enthusiast

I've seen a similar issue with the SID of the machine changing when it goes through the sysprep process of imaging. I have no idea if something simliar happened here, but you may want to try removing your machine from the AD and re-adding it. Also, double check your DNS/WINS settings, etc. Failing that my guess would be something to do with the Cisco VPN. It might work better to bridge the connection and install the VPN client in the guest.

Just my thoughts...

Tim Curless, VCP

---If you found this information helpful, please consider awarding points for "Correct" or "Helpful." Thank you. Tim Curless, VCP
Reply
0 Kudos
dtracey
Expert
Expert

When you are browsing the company intranet (http) and Outlook 2k7 (rpc over http) it is indeed using your cached credentials (doesn't need a DC), but when you are trying to logon fresh, it needs to talk to a DC and i'm guessing your company Cisco VPN concentrator doesn't like it - it will be down to the policy on the VPN concentrator i'd imagine. Either anti mac spoofing or something similar.

btw - the domain list is also cached from the last time you logged in successfully.

Dan

Reply
0 Kudos
dtracey
Expert
Expert

Also, you probably wouldn't be able to use the Cisco VPN client within the guest to communicate as IPSec doesn't NAT very well...

Reply
0 Kudos
curlet91
Enthusiast
Enthusiast

Right, I would pop it over to a Bridged connection.

If you found this information helpful, please consider awarding points for "Correct" or "Helpful". Thank you.

Tim Curless, VCP

---If you found this information helpful, please consider awarding points for "Correct" or "Helpful." Thank you. Tim Curless, VCP
Reply
0 Kudos
GSFusion
Contributor
Contributor

But if I use bridged, I can't use the VPN connection from the mac

side, can I? And if that were the case, when I started up the VM, I

wouldn't be on the corporate network.

If I were sitting on the corporate network, it would be a different

situation.

Reply
0 Kudos
curlet91
Enthusiast
Enthusiast

Yeah you would have to install and setup the VPN connection on both the Mac and VM side. It's not as pretty as NATing through one, however it may solve your problem.

If you found this information helpful, please consider awarding points for "Correct" or "Helpful". Thank you.

Tim Curless, VCP

---If you found this information helpful, please consider awarding points for "Correct" or "Helpful." Thank you. Tim Curless, VCP
Reply
0 Kudos
GSFusion
Contributor
Contributor

This doesn't work if I want to authenticate against the network when I

boot up the machine. Because I won't be on the network until I've

booted up and used the Windows VPN client to get on the net! A bit of

a catch 22!

I'll continue to experiment!

Reply
0 Kudos
GSFusion
Contributor
Contributor

Cisco client works fine on the XP VM - So that's not a problem.

Reply
0 Kudos