tnickasn
Contributor
Contributor

copy of XP VM can't connect to domain

Greetings,

The VM is XP SP2 running under fusion 1.1.3. Anyways, I back up the VM file often to an external drive. Yesterday I had to restore the VM from a recent back up (simply deleted the old VM and copied that backup to it's previous location. When I started up the VM and tried to login (I login to a Win2000 AD), I got an error saying 'Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact your systems addministrator for assistance.'

When I copy the VM file and start it is asks if it was moved or copied. I always answer 'moved it' since I'm just wanting to start what should be an exact replica (and only one runnning at a time anyway...sometimes I create alternate replicas that have slighty different software installed)

The only way to log in to the VM (and eventually the domain) is that I login in to the domain server, delete the computer from AD, login to the VM as the local admin, change it to be in a work group, reboot, login to VM (now in workgroup) and add it back to the domain, reboot the VM and then I can log into the domain as normal.

I did this process, copied the resultant VM and started the copy and tried to login with it (of course while the other was down). I got the exact same problem???

How can this be? What a I missing? Shouldn't AD think that there is only one machine out there?(like I said I never start multiple at the same time).

I don't recall having this issue before....

I read posts with people with similar issues but not when simply doing a copy of the VM (and starting the copied as a 'moved vm).

Any ideas? Thanks in advance

Anyway...so what is the deal???? If I copy the fusion VM and then restore

0 Kudos
13 Replies
tnickasn
Contributor
Contributor

anyone??

0 Kudos
Mujina
Contributor
Contributor

Hi,

This is the uid, which is the unique ID of your machine. If you do an exact copy, the uid is in twice on your domain, so already register.

Prefer to do a template of your XP before you attach it to the domain. May be you just have to answer "copied" instead of "moved it"

0 Kudos
tnickasn
Contributor
Contributor

Hi

This can't be the UID. the original VM is registered in the domain and I have (what should be) an exact 100% copy (and specify 'moved it') when I start. If I log in with the duplicate, how

would the active directory know that it is a different PC?? It shoudl see exactly the same credentials.

Obviously something must be changed, but I don't know what since the VM is a file level copy (a 100% duplicate). Unless 'moved it' is actually changing something upons startup that the directory server detects.

The documentation implies 'moved it' makes no changes.

0 Kudos
jbruelasdgo
Virtuoso
Virtuoso

try to use the newsid utility. It will re-create the SID on the VM (that is the actual issue on AD)

Jose

Jose B Ruelas http://aservir.wordpress.com
0 Kudos
WoodyZ
Immortal
Immortal

NewSID is not officially supported by Microsoft even though they bought Sysinternals and have made it a part of TechNet and beside that the issue is the OP should be able to make an exact binary copy of the Virtual Machine and restore it on the same system it was created on and reconnect to his Domain without having to go through these hoops and jumps.

0 Kudos
tnickasn
Contributor
Contributor

Hi again,

Exactly as you say WoodyZ. If I shut down the fusion XP VM, then copy the Mac OS X file that contains the VM, it shoul dbe EXACTLY the same. How would the Active directory server even notice if I start up the copy and not the original?

I have to assume that the OS X copy if not the problem, but perhaps when I start the copy and am asked if it has been moved or copied (and I select moved), that VMware fusion makes a change somewhere? Or perhaps there is something in the background VMware fusion daemon processes that intercept and make the AD think this copy is somehow different?

Very strange.

0 Kudos
WoodyZ
Immortal
Immortal

It is my understanding that when one answers "I moved it" that nothing is changed and when one answers "I copied it" that the UUID and MAC Address is changed in the .vmx configuration file and while the UUD in the .vmx file is for internal use by Fusion it would be the change in MAC Address that could be an issue. Anyway I haven't had time to do any testing on this today and not sure I'll get to it to day either however I am curious as to what is causing the problem so I'll try to do some tests sometime in the next few days.

0 Kudos
oreeh
Immortal
Immortal

The MAC and BIOS UUID changes don't interfere with domain connectivity (besides possible DHCP issues due to the changed MAC).

How "recent" was your backup?

It could be that the computer account password changed (this usually happens every 30 days).

If removing the system from the domain and the re-adding it you can be almost sure that the password changes are the reason / issue.

I would also check that the copy is identical to the source by calculating and comparing HASH values of the VMDKs (just in case there's something wrong with the disk subsystem).

Message was edited by: oreeh

0 Kudos
WoodyZ
Immortal
Immortal

How "recent" was your backup?

It could be that the computer account password changed (this usually happens every 30 days).

If removing the system from the domain and the re-adding it you can be almost sure that the password changes are the reason / issue.

That's a very good point and I have seen that in my own use in the past and don't know why I didn't think to mention that. Smiley Happy

0 Kudos
tnickasn
Contributor
Contributor

Hi Gentlemen,

The password hasn't changed in a long time (a couple years). These VM's as needed for various consulting projects I don't need to worry about the security.

in any case, when I first encountered this problem to test that I wasn't dreaming, I literally shut down the VM ( that I last used to log in to domain... that same day), copied it and started up the copy. The copy encounted the problem. so not a password issue.

0 Kudos
vvegas
Enthusiast
Enthusiast

I believe they are referring to the workstation computer account and the password it uses to connect with the domain. See http://support.microsoft.com/kb/216393

That password automatically changes every 30 days (by default) with no action required on your part. They think that perhaps the workstation's password has changed since you took your backup and that may be why you cannot login. The article I noted has suggestions for resolving this problem.

tnickasn
Contributor
Contributor

Hi VVegas and collegues

The Microsoft support document you referred to does mention the same event log messages (I just checked the AD event log). However it is still puzzling becasue when the problem first happened and I realized something strange was going on I'm sure (ok...not 100%) that I copied the VM after changed it to a workgroup, then deleted entry in AD, then added back to the domain. This should have had a fresh sync to AD, but again when I tried to start the copy, it raised theat error. Maybe my recollection is wrong. I will trythe process again later today to confirm.

Thanks

0 Kudos
PhdEddie
Contributor
Contributor

Hello,

What Wegas has pointed out was the issue I was having some time ago.

The "AD computer" account will change every 30 days.

I also had to do the "jump through hoops" to get it back on the domain.

I only saw these issues if the copy of the VM was older and had not been running for a while.

Please try the process again as you indicated and let us all know your findings.

Thank you,

Ed Donnelly

PHD Virtual Technologies...Makers of esXpress

Message was edited by: PhdEddie

0 Kudos