VMware Cloud Community
Shoganator
Enthusiast
Enthusiast
‎12-16-2009 06:44 AM
Jump to solution

Cloning Windows Server 2008 R2 / SID options with VMWare

Hi all,

I am trying to deploy some VMs from a Windows 2008 R2 Standard (64bit) base template and was wondering what the best way to give my cloned VMs unique SIDs is?

Basically, I see that NewSID does not work on R2. I have tried running sysprep -> Generalise on the R2 clones, (Out of box experience), but after restarting the VM needs to be re-activated (enter product key and activate again). Furthermore, VMWare tools stops working - I found I have to Uninstall it then reinstall to get it working again, so the console mouse responsiveness goes down the drain. My screen resolution is also set back to default in the VM and anything on the Desktop is cleared.

Running sysprep like this just doesn't seem to be an option as there is too much that needs to be sorted out again after the clone is made. I might as well just be installing the OS on a fresh VM again. Is there anything I am missing with sysprep? Any way to only let it re-set the SID and nothing else?

It would also be interesting to know what the guys are using that are running Windows 2008 R2 64bit with VMWare (VI / ESX 3.5) when it comes to cloning or deploying multiple VMs from a template.

For instance, I just want to be able to clone my base template, and get a new SID on each clone I make. Then I want to have another template that has a few extra features or roles installed in Windows and be able to clone from that too. For example a Terminal Server template.

Cheers!

My personal blog: http://www.shogan.co.uk .::. Twitter: shogan85 .::. if an answer has helped or solved your question, please don't forget to mark as "Answered" or "Helpful"!
1 Solution

Accepted Solutions
vmroyale
Immortal
Immortal
‎12-16-2009 10:09 AM
Jump to solution

However, I doubt management is going to believe that article straight off (Even though its written by Mark himself) - this newSID'ing process is as far as I can see ingrained in their heads. May take a while to convince them otherwise.

If that information on Russinovich's site doesn't convince them otherwise, then that will be interesting.

As far as I can tell from that article, as long as I don't clone VM templates that are already part of a domain, I should be fine. In other words if I have a preconfigured template, but not part of a domain (i.e. still in a workgroup) I should be fine if I had to clone 10 of them and put them all on the same network right? From there, I could then take one of those 10 clones, convert it to a DC, then take the remaining 9 and add them to this new domain as member servers and everything should be fine - no conflicts or funny AD things happening?

Yes, leave the templates off of the domain and let the sysprep/customization take care of joining them up when deployed. As long as you run sysprep, either via customization or manually, then there should be no problems in AD.

I guess I am still looking for an alternative to newsid just to fit in with what "policy" says at this point. How do you guys deploy 2008 R2 VMs from clones?

None of my customers have gone to U1 or U5 at this time, so there are no 2008 R2 deployments established. I'm guessing that a manual run of sysprep from the deployed vm might be the easiest thing to do at this point.

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com

View solution in original post

0 Kudos
7 Replies
vmroyale
Immortal
Immortal
‎12-16-2009 07:24 AM
Jump to solution

Hello and welcome to the forums.

I am trying to deploy some VMs from a Windows 2008 R2 Standard (64bit) base template and was wondering what the best way to give my cloned VMs unique SIDs is?

You may not even need to be worrying about this. Check out "[The Machine SID Duplication Myth|http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx]" over at Mark Russinovich's site.

Basically, I see that NewSID does not work on R2. I have tried running sysprep -> Generalise on the R2 clones, (Out of box experience), but after restarting the VM needs to be re-activated (enter product key and activate again). Furthermore, VMWare tools stops working - I found I have to Uninstall it then reinstall to get it working again, so the console mouse responsiveness goes down the drain. My screen resolution is also set back to default in the VM and anything on the Desktop is cleared.

Are you using vSphere Update 1 or ESX(i) 3.5 U5? These releases include support for 2008 R2.

Good Luck!

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
0 Kudos
Shoganator
Enthusiast
Enthusiast
‎12-16-2009 08:28 AM
Jump to solution

Hi vmroyale,

Thanks for the welcome Smiley Happy

Yes I actually read that article in its entirety yesterday! Very interesting and definitely made me rethink my outlook on the whole SID issue. However, I doubt management is going to believe that article straight off (Even though its written by Mark himself) - this newSID'ing process is as far as I can see ingrained in their heads. May take a while to convince them otherwise.

As far as I can tell from that article, as long as I don't clone VM templates that are already part of a domain, I should be fine. In other words if I have a preconfigured template, but not part of a domain (i.e. still in a workgroup) I should be fine if I had to clone 10 of them and put them all on the same network right? From there, I could then take one of those 10 clones, convert it to a DC, then take the remaining 9 and add them to this new domain as member servers and everything should be fine - no conflicts or funny AD things happening?

I guess I am still looking for an alternative to newsid just to fit in with what "policy" says at this point. How do you guys deploy 2008 R2 VMs from clones?

To answer your question about which update we are on : I will get back to you on that. I can give you a build number of one of the ESX hosts in the cluster but I'm not sure what the actual update level is at the moment - I believe it may be 4.

Build : VMWare ESX Server, 3.5.0, 176894

Thanks for the reply Smiley Happy

My personal blog: http://www.shogan.co.uk .::. Twitter: shogan85 .::. if an answer has helped or solved your question, please don't forget to mark as "Answered" or "Helpful"!
0 Kudos
vmroyale
Immortal
Immortal
‎12-16-2009 10:09 AM
Jump to solution

However, I doubt management is going to believe that article straight off (Even though its written by Mark himself) - this newSID'ing process is as far as I can see ingrained in their heads. May take a while to convince them otherwise.

If that information on Russinovich's site doesn't convince them otherwise, then that will be interesting.

As far as I can tell from that article, as long as I don't clone VM templates that are already part of a domain, I should be fine. In other words if I have a preconfigured template, but not part of a domain (i.e. still in a workgroup) I should be fine if I had to clone 10 of them and put them all on the same network right? From there, I could then take one of those 10 clones, convert it to a DC, then take the remaining 9 and add them to this new domain as member servers and everything should be fine - no conflicts or funny AD things happening?

Yes, leave the templates off of the domain and let the sysprep/customization take care of joining them up when deployed. As long as you run sysprep, either via customization or manually, then there should be no problems in AD.

I guess I am still looking for an alternative to newsid just to fit in with what "policy" says at this point. How do you guys deploy 2008 R2 VMs from clones?

None of my customers have gone to U1 or U5 at this time, so there are no 2008 R2 deployments established. I'm guessing that a manual run of sysprep from the deployed vm might be the easiest thing to do at this point.

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
0 Kudos
Shoganator
Enthusiast
Enthusiast
‎12-17-2009 01:11 AM
Jump to solution

Thanks vmroyale. I do notice that customisation options aren't available when I do a clone. I guess this would mean that I don't have this latest update (i.e. 2008 R2 not fully supported yet) or I don't have sysprep loaded in for vmware? "winlonghorn64Guest" is obviously the kernel of 2008 R2 that VMWare is detecting here...

Do you think this would be related to update version or down to not having sysprep loaded for vmware? According to this article, 2008 has its own version of sysprep and there is no need to have it loaded in virtual center...

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100559...

Should the customisation wizard be able to pick up this built-in sysprep on the guess OS and show me the customisation options normally? If so then I guess its just the fact that we don't have the correct Update level yet. Any ideas?

My personal blog: http://www.shogan.co.uk .::. Twitter: shogan85 .::. if an answer has helped or solved your question, please don't forget to mark as "Answered" or "Helpful"!
vmroyale
Immortal
Immortal
‎12-17-2009 10:45 AM
Jump to solution

Do you think this would be related to update version or down to not having sysprep loaded for vmware? According to this article, 2008 has its own version of sysprep and there is no need to have it loaded in virtual center...

Its related to the version of ESX you are running.

Should the customisation wizard be able to pick up this built-in sysprep on the guess OS and show me the customisation options normally? If so then I guess its just the fact that we don't have the correct Update level yet. Any ideas?

Yes, normally this is the behavior with supported guest operating systems on virtual machines. There are two workarounds. You can get to the latest release of ESX (3.5 U5 or 4 U1) or just run sysprep manually after you clone the system.

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
Shoganator
Enthusiast
Enthusiast
‎12-18-2009 03:25 AM
Jump to solution

Thanks again vmroyale Smiley Happy

I think for now we will use this method until we get the latest update applied to our clusters!

My personal blog: http://www.shogan.co.uk .::. Twitter: shogan85 .::. if an answer has helped or solved your question, please don't forget to mark as "Answered" or "Helpful"!
0 Kudos
AlbertWT
Virtuoso
Virtuoso
‎02-18-2015 05:20 PM
Jump to solution

Hi All,

Would it be possible to clone an already running Windows Server 2008 R2 Terminal Server (RDSH) VM that is joined to the domain multiple times into different name & IP address ?

I'm thinking to do this to save up the Windows Update process.

Any comments would be appreciated.

/* Please feel free to provide any comments or input you may have. */
0 Kudos