VMware Cloud Community
ndmuser
Enthusiast
Enthusiast
‎04-14-2009 07:00 PM
Jump to solution

cannot login to restored VM

Hello everyone,

I cannot login as domain user to restored VM. Unfortunately, I do not know local admin password for this VM because I used my domain admin account to manage it. We use ESX 3.5 Update 4 and vRangerPro as a backup software, .

I do not know if I did something wrong before Restore process. I actually removed the bad VM from inventory and then run Restore in vRangerPro. (VM was not bad but it contained corrupted database and application so I decided that I would save some time if I restore VM containing good vesion of db/app instead of doing file level restore and re-configuration later).

I was able to restore VM successfully but I am not able to login to it using my domain account. I recieved error message saying something like either domain is not available or machine account is not known ...I thought that I would be able to login to restored VM in the same way as I was able to login to its original but looks like something was changed after restore process. I compared contents of .vmx files of restored VM and of its original which I initially removed from inventory. Both vmx files are identical. I can see this VM in Active Directory, run Manage command but as soon as I try to access remotely Event Log or any other controls I got Access Denied message.

Does anyone had similar problem? Any advise will be greatly appreciated.

Thank you!

0 Kudos
1 Solution

Accepted Solutions
Kallex
Enthusiast
Enthusiast
‎04-14-2009 08:05 PM
Jump to solution

Hi!

Not directly solving the problem with what appears to be broken domain membership, but in case you had ever logged in with domain account, you can try (and it should work) the following.

1. Disconnect the network from the VM before logging in, and thus force it to use the cached credentials.

2. Reconnect the network once your account is logged in.

The suggestion above of rejoining/fixing the domain account for the computer is still valid and recommended, but in case the domain is not there for instance, disconnecting the network will cause the client to fallback to the credential cache (this is default behaviour, I suspect it can be overridden though).

Br,

Kalle

View solution in original post

0 Kudos
6 Replies
java_cat33
Virtuoso
Virtuoso
‎04-14-2009 07:29 PM
Jump to solution

Reset the computer account in AD, reboot the VM and try again.

Kallex
Enthusiast
Enthusiast
‎04-14-2009 08:05 PM
Jump to solution

Hi!

Not directly solving the problem with what appears to be broken domain membership, but in case you had ever logged in with domain account, you can try (and it should work) the following.

1. Disconnect the network from the VM before logging in, and thus force it to use the cached credentials.

2. Reconnect the network once your account is logged in.

The suggestion above of rejoining/fixing the domain account for the computer is still valid and recommended, but in case the domain is not there for instance, disconnecting the network will cause the client to fallback to the credential cache (this is default behaviour, I suspect it can be overridden though).

Br,

Kalle

0 Kudos
A13x
Hot Shot
Hot Shot
‎04-15-2009 02:59 AM
Jump to solution

indeed its a broken domain membership and the problem is caused by the

software used to restore the VM, it is not an idenitcal clone and has

generated another ID. If its a Windows machine the only thing you can

do is mount a device and crack the local login, and re-add it to the

domain.

0 Kudos
ndmuser
Enthusiast
Enthusiast
‎04-15-2009 07:09 AM
Jump to solution

Dear Kallex,

Thank you so much! Worked like charm :O)))

0 Kudos
Kallex
Enthusiast
Enthusiast
‎04-15-2009 06:10 PM
Jump to solution

Hi!

Also related to this (the root cause for this) is the domain policy setting that enforces the domain computers to recreate their machine password in the domain every 30 days (I believe this is per-machine expiration and hence difficult to control over).

In environments where "image level" backups/restores are regularly used (such as disk image backup systems and snapshots), eventually one runs into the situation where the password change occurred after the last backup and thus after restoring the machine is no longer identified correctly as being the domain member.

To remedy the situation (for the cost of lost security) the automatic password reset can be disabled from domain policy settings (can be found in AD domain computer security policy setting; probably does not apply to domain controller security policy - restoring domain controllers causes other more severe issues).

Br,

Kalle

0 Kudos
ndmuser
Enthusiast
Enthusiast
‎04-16-2009 07:10 AM
Jump to solution

Thank you Kallex! I will definitely have a look at this AD policy. We

have not used "image level" backup before this case. It was my first

experience with restore the whole VM in production environment.

Warmest regards,

Varvara

0 Kudos