Problems with Virtual Server on a 2008 Domain Controller
I am setting up two new servers using Windows Server 2008. After setting up thier roles, all is well and they replicated properly. Then I reach the final step, installing Virtual Server 2005 R2 SP1 on the PDC.
After installing the Virtual Server app, the domain starts giving all types of errors. This is without even setting up any VM instances and happens as soon as the installation completes. At this point the DC's give errors when foring a replication throught the AD Sites and Services console.
When forcing replication to the secondary DC: "The target principle name is incorrect."
When forcing replication to the primary with Virtual server: "A security package specific error occured."
The Virtual Server itself provides two errors when the service starts.
1. The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually. Error 0x80072098 - Insufficient access rights to perform the operation.
2. An error has occured during the creation of Service Connection points for Virtual Server in Active Directory. Either a domain controller is not available to complete the operation or there is a security problem accessing the domain. This operation will be retried the next time the service starts. Error 0x80070005 - Access is denied.
Strangely, if I load a Virtual server the instance runs properly and can access the DC.
Here is the real kicker. If I simply uninstall Virtual Server 2005, all problems go away and replication works fine.
After installing the Virtual Server app, the domain starts giving all types of errors. This is without even setting up any VM instances and happens as soon as the installation completes. At this point the DC's give errors when foring a replication throught the AD Sites and Services console.
When forcing replication to the secondary DC: "The target principle name is incorrect."
When forcing replication to the primary with Virtual server: "A security package specific error occured."
The Virtual Server itself provides two errors when the service starts.
1. The service principal names for Virtual Server could not be registered. Constrained delegation cannot be used until the SPNs have been registered manually. Error 0x80072098 - Insufficient access rights to perform the operation.
2. An error has occured during the creation of Service Connection points for Virtual Server in Active Directory. Either a domain controller is not available to complete the operation or there is a security problem accessing the domain. This operation will be retried the next time the service starts. Error 0x80070005 - Access is denied.
Strangely, if I load a Virtual server the instance runs properly and can access the DC.
Here is the real kicker. If I simply uninstall Virtual Server 2005, all problems go away and replication works fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When LDAP was updated on the computer account it very likely could have broken AD.. Honestly, I haven't worked with VS at all (I'm a VMware shop), so I'm not 100% sure what changes are made..
Can you post the before and after of the "LDAP updates"?
Can you post the before and after of the "LDAP updates"?
ASKER
What finally fixed AD...
The atricle that was sent stated that I needed to allow a higher privelage the the NetworkService account on the DC. That resolved the errors on the Virtual Server wbe interface but did not fix AD. In fact the Virtual Server installation broke active directory (LDAP). After uninstalling VS, Active Directory was again working.
Re-installing VS with the elevated NetworkService privelages made everything happy. VS had no more SPN problems or errors and AD was able to replicate sites without error.
Thanks for the help!
The atricle that was sent stated that I needed to allow a higher privelage the the NetworkService account on the DC. That resolved the errors on the Virtual Server wbe interface but did not fix AD. In fact the Virtual Server installation broke active directory (LDAP). After uninstalling VS, Active Directory was again working.
Re-installing VS with the elevated NetworkService privelages made everything happy. VS had no more SPN problems or errors and AD was able to replicate sites without error.
Thanks for the help!
ASKER
The bigger issue is the problems with replication. Why would AD just stop replicating after installing VS.
You are right about using a DC to run VS but it's a budget issue.