Hyper-V server hosting VMs

The VMs on these hosts lose connection to the domain. The only way to get them back is to take them off the domain, put them back on and then Im able to log onto it with my domain account.  

Question here is:  why/how does it lose the connection to the domain.  These VMs were on the domain one day, the next day they lost connection.  They were good for about 30 days.

Please help!
Cyber ITEngineerAsked:
Who is Participating?
 
Cyber ITConnect With a Mentor EngineerAuthor Commented:
They way I fixed it was I took them off the domain and put them back on to fix the authentication between the machine and the domain.
0
 
santhoshuCommented:
Is the Domain a VM too?
0
 
Cyber ITEngineerAuthor Commented:
there are three domain controllers.  i believe ONE of them is a VM.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Cyber ITEngineerAuthor Commented:
actually, (2) of them are VMs.

dc1 - physical
dc2 - virtual (in a different building)
dc3 - virtual on an ESX Cluster
0
 
Steve BinkCommented:
Are you losing network connectivity, or just authentication to the domain?  Can you still ping the DCs when this happens?
0
 
Cyber ITEngineerAuthor Commented:
I can still PING and RDP to the VMs. I just cant log onto the VMs under my domain account. I can log on as the local admin, thank goodness.
0
 
Steve BinkCommented:
When logged in as the local admin, can you ping the DCs from the VM?  What happens when you attempt to log in as a domain account?
0
 
Cyber ITEngineerAuthor Commented:
You cant log on with a domain account. It doesnt see the domain.
0
 
Steve BinkCommented:
During these incidents, can you ping the DCs from the VM when logged in as a local admin?
0
 
maxxmyerCommented:
If it helps you, I chased a similar issue last year. It was the time set on one of the DC. The DC in error was not sync’ing it’s time with the rest of the Domain.
0
 
Cyber ITEngineerAuthor Commented:
I believe the following is the issue:

The reason for this is that there is a computer account password mismatch. The VM thinks that its machine account password is something X, while the domain controller believes it to be something Y. Because of this, the VM cannot authenticate itself to the domain controller(s).

Just like user account passwords, computer account password is a "secret" that is set up by the computer account, and that is used when a domain member computer authenticates itself to the domain controller and establishes a secure channel.

When the computer is started, a service called NetLogon uses the machine account password and tries to establish a secure session with the domain controller. The usual CTRL+ALT+DEL Winlogon process also relies on this authenticated secure channel to send user credentials to the domain controller for verification and log them into the computer. Other services running on this machine that work with the LocalSystem or NetworkService credentials also require this authenticated secure channel to get access to domain resources.
0
 
Cyber ITEngineerAuthor Commented:
I also found out that there were snapshots being reverted back.
0
 
Darius GhassemCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
All Courses

From novice to tech pro — start learning today.