Solved

Hyper-V server hosting VMs

Posted on 2011-02-22
14
364 Views
Last Modified: 2012-05-11
The VMs on these hosts lose connection to the domain. The only way to get them back is to take them off the domain, put them back on and then Im able to log onto it with my domain account.  

Question here is:  why/how does it lose the connection to the domain.  These VMs were on the domain one day, the next day they lost connection.  They were good for about 30 days.

Please help!
0
Comment
Question by:Cyber IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 10

Expert Comment

by:santhoshu
ID: 34959996
Is the Domain a VM too?
0
 

Author Comment

by:Cyber IT
ID: 34960305
there are three domain controllers.  i believe ONE of them is a VM.
0
 

Author Comment

by:Cyber IT
ID: 34960885
actually, (2) of them are VMs.

dc1 - physical
dc2 - virtual (in a different building)
dc3 - virtual on an ESX Cluster
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 50

Expert Comment

by:Steve Bink
ID: 34961134
Are you losing network connectivity, or just authentication to the domain?  Can you still ping the DCs when this happens?
0
 

Author Comment

by:Cyber IT
ID: 34961271
I can still PING and RDP to the VMs. I just cant log onto the VMs under my domain account. I can log on as the local admin, thank goodness.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 34967057
When logged in as the local admin, can you ping the DCs from the VM?  What happens when you attempt to log in as a domain account?
0
 

Author Comment

by:Cyber IT
ID: 34971402
You cant log on with a domain account. It doesnt see the domain.
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 34971650
During these incidents, can you ping the DCs from the VM when logged in as a local admin?
0
 
LVL 2

Expert Comment

by:maxxmyer
ID: 34971723
If it helps you, I chased a similar issue last year. It was the time set on one of the DC. The DC in error was not sync’ing it’s time with the rest of the Domain.
0
 

Author Comment

by:Cyber IT
ID: 35038368
I believe the following is the issue:

The reason for this is that there is a computer account password mismatch. The VM thinks that its machine account password is something X, while the domain controller believes it to be something Y. Because of this, the VM cannot authenticate itself to the domain controller(s).

Just like user account passwords, computer account password is a "secret" that is set up by the computer account, and that is used when a domain member computer authenticates itself to the domain controller and establishes a secure channel.

When the computer is started, a service called NetLogon uses the machine account password and tries to establish a secure session with the domain controller. The usual CTRL+ALT+DEL Winlogon process also relies on this authenticated secure channel to send user credentials to the domain controller for verification and log them into the computer. Other services running on this machine that work with the LocalSystem or NetworkService credentials also require this authenticated secure channel to get access to domain resources.
0
 

Accepted Solution

by:
Cyber IT earned 0 total points
ID: 35038373
They way I fixed it was I took them off the domain and put them back on to fix the authentication between the machine and the domain.
0
 

Author Comment

by:Cyber IT
ID: 35038380
I also found out that there were snapshots being reverted back.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35390680
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Few best practices specific to Network Configurations to be considered while deploying a Hyper-V infrastructure. It may not be the full list, but this could be a base line. Dedicated Network: Always consider dedicated network/VLAN for Hyper-V…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question