Solved

Hyper V Domain Controller Problem

Posted on 2011-09-06
9
366 Views
Last Modified: 2012-05-12
Server 1 >  2003r2 - Domain Controller (FSMO roles)
Server 2>  2008R2 - SQL and Hyper V Host (member of 2003 domain)_
VM1 > 2003R2 Domain Controller

Server 1 Crashed.
VM1 was turned off because it was only used as  a part of NT-to- Active Directory Migration.
VM1 Turned now on.
Server 2> cannot log on to domain (account trust error)  ~ I can log on locally.
Same problem for desktops.
I saw a MS KB and on the desktops ~ fixed by logging on to local machine, unjoin domain and rejoin domain.
Server 1 will most likely not be replaced.

What will happen if the Server 2 is unjoined and rejoined to domain?
Note: this is the Hyper V host and  VM1 resides as a guest.

0
Comment
Question by:smschulz
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 36492475
The problem is that the VM1 did not keep up to date with changes made on the DC.

You have to rejoin the 2008 server into the VM DC following the seizing of the roles by VM1 DC.
You can use the netdom command to refresh the computer account of the 2008 server in the DC.
To avoid the same thing in the future, you should have two DC, or make sure you have good regular and frequent backups of the systemstate.

Make sure to practice a restore of a DC to make sure you will be able to do it.

NETDOM.EXE /DOMAIN:mydomain MEMBER mycomputer /JOINDOMAIN
http://utools.com/help/UPromote/rejoin.asp
0
 

Author Comment

by:smschulz
ID: 36492742
So at minimum ~ all I need to do is seize the roles to the VM1 DC?
Then refresh the Host or unjoin/rejoin the Domain.
Then the same for any desktops.


0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36492856
When was the last time VM1 DC was running? Are there any other DCs other than Server 1 and VM1? It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?

Best best is to resuurect Server 1, at least until you can get AD to replicate. Otherwise you will lose all sorts of AD changes such as account creation/deletion, password changes of both machines and users, and I image that it would be really bad for Exchange.
0
 

Author Comment

by:smschulz
ID: 36493032
When was the last time VM1 DC was running?
It was down for 60~90 days
Are there any other DCs other than Server 1 and VM1?]
 No
It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?
I know but the original plan was to have the VM DC and another machine DC.
It just didn't happen for a variety of reasons.
Now the objective is to get back up ASAP then deal with the rebuilt Machine DC.
Minimize time down is the main thing now.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36493049
If you bring back up VM1 you are going to lose all AD changes since it was last running, 60-90 days. You will need to rejoin every machine to the domain. I would consider it a LAST resort. better work on repairing/restoring Server 1.

Do you have Exchange?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36493125
it is also not recommended to run any services other than hyper v on a host.

especially SQL - if it's light use it can be a VM, if you have raid 10 with a minimum of 4 disks

DC's run very well as VM's and don't take up much resources.

0
 

Author Comment

by:smschulz
ID: 36493263
No exchange.
Not concerned about the ad changes as there is not much.
RAID 10 4 disks -yes
The VM will be just until a new machine can be built or as another DC
Only  SQL on the machine otherwise.
0
 
LVL 77

Expert Comment

by:arnold
ID: 36495588
If you do not have systemstate backups from the physical DC with more current data, you have little choice than to use netdom to rejoin the domain to the old VM DC after seizing FSMO roles. ntdsutil http://support.microsoft.com/kb/255504
Also make sure that the GC is checked for the VM DC (site and services, NTDS
http://technet.microsoft.com/en-us/library/cc758330%28WS.10%29.aspx


Presumably the SQL service account was not altered during the duration.

Make sure when you have the physical server restored that you do not repeat this issue by shutting down the VM DC.
0
 

Author Comment

by:smschulz
ID: 36499746
Note to all:
Seized the roles, cleaned up Metadata, unjoined the domain from local logon, rejoined the domain.
Removed old DC.
Everything is fine and working.
This will allow me some time to get the physical DC fixed/built.
It will come back online as new DC with different name.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Coral's  "So You Want To Play With Computers" Series A bit of background first, so this story will make a little sense. One day, probably because he needed a good laugh, Finagle hooked me up with a church to upgrade/run their Media Booth.…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now