Solved

Hyper V Domain Controller Problem

Posted on 2011-09-06
9
365 Views
Last Modified: 2012-05-12
Server 1 >  2003r2 - Domain Controller (FSMO roles)
Server 2>  2008R2 - SQL and Hyper V Host (member of 2003 domain)_
VM1 > 2003R2 Domain Controller

Server 1 Crashed.
VM1 was turned off because it was only used as  a part of NT-to- Active Directory Migration.
VM1 Turned now on.
Server 2> cannot log on to domain (account trust error)  ~ I can log on locally.
Same problem for desktops.
I saw a MS KB and on the desktops ~ fixed by logging on to local machine, unjoin domain and rejoin domain.
Server 1 will most likely not be replaced.

What will happen if the Server 2 is unjoined and rejoined to domain?
Note: this is the Hyper V host and  VM1 resides as a guest.

0
Comment
Question by:smschulz
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 36492475
The problem is that the VM1 did not keep up to date with changes made on the DC.

You have to rejoin the 2008 server into the VM DC following the seizing of the roles by VM1 DC.
You can use the netdom command to refresh the computer account of the 2008 server in the DC.
To avoid the same thing in the future, you should have two DC, or make sure you have good regular and frequent backups of the systemstate.

Make sure to practice a restore of a DC to make sure you will be able to do it.

NETDOM.EXE /DOMAIN:mydomain MEMBER mycomputer /JOINDOMAIN
http://utools.com/help/UPromote/rejoin.asp
0
 

Author Comment

by:smschulz
ID: 36492742
So at minimum ~ all I need to do is seize the roles to the VM1 DC?
Then refresh the Host or unjoin/rejoin the Domain.
Then the same for any desktops.


0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36492856
When was the last time VM1 DC was running? Are there any other DCs other than Server 1 and VM1? It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?

Best best is to resuurect Server 1, at least until you can get AD to replicate. Otherwise you will lose all sorts of AD changes such as account creation/deletion, password changes of both machines and users, and I image that it would be really bad for Exchange.
0
 

Author Comment

by:smschulz
ID: 36493032
When was the last time VM1 DC was running?
It was down for 60~90 days
Are there any other DCs other than Server 1 and VM1?]
 No
It is a bad idea to run VM1 as the only DC, and it is a really really bad idea to run VM1 on Server 2 when Server 2 is joined to the domain which is managed by VM1 which is hosted on Server 2, such that there will never be a domain controller available for Server 2 because the domain controller can't boot until Server 2 has booted. See the problem?
I know but the original plan was to have the VM DC and another machine DC.
It just didn't happen for a variety of reasons.
Now the objective is to get back up ASAP then deal with the rebuilt Machine DC.
Minimize time down is the main thing now.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36493049
If you bring back up VM1 you are going to lose all AD changes since it was last running, 60-90 days. You will need to rejoin every machine to the domain. I would consider it a LAST resort. better work on repairing/restoring Server 1.

Do you have Exchange?
0
 
LVL 13

Expert Comment

by:Greg Hejl
ID: 36493125
it is also not recommended to run any services other than hyper v on a host.

especially SQL - if it's light use it can be a VM, if you have raid 10 with a minimum of 4 disks

DC's run very well as VM's and don't take up much resources.

0
 

Author Comment

by:smschulz
ID: 36493263
No exchange.
Not concerned about the ad changes as there is not much.
RAID 10 4 disks -yes
The VM will be just until a new machine can be built or as another DC
Only  SQL on the machine otherwise.
0
 
LVL 76

Expert Comment

by:arnold
ID: 36495588
If you do not have systemstate backups from the physical DC with more current data, you have little choice than to use netdom to rejoin the domain to the old VM DC after seizing FSMO roles. ntdsutil http://support.microsoft.com/kb/255504
Also make sure that the GC is checked for the VM DC (site and services, NTDS
http://technet.microsoft.com/en-us/library/cc758330%28WS.10%29.aspx


Presumably the SQL service account was not altered during the duration.

Make sure when you have the physical server restored that you do not repeat this issue by shutting down the VM DC.
0
 

Author Comment

by:smschulz
ID: 36499746
Note to all:
Seized the roles, cleaned up Metadata, unjoined the domain from local logon, rejoined the domain.
Removed old DC.
Everything is fine and working.
This will allow me some time to get the physical DC fixed/built.
It will come back online as new DC with different name.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Introduction There are many ways to achieving a goal - some are wrong, some are right - and some just appear to be right, but are wrong.  Hyper-V Clustering and VMM has taught me all three, and I'm here to share with you how to avoid the pitfalls…
Guide: Build a Hyper-V Cluster Introduction We all know that Hyper-V is a cost effective solution (see http://www.experts-exchange.com/A_7831.html), and now we want to take advantage of it, right?  Unfortunately, hardware fails, leading to dow…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now