Solved

VMware Snapshot Rollback Loses Domain Identity

Posted on 2011-09-23
7
471 Views
Last Modified: 2012-06-27
I have a server running VMware ESXi 4.1.0 (free version).  On this server, I have 25 Virtual PCs created with various Operating Systems.  (Windows XP SP3, Vista SP2 32 & 64-Bit, and Windows 7 SP1 32 & 64-Bit).  These PCs are used for loading and testing software that our developers write.  The testers will take an initial Baseline snapshot of the PCs, load the software perform their testing, and then roll the snapshot back once they are ready to try another product out.  This way they have a clean slate for testing.

The problem I am experiencing is that when they roll the software back, the Virtual PCs somehow lose their Active Directory Domain identity.  You can no longer log them in with the AD usernames & passwords.  To solve the problem, I have to log in as a local admin, add the PC back to the WORKGROUP, reboot, then re-add it to AD.  Should the Snapshot not be retaining this information so I don't have to do this?
0
Comment
Question by:neptuneit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 120
ID: 36587545
This is normal for an old snapshot.

The issues is not with the snapshot, it's with Active Directory.

0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 36587816
The issue is similar to a VMware View Desktop issues

The machine password is stored in the Virtual Machine, It changes in Windows performs every 30 days as per policy setting and stores the machine account password retrieved from Active Directory in this virtual disk.

So you have a VM running, the machine password changes, and then you ROLLBACK the VM, which has a different machine password, and Hey Presto the passwords do not match, so the trust is broken.

See here

http://www.experts-exchange.com/Software/VMWare/Q_27116503.html
http://www.experts-exchange.com/Software/VMWare/Q_27320237.html
0
 
LVL 120
ID: 36587831
It may be better to remove these workstations from the Domain, and add to Domain when using them.

or Check the other Articles for GPO Policies, which could be applied to a Container.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Author Comment

by:neptuneit
ID: 36587889
The passwords on the accounts used to log into these machines are set to never change.  So would that still apply?
0
 
LVL 120
ID: 36587969
I'm sorry I'm not discussing User Accounts.

When you Add a Workstation to a Domain, at the time it's joined, a Machine Account Password is Exchanged with the Machine. This expires every x days, set by AD!

No MACHINE ACCOUNT PASSWORD (internal on machine!).

Not user Accounts.
0
 
LVL 1

Author Comment

by:neptuneit
ID: 36587979
Okay.  I misunderstood.  That makes perfect sense.  Thanks for the feedback.
0
 
LVL 120
ID: 36588000
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RAID 1 disks not displaying in VMWare Esxi setup 30 71
Nvidia Quadro K5000 on ESX 6.0 5 33
Recover options for a failed domain. 4 51
VMWare ESXi Guest CPU 8 77
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question