What are the potential pitfalls when cloning a production server to create a test environment?


We have a Windows Hyper-V cluster (Server 2008 R2 Enterprise) that supports a MS Dynamics Axapta installation (AOS and SQL servers), as well as an enterprise portal server which is presented to our clients for access to the inventory database in Axapta.

We are currently in development doing some custom work on the enterprise portal server.  I would like to create a test environment (preferably within our existing cluster) to push the development sprints to for QA as we go through the process.

I have little experience with much of the cluster's capabilities (I assisted in setup, and am now the admin, but am learning as I go).

Is it possible to create a copy/clone of the virtual machine that houses the enterprise portal?  This server would be housed in the same cluster, and would need to be attached to the domain as well (it will connect to the Axapta Dev environment, which I already have working).

If this is possible (everything I read says it is), what are the potential pitfalls?  I had some preliminary discussions with an outside consultant, but was given some vague warnings about there being potential issues when you prepare the production server for cloning.  We have yet to get into specifics.

Any assistance would be appreciated!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Duplicate SID's unless you use sysprep which unjoins you from the domain. Cannot be used for CA's (must not be sysprepped)
meelnahAuthor Commented:
Does the newsid application overcome the duplicate SID issue?  I read some recent blogs which seem to indiciate that the SID problem is not truly a problem at all, but I haven't studied them enough to determine if they are accurate.

I would prefer not to unjoin my production server (the one I wish to clone to create the test environment) from the domain, as I am worried about unforseen impacts to a working server group.

Sorry to ask, but what do you mean by CA's?

Still a 'noob'... but I'm working on it!

1) Your biggest issue is watching that processes on the clone that copy or move data don't copy to the wrong server ie: the production server. You can avoid that by looking at your scheduled tasks and SQL jobs and then stopping any that would do that. I made the mistake of not checking that and my test environment was over writing my portal data. Double check that.
2) There is software that will change a SID for you. If the clone is going to exist in your AD domain you have to change it, the name of the server, and the IP. Personally I wouldn't have the server connected to the production environment and then the SID is a non issue. A test environment should be separate from production, period. Then there no worry about the SID.
3) A Certificate Authority (CA) provides verification of trust relationships. If you are working in a test environment I wouldn't worry about. The CA will respond to requests, it doesn't generate anything.

I think that if you are going to copy the virtual server and guest it in your existing cluster that you need to find a way to bring up the clone in a separated space and make your changes there first before you add it to your cluster. If you make a copy and power it on you are guaranteed to have an IP conflict (cloned MAC and IP). Probably weird DNS issues as the server tries to register it's self and also you would have a conflict with the netbios name. There are probably tasks and services that should be shutdown as well before powering on. You could take a workstation install the Hyper-V and do what you need to do, or just use it as your test environment. You get 30 days before being nagged for a license and then you can reset the license requirement with SLMGR -reset twice for additional time.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

when you have the DCs and exchange-servers with the same SID values....Outlook clients will fail to authenticate and repeatedly prompts for authentication
>> The server logs should show as null-SID (related errors @ security logs of Exchange servers)

>>> Just a comparison to apply in your SQL world
I wouldn't worry about the SID in your case.
Read this:
David Johnson, CD, MVPOwnerCommented:
It’s a little surprising that the SID duplication issue has gone unquestioned for so long, but everyone has assumed that someone else knew exactly why it was a problem. To my chagrin, NewSID has never really done anything useful and there’s no reason to miss it now that it’s retired. Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so Microsoft’s support policy will still require cloned systems to be made unique with Sysprep

3 Nov 2009 7:41 AM

I have to share this: on one project I was asked to setup a lab environment. All servers were 2008.  All of the images were created by the client and they did not run new-sid or sysprep on them. Even after joining the servers to the domain, I had random issues. Any account added to the administrators group including domain admins could be added, but they were not recognized. Meaning, i did not have permissions with any of those accounts. I double checked the local administrators group and the accounts (including domain admins) did not show. I could try to add them, but of course it would show it was already there. I ran newsid on those servers then everything worked as normal..

I'm amazed people keep bring up 3rd party software, even if that 3rd party software is WSUS or some other Microsoft software.

Mark's original post is commenting only with regard to the functionality of Windows the operating system.  In frank words, he could give a flying rats ass about add-on MS or 3rd party software functionality and requirements - he wasn't commenting on that.

The above were comments on the russinovich article.. and not using sysprep goes against microsoft policy.

Is it possible to create a copy/clone of the virtual machine that houses the enterprise portal?  This server would be housed in the same cluster, and would need to be attached to the domain as well (it will connect to the Axapta Dev environment, which I already have working).

A test lab should be totally isolated from the production environment it can be a clone of the production environment as long as it is isolated. This way items can be tested and once approved then you can then take the test environment and then clone it back to production  
meelnahAuthor Commented:
Sorry for the delayed response... had some issues at home and then the holidays, and have been off work for a bit.

I appreciate your responses... I will do some reading and thinking on whether I can isolate the test server from the production environment.  The development and test databases reside on my production SQL server (just how Axapta handles the installation), but I should be able to set up the test servers on a vlan and forward data requests to the appropriate databases... just need to work out the logistics!

Thanks again.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Virtual Server

From novice to tech pro — start learning today.