Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

VMWare Workstation Snapshots and Domain

Posted on 2013-10-23
7
Medium Priority
?
359 Views
Last Modified: 2014-01-27
Hello experts,

I've been facing an annoying situation with my VM Images and wanted to check if there's any trick to overcome that.

I have several test VM images I use, one of those act as the AD and DNS server (Windows Server 2008). On my other VMs, I frequently make changes and do trials and prior to critical changes, I take Snapshots.

Whenever I go back to my previous snapshot, I receive the following error in my domain login: 'The trust relationship between this workstation and the primary domain failed' Everytime this happens, I have to login as the local admin, remove the VM from the domain, then readd it. This takes several minutes because of the mandatory restarts.

I don't remember this issue existed with a Windows 20003 Server.

Is there a way to stop this from happening? While I believe this warning can be important in companies and real life deployments but this is a lab setup, I control everything.

Thank you in advance.
0
Comment
Question by:bozer
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1200 total points
ID: 39596054
Snapshots are not supported until 2012 with a supported vmgneration ID (any new hypervisor supports it).  What hypervisor are you on?

More on snapshots and issues they can cause   http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx?Redirected=true

Also just because you can take snapshots in 2012 doesn't mean they are a recovery method.   Do you have a test lab?

Thanks

Mike
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39596075
Do you snapshot and then revert the DC(s) when you snapshot other VMs?
0
 

Author Comment

by:bozer
ID: 39596101
Thanks for the quick replies,

This whole usage is for learning and testing purposes only and yes, it is a lab setup. I never had issues with reverting back to snapshots with 2003 domain, this 'trust relationship' check with 2008 is annoying. (I'm sure it has a very valid purpose for real life deployments :) )

Note that the whole setup is for personal use. So the recommendations should not have to be technically correct for real deployments.

For example, if this trust relationship check is a default config of Windows 2008 which can be turned off, I'd like to know how that is possible.

I am using VMWare Workstation. The AD version is Windows 2008 R2.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Expert Comment

by:TMekeel
ID: 39596121
Computer accounts, like user accounts, have a password in AD.  They renew, expire, etc.
If you disable the nic, you would be able to authenticate with cached credentials.

Since this is a lab environment and not the real world you can disable password expiration.
This is absolutely not a good idea in a production environment though.
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
DisablePasswordChange (default off) prevents the client computer from changing its computer account password. To disable, give it a value of 1.

Reference here(I have not tested this reg edit, but it should work.):
http://www.petri.co.il/working-with-domain-member-virtual-machines-and-snapshots.htm
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39596154
As stated above taking snapshots and reverting back is not a preferred method to restore a DC to a previous time, which is why you are getting these trust relationship issues. Insted of removing from the domain and adding it back to the domain you can simply reset the secure channel of the machine in question.

Use the following command on the DC...
- open cmd
- type "netdom reset 'machinename' /domain:domain.com

This will reset the secure channel for this machine. When this is completed reboot the machine and you should be able to log back into it without issue.

Will.
0
 

Author Comment

by:bozer
ID: 39613491
Hello,

Thank you for all your valuable comments.

- I was not sure if the registry changes could solve my problems (because password change, expiration, etc are already set on the Domain itself) but I tried them. Unfortunately it did not work.
- I do not want to use netdom reset because it is just a command line form of removing/adding to domain is not it? I still need to go through the restart.
0
 

Author Closing Comment

by:bozer
ID: 39814163
The problem disappeared when I started using VMWare Workstation Version 10.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question