?
Solved

VMWare Workstation Snapshots and Domain

Posted on 2013-10-23
7
Medium Priority
?
364 Views
Last Modified: 2014-01-27
Hello experts,

I've been facing an annoying situation with my VM Images and wanted to check if there's any trick to overcome that.

I have several test VM images I use, one of those act as the AD and DNS server (Windows Server 2008). On my other VMs, I frequently make changes and do trials and prior to critical changes, I take Snapshots.

Whenever I go back to my previous snapshot, I receive the following error in my domain login: 'The trust relationship between this workstation and the primary domain failed' Everytime this happens, I have to login as the local admin, remove the VM from the domain, then readd it. This takes several minutes because of the mandatory restarts.

I don't remember this issue existed with a Windows 20003 Server.

Is there a way to stop this from happening? While I believe this warning can be important in companies and real life deployments but this is a lab setup, I control everything.

Thank you in advance.
0
Comment
Question by:bozer
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1200 total points
ID: 39596054
Snapshots are not supported until 2012 with a supported vmgneration ID (any new hypervisor supports it).  What hypervisor are you on?

More on snapshots and issues they can cause   http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx?Redirected=true

Also just because you can take snapshots in 2012 doesn't mean they are a recovery method.   Do you have a test lab?

Thanks

Mike
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39596075
Do you snapshot and then revert the DC(s) when you snapshot other VMs?
0
 

Author Comment

by:bozer
ID: 39596101
Thanks for the quick replies,

This whole usage is for learning and testing purposes only and yes, it is a lab setup. I never had issues with reverting back to snapshots with 2003 domain, this 'trust relationship' check with 2008 is annoying. (I'm sure it has a very valid purpose for real life deployments :) )

Note that the whole setup is for personal use. So the recommendations should not have to be technically correct for real deployments.

For example, if this trust relationship check is a default config of Windows 2008 which can be turned off, I'd like to know how that is possible.

I am using VMWare Workstation. The AD version is Windows 2008 R2.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 8

Expert Comment

by:TMekeel
ID: 39596121
Computer accounts, like user accounts, have a password in AD.  They renew, expire, etc.
If you disable the nic, you would be able to authenticate with cached credentials.

Since this is a lab environment and not the real world you can disable password expiration.
This is absolutely not a good idea in a production environment though.
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
DisablePasswordChange (default off) prevents the client computer from changing its computer account password. To disable, give it a value of 1.

Reference here(I have not tested this reg edit, but it should work.):
http://www.petri.co.il/working-with-domain-member-virtual-machines-and-snapshots.htm
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39596154
As stated above taking snapshots and reverting back is not a preferred method to restore a DC to a previous time, which is why you are getting these trust relationship issues. Insted of removing from the domain and adding it back to the domain you can simply reset the secure channel of the machine in question.

Use the following command on the DC...
- open cmd
- type "netdom reset 'machinename' /domain:domain.com

This will reset the secure channel for this machine. When this is completed reboot the machine and you should be able to log back into it without issue.

Will.
0
 

Author Comment

by:bozer
ID: 39613491
Hello,

Thank you for all your valuable comments.

- I was not sure if the registry changes could solve my problems (because password change, expiration, etc are already set on the Domain itself) but I tried them. Unfortunately it did not work.
- I do not want to use netdom reset because it is just a command line form of removing/adding to domain is not it? I still need to go through the restart.
0
 

Author Closing Comment

by:bozer
ID: 39814163
The problem disappeared when I started using VMWare Workstation Version 10.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question