Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VMWare Workstation Snapshots and Domain

Posted on 2013-10-23
7
Medium Priority
?
356 Views
Last Modified: 2014-01-27
Hello experts,

I've been facing an annoying situation with my VM Images and wanted to check if there's any trick to overcome that.

I have several test VM images I use, one of those act as the AD and DNS server (Windows Server 2008). On my other VMs, I frequently make changes and do trials and prior to critical changes, I take Snapshots.

Whenever I go back to my previous snapshot, I receive the following error in my domain login: 'The trust relationship between this workstation and the primary domain failed' Everytime this happens, I have to login as the local admin, remove the VM from the domain, then readd it. This takes several minutes because of the mandatory restarts.

I don't remember this issue existed with a Windows 20003 Server.

Is there a way to stop this from happening? While I believe this warning can be important in companies and real life deployments but this is a lab setup, I control everything.

Thank you in advance.
0
Comment
Question by:bozer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1200 total points
ID: 39596054
Snapshots are not supported until 2012 with a supported vmgneration ID (any new hypervisor supports it).  What hypervisor are you on?

More on snapshots and issues they can cause   http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx?Redirected=true

Also just because you can take snapshots in 2012 doesn't mean they are a recovery method.   Do you have a test lab?

Thanks

Mike
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39596075
Do you snapshot and then revert the DC(s) when you snapshot other VMs?
0
 

Author Comment

by:bozer
ID: 39596101
Thanks for the quick replies,

This whole usage is for learning and testing purposes only and yes, it is a lab setup. I never had issues with reverting back to snapshots with 2003 domain, this 'trust relationship' check with 2008 is annoying. (I'm sure it has a very valid purpose for real life deployments :) )

Note that the whole setup is for personal use. So the recommendations should not have to be technically correct for real deployments.

For example, if this trust relationship check is a default config of Windows 2008 which can be turned off, I'd like to know how that is possible.

I am using VMWare Workstation. The AD version is Windows 2008 R2.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 8

Expert Comment

by:TMekeel
ID: 39596121
Computer accounts, like user accounts, have a password in AD.  They renew, expire, etc.
If you disable the nic, you would be able to authenticate with cached credentials.

Since this is a lab environment and not the real world you can disable password expiration.
This is absolutely not a good idea in a production environment though.
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
DisablePasswordChange (default off) prevents the client computer from changing its computer account password. To disable, give it a value of 1.

Reference here(I have not tested this reg edit, but it should work.):
http://www.petri.co.il/working-with-domain-member-virtual-machines-and-snapshots.htm
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39596154
As stated above taking snapshots and reverting back is not a preferred method to restore a DC to a previous time, which is why you are getting these trust relationship issues. Insted of removing from the domain and adding it back to the domain you can simply reset the secure channel of the machine in question.

Use the following command on the DC...
- open cmd
- type "netdom reset 'machinename' /domain:domain.com

This will reset the secure channel for this machine. When this is completed reboot the machine and you should be able to log back into it without issue.

Will.
0
 

Author Comment

by:bozer
ID: 39613491
Hello,

Thank you for all your valuable comments.

- I was not sure if the registry changes could solve my problems (because password change, expiration, etc are already set on the Domain itself) but I tried them. Unfortunately it did not work.
- I do not want to use netdom reset because it is just a command line form of removing/adding to domain is not it? I still need to go through the restart.
0
 

Author Closing Comment

by:bozer
ID: 39814163
The problem disappeared when I started using VMWare Workstation Version 10.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question