Solved

VMWare Workstation Snapshots and Domain

Posted on 2013-10-23
7
351 Views
Last Modified: 2014-01-27
Hello experts,

I've been facing an annoying situation with my VM Images and wanted to check if there's any trick to overcome that.

I have several test VM images I use, one of those act as the AD and DNS server (Windows Server 2008). On my other VMs, I frequently make changes and do trials and prior to critical changes, I take Snapshots.

Whenever I go back to my previous snapshot, I receive the following error in my domain login: 'The trust relationship between this workstation and the primary domain failed' Everytime this happens, I have to login as the local admin, remove the VM from the domain, then readd it. This takes several minutes because of the mandatory restarts.

I don't remember this issue existed with a Windows 20003 Server.

Is there a way to stop this from happening? While I believe this warning can be important in companies and real life deployments but this is a lab setup, I control everything.

Thank you in advance.
0
Comment
Question by:bozer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 39596054
Snapshots are not supported until 2012 with a supported vmgneration ID (any new hypervisor supports it).  What hypervisor are you on?

More on snapshots and issues they can cause   http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx?Redirected=true

Also just because you can take snapshots in 2012 doesn't mean they are a recovery method.   Do you have a test lab?

Thanks

Mike
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39596075
Do you snapshot and then revert the DC(s) when you snapshot other VMs?
0
 

Author Comment

by:bozer
ID: 39596101
Thanks for the quick replies,

This whole usage is for learning and testing purposes only and yes, it is a lab setup. I never had issues with reverting back to snapshots with 2003 domain, this 'trust relationship' check with 2008 is annoying. (I'm sure it has a very valid purpose for real life deployments :) )

Note that the whole setup is for personal use. So the recommendations should not have to be technically correct for real deployments.

For example, if this trust relationship check is a default config of Windows 2008 which can be turned off, I'd like to know how that is possible.

I am using VMWare Workstation. The AD version is Windows 2008 R2.
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 8

Expert Comment

by:TMekeel
ID: 39596121
Computer accounts, like user accounts, have a password in AD.  They renew, expire, etc.
If you disable the nic, you would be able to authenticate with cached credentials.

Since this is a lab environment and not the real world you can disable password expiration.
This is absolutely not a good idea in a production environment though.
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
DisablePasswordChange (default off) prevents the client computer from changing its computer account password. To disable, give it a value of 1.

Reference here(I have not tested this reg edit, but it should work.):
http://www.petri.co.il/working-with-domain-member-virtual-machines-and-snapshots.htm
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39596154
As stated above taking snapshots and reverting back is not a preferred method to restore a DC to a previous time, which is why you are getting these trust relationship issues. Insted of removing from the domain and adding it back to the domain you can simply reset the secure channel of the machine in question.

Use the following command on the DC...
- open cmd
- type "netdom reset 'machinename' /domain:domain.com

This will reset the secure channel for this machine. When this is completed reboot the machine and you should be able to log back into it without issue.

Will.
0
 

Author Comment

by:bozer
ID: 39613491
Hello,

Thank you for all your valuable comments.

- I was not sure if the registry changes could solve my problems (because password change, expiration, etc are already set on the Domain itself) but I tried them. Unfortunately it did not work.
- I do not want to use netdom reset because it is just a command line form of removing/adding to domain is not it? I still need to go through the restart.
0
 

Author Closing Comment

by:bozer
ID: 39814163
The problem disappeared when I started using VMWare Workstation Version 10.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
A hard and fast method for reducing Active Directory Administrators members.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question