Solved

VMWare Workstation Snapshots and Domain

Posted on 2013-10-23
7
347 Views
Last Modified: 2014-01-27
Hello experts,

I've been facing an annoying situation with my VM Images and wanted to check if there's any trick to overcome that.

I have several test VM images I use, one of those act as the AD and DNS server (Windows Server 2008). On my other VMs, I frequently make changes and do trials and prior to critical changes, I take Snapshots.

Whenever I go back to my previous snapshot, I receive the following error in my domain login: 'The trust relationship between this workstation and the primary domain failed' Everytime this happens, I have to login as the local admin, remove the VM from the domain, then readd it. This takes several minutes because of the mandatory restarts.

I don't remember this issue existed with a Windows 20003 Server.

Is there a way to stop this from happening? While I believe this warning can be important in companies and real life deployments but this is a lab setup, I control everything.

Thank you in advance.
0
Comment
Question by:bozer
7 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 300 total points
ID: 39596054
Snapshots are not supported until 2012 with a supported vmgneration ID (any new hypervisor supports it).  What hypervisor are you on?

More on snapshots and issues they can cause   http://blogs.technet.com/b/askds/archive/2009/06/05/dc-s-and-vm-s-avoiding-the-do-over.aspx?Redirected=true

Also just because you can take snapshots in 2012 doesn't mean they are a recovery method.   Do you have a test lab?

Thanks

Mike
0
 
LVL 8

Expert Comment

by:TMekeel
ID: 39596075
Do you snapshot and then revert the DC(s) when you snapshot other VMs?
0
 

Author Comment

by:bozer
ID: 39596101
Thanks for the quick replies,

This whole usage is for learning and testing purposes only and yes, it is a lab setup. I never had issues with reverting back to snapshots with 2003 domain, this 'trust relationship' check with 2008 is annoying. (I'm sure it has a very valid purpose for real life deployments :) )

Note that the whole setup is for personal use. So the recommendations should not have to be technically correct for real deployments.

For example, if this trust relationship check is a default config of Windows 2008 which can be turned off, I'd like to know how that is possible.

I am using VMWare Workstation. The AD version is Windows 2008 R2.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 8

Expert Comment

by:TMekeel
ID: 39596121
Computer accounts, like user accounts, have a password in AD.  They renew, expire, etc.
If you disable the nic, you would be able to authenticate with cached credentials.

Since this is a lab environment and not the real world you can disable password expiration.
This is absolutely not a good idea in a production environment though.
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
DisablePasswordChange (default off) prevents the client computer from changing its computer account password. To disable, give it a value of 1.

Reference here(I have not tested this reg edit, but it should work.):
http://www.petri.co.il/working-with-domain-member-virtual-machines-and-snapshots.htm
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39596154
As stated above taking snapshots and reverting back is not a preferred method to restore a DC to a previous time, which is why you are getting these trust relationship issues. Insted of removing from the domain and adding it back to the domain you can simply reset the secure channel of the machine in question.

Use the following command on the DC...
- open cmd
- type "netdom reset 'machinename' /domain:domain.com

This will reset the secure channel for this machine. When this is completed reboot the machine and you should be able to log back into it without issue.

Will.
0
 

Author Comment

by:bozer
ID: 39613491
Hello,

Thank you for all your valuable comments.

- I was not sure if the registry changes could solve my problems (because password change, expiration, etc are already set on the Domain itself) but I tried them. Unfortunately it did not work.
- I do not want to use netdom reset because it is just a command line form of removing/adding to domain is not it? I still need to go through the restart.
0
 

Author Closing Comment

by:bozer
ID: 39814163
The problem disappeared when I started using VMWare Workstation Version 10.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
When rebooting a vCenters 6.0 and try to connect using vSphere Client we get this issue "Invalid URL: The hostname could not parsed." When we get this error we need to do some changes in the vCenter advanced settings to fix the issue.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question