Solved

Can't add Windows AD users to local group on MySQL server

Posted on 2013-11-24
8
415 Views
Last Modified: 2013-12-03
This is a strange one.

I have an App server, a DNS server, and a DB server.  All are VMs.  I built the App server with a clean install of Windows Server 2008 R2 Datacenter Edition, plus all Windows Updates.  I did not join the server to a domain.  I also installed Symantec Endpoint Protection 12.  Windows Firewall was turned off.

I cloned the App server to create the DNS and DB servers.  Then I installed MySQL 5.6.10 on the DB server.  Everything worked perfectly.

Today I decided to join all three servers to a domain (acme.local).  The App and DNS servers are fine.  But the DB server is not communicating properly with the domain.  When I look in the local Administrators group, ACME\Domain Admins is not listed, as it is on the other two servers.

If I attempt to add Domain Admins, it takes a long time to retrieve the AD object.  And it displays as ACME\Domain Admins (S-1-5-21-332...).  And when I click Apply I see "Domain Admins" is already a member of the group "Administrators", and it disappears from the list.

I have three other sets of servers (App, DNS, and DB) that I have also joined to acme.local, with the same odd behavior on the MySQL DB server only.

This problem is preventing me from accessing the DB servers remotely using a domain account.  Any comments or suggestions are welcome.
0
Comment
Question by:LimeRidge29
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39673448
Check what you have as DNS servers on your problem server. Normally when they just show the log GUIDs like that it is a DNS issue, or lack of correct DNS servers. I would match the primary and secondary DNS server entries on the problem server to match those of a working server.
0
 

Author Comment

by:LimeRidge29
ID: 39674239
I have confirmed that the DNS settings are correct.  The two Domain Controllers are the DNS servers.  This matches the DNS settings on all of the other the known good servers.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39674400
Have you tried removing and rejoining that server to the domain?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:LimeRidge29
ID: 39674455
Yes, I removed and rejoined the domain.  Same issue.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 400 total points
ID: 39674481
When you cloned the server, did you sysprep it? Or in some way rewrite the SID?
0
 

Author Comment

by:LimeRidge29
ID: 39674665
I did not run sysprep on any of the servers.  That could certainly explain the issue -- but why are only the MySQL servers affected?
0
 

Author Closing Comment

by:LimeRidge29
ID: 39685596
Sysprep solved the domain issue.  But it caused the D drive to disappear.  It was in Disk Manager, but could not be enabled.  The VHD was blocked by Windows Firewall.  I got it back, as the E drive, and had to reassign drive letters.  So it all works now, thanks.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39694101
That's odd that happened but glad you got your data back. Rather than Sysprep, if you are cloning with VMware you can also tell it to write a new SID during the cloning process.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question