Can't add Windows AD users to local group on MySQL server

This is a strange one.

I have an App server, a DNS server, and a DB server.  All are VMs.  I built the App server with a clean install of Windows Server 2008 R2 Datacenter Edition, plus all Windows Updates.  I did not join the server to a domain.  I also installed Symantec Endpoint Protection 12.  Windows Firewall was turned off.

I cloned the App server to create the DNS and DB servers.  Then I installed MySQL 5.6.10 on the DB server.  Everything worked perfectly.

Today I decided to join all three servers to a domain (acme.local).  The App and DNS servers are fine.  But the DB server is not communicating properly with the domain.  When I look in the local Administrators group, ACME\Domain Admins is not listed, as it is on the other two servers.

If I attempt to add Domain Admins, it takes a long time to retrieve the AD object.  And it displays as ACME\Domain Admins (S-1-5-21-332...).  And when I click Apply I see "Domain Admins" is already a member of the group "Administrators", and it disappears from the list.

I have three other sets of servers (App, DNS, and DB) that I have also joined to acme.local, with the same odd behavior on the MySQL DB server only.

This problem is preventing me from accessing the DB servers remotely using a domain account.  Any comments or suggestions are welcome.
LimeRidge29Asked:
Who is Participating?
 
Gareth GudgerConnect With a Mentor Commented:
When you cloned the server, did you sysprep it? Or in some way rewrite the SID?
0
 
Gareth GudgerCommented:
Check what you have as DNS servers on your problem server. Normally when they just show the log GUIDs like that it is a DNS issue, or lack of correct DNS servers. I would match the primary and secondary DNS server entries on the problem server to match those of a working server.
0
 
LimeRidge29Author Commented:
I have confirmed that the DNS settings are correct.  The two Domain Controllers are the DNS servers.  This matches the DNS settings on all of the other the known good servers.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
Gareth GudgerCommented:
Have you tried removing and rejoining that server to the domain?
0
 
LimeRidge29Author Commented:
Yes, I removed and rejoined the domain.  Same issue.
0
 
LimeRidge29Author Commented:
I did not run sysprep on any of the servers.  That could certainly explain the issue -- but why are only the MySQL servers affected?
0
 
LimeRidge29Author Commented:
Sysprep solved the domain issue.  But it caused the D drive to disappear.  It was in Disk Manager, but could not be enabled.  The VHD was blocked by Windows Firewall.  I got it back, as the E drive, and had to reassign drive letters.  So it all works now, thanks.
0
 
Gareth GudgerCommented:
That's odd that happened but glad you got your data back. Rather than Sysprep, if you are cloning with VMware you can also tell it to write a new SID during the cloning process.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.