Solved

Can't add Windows AD users to local group on MySQL server

Posted on 2013-11-24
8
411 Views
Last Modified: 2013-12-03
This is a strange one.

I have an App server, a DNS server, and a DB server.  All are VMs.  I built the App server with a clean install of Windows Server 2008 R2 Datacenter Edition, plus all Windows Updates.  I did not join the server to a domain.  I also installed Symantec Endpoint Protection 12.  Windows Firewall was turned off.

I cloned the App server to create the DNS and DB servers.  Then I installed MySQL 5.6.10 on the DB server.  Everything worked perfectly.

Today I decided to join all three servers to a domain (acme.local).  The App and DNS servers are fine.  But the DB server is not communicating properly with the domain.  When I look in the local Administrators group, ACME\Domain Admins is not listed, as it is on the other two servers.

If I attempt to add Domain Admins, it takes a long time to retrieve the AD object.  And it displays as ACME\Domain Admins (S-1-5-21-332...).  And when I click Apply I see "Domain Admins" is already a member of the group "Administrators", and it disappears from the list.

I have three other sets of servers (App, DNS, and DB) that I have also joined to acme.local, with the same odd behavior on the MySQL DB server only.

This problem is preventing me from accessing the DB servers remotely using a domain account.  Any comments or suggestions are welcome.
0
Comment
Question by:LimeRidge29
  • 4
  • 4
8 Comments
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39673448
Check what you have as DNS servers on your problem server. Normally when they just show the log GUIDs like that it is a DNS issue, or lack of correct DNS servers. I would match the primary and secondary DNS server entries on the problem server to match those of a working server.
0
 

Author Comment

by:LimeRidge29
ID: 39674239
I have confirmed that the DNS settings are correct.  The two Domain Controllers are the DNS servers.  This matches the DNS settings on all of the other the known good servers.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39674400
Have you tried removing and rejoining that server to the domain?
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:LimeRidge29
ID: 39674455
Yes, I removed and rejoined the domain.  Same issue.
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 400 total points
ID: 39674481
When you cloned the server, did you sysprep it? Or in some way rewrite the SID?
0
 

Author Comment

by:LimeRidge29
ID: 39674665
I did not run sysprep on any of the servers.  That could certainly explain the issue -- but why are only the MySQL servers affected?
0
 

Author Closing Comment

by:LimeRidge29
ID: 39685596
Sysprep solved the domain issue.  But it caused the D drive to disappear.  It was in Disk Manager, but could not be enabled.  The VHD was blocked by Windows Firewall.  I got it back, as the E drive, and had to reassign drive letters.  So it all works now, thanks.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 39694101
That's odd that happened but glad you got your data back. Rather than Sysprep, if you are cloning with VMware you can also tell it to write a new SID during the cloning process.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been using r1soft Continuous Data Protection (http://www.r1soft.com/linux-cdp/) for many years now with the mySQL Addon and wanted to share a trick I have used several times. For those of us that don't have the luxury of using all transact…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question