We help IT Professionals succeed at work.

Can't log in to domain after cloning to SSD

153 Views
Last Modified: 2018-10-08
HI there, I have two domain computers I recently cloned the old sata drives to SSDs. The cloning worked just fine but the computers can't login to the domain when connected to the network. If i remove the ethernet cord I'm able to log in with the cached domain credentials, I reconnect the network cable and have access to all network resources. Does anyone know how to fix this without removing and rejoining the domain?

I used the cloning utilities that come with Samsung and Kingston SSDs.

thanks..
Comment
Watch Question

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I would update the BIOS (necessary in 2018), chipset and update or completely reinstall the Network Drivers.

When done do a TCP/IP Reset, DNS Flush to be sure.

Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns

Now restart and test.
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Pull the network cable and log in.  Then plug it in.  Do you have access to the domain?  What does the event logs say?  What is the error message when you try to log in with the cable attached?  (Pictures are best; use your phone if you have to take a picture and post it).
matrix8086IT Manager
CERTIFIED EXPERT

Commented:
The only solution is to remove the computers from ADUC and then join the computers to domain.
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components. Every time a computer autheticate to AD, this ID is generated on the computer side and compared with the ID stored in the AD database. You've changed a component, so the ID generated on the computer side, does'n't match anymore with the ID stored in the AD database. This is a security feature, a measure to stop an intruder to impersonate your computer. A hacker would try exactly what you did.

Best regards
Senior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jose Gabriel Ortega CastroTop-Rated Plus Freelancer (Upwork)/EE Solution Guide / CEO / Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
I agree with  Vermaak, nothing relies on software, GUID is a totally random identification. Moreover, you can use this on PS to generate a random GUID (PSv4 min)

[GUID]::NewGuid() | select -ExpandProperty Guid

Open in new window


In another part I think that the reset-computerMachinePassword resolved the issue so Basically, I'm aligned with the Shaun and add the Powershell command to get a GUID as the demonstration.
Mal OsborneAlpha Geek
CERTIFIED EXPERT

Commented:
Were this me, I would definitely try removing and re adding the machine to the domain. Very straightforward, takes maybe 10 mins and a couple of reboots. Make sure you have the local admin account credentials first though.
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
To rephrase a little Mal Osborne
Does anyone know how to fix this without removing and rejoining the domain?
Why?  What's the big deal pulling it out of the domain and putting it back in?
chirkwareSystems Administrator
CERTIFIED EXPERT

Commented:
If I'm reading this correctly, you took a machine connected to a domain, cloned it, and then connected the clone to the domain?

To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.

BEFORE cloning a machine, you should SYSPREP (generalize) it [to comply with MS licensing, this should be a PC built using Volume Media, not OEM].  Do NOT boot the machine into Windows after the sysprep.  Create the clone. THEN boot both machines.  You'll need to then join both to the Domain.  

When you clone without a SYSPREP, the new machine ends up with the same SID as the original.  To fix it from the point you are at, you need to remove BOTH from the domain, generate a new SID on at least one of these computers (either Sysprep, or look maybe at http://www.stratesave.com/html/sidchg.html which I've never used, but looks promising), then join both to the domain.
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.
As far as I understand OP's question, the computers were not cloned, the drives were replaced. The two computers and still two computers
CERTIFIED EXPERT

Author

Commented:
Thanks for the many responses, just to clarify i replaced the old sata with SSD by cloning it. that . way i didn't have to transfer all the user data and reinstall a million apps. I'll back to that site in two days to try the Reset-ComputerMachinePassword command from power shell. I"ll update then.