Can't log in to domain after cloning to SSD

HI there, I have two domain computers I recently cloned the old sata drives to SSDs. The cloning worked just fine but the computers can't login to the domain when connected to the network. If i remove the ethernet cord I'm able to log in with the cached domain credentials, I reconnect the network cable and have access to all network resources. Does anyone know how to fix this without removing and rejoining the domain?

I used the cloning utilities that come with Samsung and Kingston SSDs.

thanks..
LVL 7
jorge diazSEAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
I would update the BIOS (necessary in 2018), chipset and update or completely reinstall the Network Drivers.

When done do a TCP/IP Reset, DNS Flush to be sure.

Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns

Now restart and test.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Pull the network cable and log in.  Then plug it in.  Do you have access to the domain?  What does the event logs say?  What is the error message when you try to log in with the cable attached?  (Pictures are best; use your phone if you have to take a picture and post it).
0
matrix8086Commented:
The only solution is to remove the computers from ADUC and then join the computers to domain.
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components. Every time a computer autheticate to AD, this ID is generated on the computer side and compared with the ID stored in the AD database. You've changed a component, so the ID generated on the computer side, does'n't match anymore with the ID stored in the AD database. This is a security feature, a measure to stop an intruder to impersonate your computer. A hacker would try exactly what you did.

Best regards
1
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Shaun VermaakTechnical Specialist IVCommented:
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components.
This is totally false.. Nothing relates to hardware on the computer account attributes (the GUID is random) and this is definitely not because of BIOS
https://docs.microsoft.com/en-us/previous-versions/tn-archive/ee198792(v=technet.10)

Does anyone know how to fix this without removing and rejoining the domain?
Use Reset-ComputerMachinePassword Powershell cmdlet to reset the computer account password, the default password is $saMAccountName. There is a 128 character password that is kept in sync between the domain member and its computer account. This password is a security feature similar to a user password.

The reason why you can log on is that you have cached logins enabled.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jose Gabriel Ortega CastroCEOCommented:
I agree with  Vermaak, nothing relies on software, GUID is a totally random identification. Moreover, you can use this on PS to generate a random GUID (PSv4 min)

[GUID]::NewGuid() | select -ExpandProperty Guid

Open in new window


In another part I think that the reset-computerMachinePassword resolved the issue so Basically, I'm aligned with the Shaun and add the Powershell command to get a GUID as the demonstration.
0
Mal OsborneAlpha GeekCommented:
Were this me, I would definitely try removing and re adding the machine to the domain. Very straightforward, takes maybe 10 mins and a couple of reboots. Make sure you have the local admin account credentials first though.
1
Lee W, MVPTechnology and Business Process AdvisorCommented:
To rephrase a little Mal Osborne
Does anyone know how to fix this without removing and rejoining the domain?
Why?  What's the big deal pulling it out of the domain and putting it back in?
0
chirkwareSystems AdministratorCommented:
If I'm reading this correctly, you took a machine connected to a domain, cloned it, and then connected the clone to the domain?

To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.

BEFORE cloning a machine, you should SYSPREP (generalize) it [to comply with MS licensing, this should be a PC built using Volume Media, not OEM].  Do NOT boot the machine into Windows after the sysprep.  Create the clone. THEN boot both machines.  You'll need to then join both to the Domain.  

When you clone without a SYSPREP, the new machine ends up with the same SID as the original.  To fix it from the point you are at, you need to remove BOTH from the domain, generate a new SID on at least one of these computers (either Sysprep, or look maybe at http://www.stratesave.com/html/sidchg.html which I've never used, but looks promising), then join both to the domain.
0
Shaun VermaakTechnical Specialist IVCommented:
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.
As far as I understand OP's question, the computers were not cloned, the drives were replaced. The two computers and still two computers
0
jorge diazSEAuthor Commented:
Thanks for the many responses, just to clarify i replaced the old sata with SSD by cloning it. that . way i didn't have to transfer all the user data and reinstall a million apps. I'll back to that site in two days to try the Reset-ComputerMachinePassword command from power shell. I"ll update then.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Disk Cloning

From novice to tech pro — start learning today.