Can't log in to domain after cloning to SSD

jorge diaz
jorge diaz used Ask the Experts™
on
HI there, I have two domain computers I recently cloned the old sata drives to SSDs. The cloning worked just fine but the computers can't login to the domain when connected to the network. If i remove the ethernet cord I'm able to log in with the cached domain credentials, I reconnect the network cable and have access to all network resources. Does anyone know how to fix this without removing and rejoining the domain?

I used the cloning utilities that come with Samsung and Kingston SSDs.

thanks..
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I would update the BIOS (necessary in 2018), chipset and update or completely reinstall the Network Drivers.

When done do a TCP/IP Reset, DNS Flush to be sure.

Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns

Now restart and test.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
Pull the network cable and log in.  Then plug it in.  Do you have access to the domain?  What does the event logs say?  What is the error message when you try to log in with the cable attached?  (Pictures are best; use your phone if you have to take a picture and post it).
The only solution is to remove the computers from ADUC and then join the computers to domain.
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components. Every time a computer autheticate to AD, this ID is generated on the computer side and compared with the ID stored in the AD database. You've changed a component, so the ID generated on the computer side, does'n't match anymore with the ID stored in the AD database. This is a security feature, a measure to stop an intruder to impersonate your computer. A hacker would try exactly what you did.

Best regards
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Technical Specialist
Awarded 2017
Distinguished Expert 2018
Commented:
When joining to an AD domain, an unique computer ID is generated and stored in the AD database in the DC. The unique ID is composed based on computer hardware components.
This is totally false.. Nothing relates to hardware on the computer account attributes (the GUID is random) and this is definitely not because of BIOS
https://docs.microsoft.com/en-us/previous-versions/tn-archive/ee198792(v=technet.10)

Does anyone know how to fix this without removing and rejoining the domain?
Use Reset-ComputerMachinePassword Powershell cmdlet to reset the computer account password, the default password is $saMAccountName. There is a 128 character password that is kept in sync between the domain member and its computer account. This password is a security feature similar to a user password.

The reason why you can log on is that you have cached logins enabled.
Jose Gabriel Ortega CastroTop Rated Freelancer on MS Technologies
Awarded 2018
Distinguished Expert 2018

Commented:
I agree with  Vermaak, nothing relies on software, GUID is a totally random identification. Moreover, you can use this on PS to generate a random GUID (PSv4 min)

[GUID]::NewGuid() | select -ExpandProperty Guid

Open in new window


In another part I think that the reset-computerMachinePassword resolved the issue so Basically, I'm aligned with the Shaun and add the Powershell command to get a GUID as the demonstration.
Were this me, I would definitely try removing and re adding the machine to the domain. Very straightforward, takes maybe 10 mins and a couple of reboots. Make sure you have the local admin account credentials first though.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
To rephrase a little Mal Osborne
Does anyone know how to fix this without removing and rejoining the domain?
Why?  What's the big deal pulling it out of the domain and putting it back in?
chirkwareSystems Administrator

Commented:
If I'm reading this correctly, you took a machine connected to a domain, cloned it, and then connected the clone to the domain?

To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.

BEFORE cloning a machine, you should SYSPREP (generalize) it [to comply with MS licensing, this should be a PC built using Volume Media, not OEM].  Do NOT boot the machine into Windows after the sysprep.  Create the clone. THEN boot both machines.  You'll need to then join both to the Domain.  

When you clone without a SYSPREP, the new machine ends up with the same SID as the original.  To fix it from the point you are at, you need to remove BOTH from the domain, generate a new SID on at least one of these computers (either Sysprep, or look maybe at http://www.stratesave.com/html/sidchg.html which I've never used, but looks promising), then join both to the domain.
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
To answer your question regarding fixing this WITHOUT disjoining/joining domain, you can't.  From the domains perspective, these two computers are one computer, so they cannot coexist.  Your process is broken.
As far as I understand OP's question, the computers were not cloned, the drives were replaced. The two computers and still two computers
Thanks for the many responses, just to clarify i replaced the old sata with SSD by cloning it. that . way i didn't have to transfer all the user data and reinstall a million apps. I'll back to that site in two days to try the Reset-ComputerMachinePassword command from power shell. I"ll update then.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial