Why am I getting an error message on a Cloned VM after changing its IP Address?
I cloned a VM but have given a new IP Address. However, now I am getting an error message reading "The Security Database on the server does not have a computer account for this workstation trust relationship". I understand that Cloning a VM creates a VM that is a copy of the original. But Once I provide a new IP Address, I believe the MAC Address and the OS SID also changes. Please correct me if I am wrong. Is there a way to fix this error message. Its on vCenter 6.7 and OS is Windows 2012 R2 Thanks.
No. Granting a new IP address does not give it a new SID. You should look at this utility for sysprep. https://mivilisnet.wordpress.com/2017/06/29/changing-sid-of-cloned-vms/
ASKER
Thanks Jon Yelton - Great Article.
A couple of questions if I may:
1. I know there is a way to use the sysprep using a VMware built-in utility (by adding specifications). Will this give a new SID, rather than trying the Windows Way. If so, do you know the steps please.
2. Is there a specific command to find the SID of a Windows VM
A couple of questions if I may:
1. I know there is a way to use the sysprep using a VMware built-in utility (by adding specifications). Will this give a new SID, rather than trying the Windows Way. If so, do you know the steps please.
2. Is there a specific command to find the SID of a Windows VM
I use a third party for this, which is pretty expensive for many smaller shops. But essentially, you use the Template feature built into VMware for your cloning and configure Guest settings. And then you run sysprep against that. I'm not that familiar with the native VM tools, so I will let someone else chime in. Here is a quick article I found. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-EB5F090E-723C-4470-B640-50B35D1EC016.html
Yes, you can get the SID using this powershell,
Yes, you can get the SID using this powershell,
get-adcomputer computername -prop sid
You don't need a new SID anymore, but you do have to either rejoin to domain with a new name, or reset its security account...
ASKER
Jon - Thanks for the article. But the "get-adcomputer" did not work. It said it is not a recognized internal or external command
Scott - Thanks for the advice. I actually renamed the Cloned VM to a new VM, activated the Windows License and then joined to the domain. May I know how can i Reset its security Account please? May be that may work.
Much appreciated both.
Scott - Thanks for the advice. I actually renamed the Cloned VM to a new VM, activated the Windows License and then joined to the domain. May I know how can i Reset its security Account please? May be that may work.
Much appreciated both.
Change the cloned VM's name. That should tweak the SID.
ASKER
Thanks Philip: I did change the Cloned VMs name and joined to the Domain.
Is there any way to run the Specification tool after work has been done on this server. I guess create a snapshot.
Is there any way to run the Specification tool after work has been done on this server. I guess create a snapshot.
If you cloned a machine that was NOT domain joined, Then you change its name either at the same time you join the domain or change name BEFORE you join the domain...
If the name you gave it already exists in your AD, you have to right click on it in "Users and Computers" and click reset...
If the name you gave it already exists in your AD, you have to right click on it in "Users and Computers" and click reset...
ASKER
Thanks Scott:
I had changed the name before joining the domain. I will try the Reset Account from the Domain during downtime since the Server is already in production.
I had changed the name before joining the domain. I will try the Reset Account from the Domain during downtime since the Server is already in production.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent suggestion Seth:
But I did check the MAC Address and its different for both the VMs. The names are also different. Windows is activated too. Before doing anything is there any easier way to find the SID of the Servers. The powershell command does not seem to work:
But the situation here is both the VMs are already in the Domain in production. But getting that security error. Not sure what I can I do rightfully next.
Thanks.
But I did check the MAC Address and its different for both the VMs. The names are also different. Windows is activated too. Before doing anything is there any easier way to find the SID of the Servers. The powershell command does not seem to work:
get-adcomputer computername -prop sidBut the situation here is both the VMs are already in the Domain in production. But getting that security error. Not sure what I can I do rightfully next.
Thanks.
Utility to get the machine's SID: https://docs.microsoft.com/en-us/sysinternals/downloads/psgetsid
Method:
Method:
Yes, you can. In Active Directory you will need to delete the computer object of your problem server and then rejoin it to the Domain. This will get you a new SID for the server. However, doing this creates a new Computer Object for your server so all of its group memberships, permissions, etc. will need to be recreated because it has a new SID. Active Directory doesn’t see it as the same server.https://serverfault.com/questions/849791/how-to-change-sid-of-deployed-server
ASKER
Thats excellent stuff Philip - Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.