Quick fix to an AD issue with a VM

 So I’ve never run into this in my home lab (yet), but I have run into this in our EMC Demo lab once. I decided that I should blog about it just in case someone else runs into this or even better, so I don’t’ forget 🙂

 Here is the story: Someone in the lab cloned a Windows 2008 R2 server (vm) in vCenter and didn’t get a chance to finish up the “customization” before it was powered on.  Unfortunately the server they cloned happened to be the vCenter server so when the clone was brought on line, well let’s just say the vCenter server amd Active Directory had  issues. When you attempted to log in we would get the following error message

“The Security database on the server does not have a computer account for this workstation trust relationship”.

Normally this is a pretty quick and painless fix. Essentially you need to remove the server from the domain and re-add it. The problem is this VM was setup a year ago and no one remembered the local admin user account. To add insult to injury since  the AD wasn’t happy with that server we were in a catch 22.  We were stuck at the login screen with no way to get into the system. I was running out of ideas when in talking with one of my Team04 Rockstars Tyler Baker (@vtylerbaker) he suggested removing the Ethernet cable from the back of the host and seeing if we could get it to just use its cached AD credentials similar to what you do with your Laptop or Desktop when you are not connected to the network. Well since I was at home, I wasn’t going to drive into the lab just to test it so I did the next best thing. I logged into the vShere host, right clicked on the VM and went to “edit settings” then clicked on “Network Adapter” and then just unchecked the “Connected” box for the adapter.

That essentially disabled the Ethernet port. I then went to the console and was able to log in with no problems !! Once I was in I re-set the administrators password and also added me as a local admin (just in case). I then went back into the vSphere Client and re-enabled the Ethernet port and went about removing the VM from the Domain and then bounced the VM, logged in with the local admin account, re-added the VM to the domain and then all was right with the world !!

I LOVE it when a plan comes together !!  By the way, i’ve now used that trick for another issue i’ve run into with my Macbook Air + Fusion + EMC Windows 7 Image.  I’ll save that for another post.  Needless to say, disabling the network connection has come in handy a couple of times !!

@vTexan <– follow me on twitter

5 thoughts on “Quick fix to an AD issue with a VM

  1. This works great if you have cached logons enabled. Unfortunately, we have this disabled for security purposes- had to resort to a boot disc. :-/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s