Virtualization of NT Server Domain.

[Djinni]

So over the past 2 months, I've been tasked with consolidating and creating additional redundancy for our server infrastructure the hardest part of which has been converting all of the old NT Machines which are basically enormous beasts that take up a lot of space and power. (Phase 2 is consolidating data and trying to upgrade now that there is a suitable/viable backup and restore strategy)

Anyway everything has been going swimmingly once I finally figured out the process, (See: http://blog.refreshprojects.com/conv...al-to-virtual/ for info) right up until I try to migrate the last of the file servers. Unfortunately as soon as I set-up the networking it basically drops off the domain, the only change being that the machine is virtual not physical.
All servers are reachable individually, but for some reason the linkage that allows the machine to talk to the Domain Controller (also an NT server) is broken.

Has anyone seen anything like this before? Or have any suggestions that do not involve burning the place to the ground?

- - - Updated - - -

If I try turning off the virtual machine and turn on the physical machine; the physical machine reconnects and is able to login using the domain credentials without issue.

- - - Updated - - -

After switching back to the virtual machine and disconnecting the physical machine I still get the error:

[Deleted]

No real idea of the issues so just shooting to the air, in case I hit something... I'm sure you have searched around the internet, but some links(for vmware).

http://www.petri.co.il/forums/showthread.php?t=48062
http://kb.vmware.com/selfservice/mic...rnalId=1006996

[Djinni]

Interestingly... just removing it from the domain and re-adding it as you would normally solved the problem. Might be worth finding out what caused the problem though.

[Tradewind]

iirc in an nt domain computer accounts work like user accounts too, in that they're unique SID's and there is a Trust setup between the DC and connected computers. I've not had the misfortune of using NT practically so I can't confirm if it's a good practice or not, but you may wish to remove the affected computer accounts and rejoin them manually. Or just rejoin them as you did. Which should theoretically create new accounts with the right SID's and Trusts. If you're moving from physical to virtual there is going to be an SID change since you're basically changing the entire hardware profile.

That's all I can think of. The error you're getting would be a symptom of what I'm terribly describing above.

[Djinni]

iirc in an nt domain computer accounts work like user accounts too, in that they're unique SID's and there is a Trust setup between the DC and connected computers.

This would explain it perfectly... except that it has only occurred on 1 out of the 6 machines I had to migrate which were joined to the domain. I would have expected the Domain Controller to complain the most if any. But that one converted without a so much as a hiccup.

[Deleted]

There's 2009 technet blog by Mark Russinovich where he talks about machine SID duplication basically saying that it's ok to have duplicate SIDs with one exception:

As I said earlier, there’s one exception to rule, and that’s DCs themselves. Every Domain has a unique Domain SID that’s the machine SID of the system that became the Domain’s first DC, and all machine SIDs for the Domain’s DCs match the Domain SID. So in some sense, that’s a case where machine SIDs do get referenced by other computers. That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain.

http://blogs.technet.com/b/markrussi...3/3291024.aspx

I'm not sure how a problem with that would manifest itself, however depending on how you migrated/duplicated the VMs this might explain why only certain machines are affected.

[Tradewind]

This would explain it perfectly... except that it has only occurred on 1 out of the 6 machines I had to migrate which were joined to the domain. I would have expected the Domain Controller to complain the most if any. But that one converted without a so much as a hiccup.

Probably just what Iloewe's thing is talking about, which is technically the same issue. But it's just a matter of one machine having an identical SID to the DC. Hence limited to a single machine. Either way rejoining it would fix the problem as you found out.