For, oh, 15 years I’ve been telling people to be aware of duplicate SIDs; and over the years we’ve had different tools—most recently, sysprep—to help ensure that each machine has a unique SID.
Today I finally got nabbed. I recycled a virtual machine image without thinking about the fact that it had not been sysprepped. And I learned some things about the strangeness that happens!
The VM started as a workgroup server, let’s call it SERVER01. I promoted it to a domain controller, renaming it along the way HQDC01. Today, I took a copy of the SERVER01 VM—pre promotion—booted it up and joined the domain. Seemed to work—no worries no fuss.
Then strange things started happening. I couldn’t open Event Viewer remotely to SERVER01, even though I was using Domain Admins level credentials. When I logged on to SERVER01, I couldn’t open Event Viewer (or much of anything, administrative) using domain credentials—I kept getting “access denied” type errors. But I could open Server Manager (including Event Viewer inside it!). I saw event messages about the clock not being synched with the DC, but I knew it had been. I also saw some big Group Policy application failures.
I got confused about credentials and checked the local Administrators group and, sure enough, Domain Admins was not a member!
Then, buried in the logs, I saw an insidious little error—something along the lines of “this server has the same SID as the domain.” AHA! That was the problem. Which was interesting also because I thought a new SID was generated during DCPROMO *and* I thought a new SID was generated when a workgroup machine joined a domain! Wrong on both counts I guess!!
So “weirdness” is the symptom, duplicate SIDs is the cause, and stupid “only-after-15-years-how-could-I-forget-to-sysprep” is the root cause.
Posted
Jul 21 2009, 10:48 PM
by
danholme