Correct a duplicated SID in a Virtual Machine clone

August 3, 2012 at 3:17 pm Leave a comment

Las week I was creating a virtual machine proof of concept environment for a SQL 2008 R2 project. My design included 2 VMs with Windows Server 2008 R2 x64, one for the domain controller and the other for SQL 2008 R2.

To speed up the set up process I used a VM already existent and from there I created the two linked clones I needed.

Everything went ok with the domain controller VM set up but when I was installing the SQL Server VM this error showed up on the service accounts configuration screen:

image

image

image

No matter how I tried to enter the credentials I always got the same error. More strangely, if I added a domain account to any local group in the server the next time I opened the same group to inspect its contents the account didn’t show up!

After digging for more information in the windows logs of the server I started to figure out this problem was related to the processing of Security Identifiers (SID) between my domain controller and SQL Server VMs.

To learn more about them I turned to my trusted source, the TechNet Blogs, and found this interesting post by Mark Russinovich on SIDs. As it turns out my suspicions were right and my problem was originated because the domain controlled cloned VM had the same SID as the SQL Server VM and this is not a supported configuration:

“Every Domain has a unique Domain SID that’s the machine SID of the system that became the Domain’s first DC, and all machine SIDs for the Domain’s DCs match the Domain SID. So in some sense, that’s a case where machine SIDs do get referenced by other computers. That means that Domain member computers cannot have the same machine SID as that of the DCs and therefore Domain.”

To make sure this was my case I downloaded PsGetSid and ran it on each of the two VMs:

Domain Controller VM

PsGetSid v1.44 – Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals – www.sysinternals.com

SID for \\dcserver:
S-1-5-21-1054048706-2572955003-3949901901

SQL Server VM

PsGetSid v1.44 – Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals – www.sysinternals.com

SID for \\sqlserver:
S-1-5-21-1054048706-2572955003-3949901901

 

As you can see I was right and both VMs had the same SID because the cloning process didn’t affect this value.

Now that I had identified the problem I used the Sysprep tool to generate a new SID for the SQL Server VM. The process is pretty simple and goes like this:

1.- Run the Sysprep tool from your C:\Windows\System32\sysprep folder

image

2.- In the only configuration screen of the application select the following options:

image

image

3.- Once the Sysprep ends processing the VM is restarted and the classic initial configuration screens are displayed.

image

Once you end up configuring the operative system you can use PsGetSid again to make sure a new SID has been created for your VM.

image

Now the problem is solved and authentication against the domain could proceed without any error at all.

When doing this procedure bear in mind a new SID would invalidate the current Windows activation for the VM and a new one would be required.

Advertisements

Entry filed under: Windows 2008. Tags: , , .

Installing a SharePoint 2013 Development Environment Implementing Office Web Apps Server Preview 2013

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


August 2012
M T W T F S S
« Jul   Sep »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories


%d bloggers like this: