No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Linked-Clone VMs quit the Domain Controller in FusionAccess due to the abnormal NetLogon version in Windows

Publication Date:  2016-05-23 Views:  161 Downloads:  0
Issue Description
When trying to connect to the linked-clone VM, the login failed, and system will report the message that the VM has lost connection to the WorkStation, if we can login with local ADMINISTRATOR account, we can see the VM doesn’t join the Domain Controller.
Alarm Information

On the windows, when checking the event log, the alarm is as below:

Handling Process
1. Check the log file “NetSetup.log” in the Windows client, we found the VM joint the Domain Controller at 12:58:26 as below:

1.PNG

2. The time stamp on Windows client and Domain Controller for changing the password is the same at the latest time.

3. When checking the “Secure Channel” between the Windows client and Domain Controller, we can see the connection is successful.

2.png

4. And, when checking the property of the domain user, the “user cannot change password” was enabled.

5. Then, when opening the “event viewer” in Windows client, there is lots of error with event ID 3210, the details are as below:

6. At last, the event ID 3210 is also found in the Netlogon debug log file “%windir%\debug\netlogon.log” as below:

3.PNG

Root Cause
With the old NetLogon version, because the VM was not used for more than 30 days, the password for the MSA (management service account) will be expired, and then the VM will not communicate with the Domain Controller, which is a Windows problem.
Solution

 1. For the new linked-clone VMs

According to the hot fix from Microsoft, in the template for the linked-clone VM, the patch should be installed, and then the new template can be used to create the new VM for usage. The link about the hot fix from Microsoft is here:

https://support.microsoft.com/en-gb/kb/2958122

After installing the hot fix in the template and then create the VM with it, in the new VM, you will not see the event ID 3210 anymore, and also the version for the Netlogon.dll should be 6.1.7601.22648, and then the problem is resolved.

2. For the old linked-clone VMs

Because of the special feature that the system will restore to the original status after reboot for the linked-clone VM, when you install the hot fix in the VM (not the template), it will not take effect finally, so, we need to install it in the template.
Suggestions
For the VMs in FusionAccess system, we suggest to change the password for the account frequently and keep the network between the VM and the DC stable.

END