When trying to connect to the linked-clone VM, the login failed, and system will report the message that the VM has lost connection to the WorkStation, if we can login with local ADMINISTRATOR account, we can see the VM doesn’t join the Domain Controller.
On the windows, when checking the event log, the alarm is as below:
1. Check the log file “NetSetup.log” in the Windows client, we found the VM joint the Domain Controller at 12:58:26 as below:
2. The time stamp on Windows client and Domain Controller for changing the password is the same at the latest time.
3. When checking the “Secure Channel” between the Windows client and Domain Controller, we can see the connection is successful.
4. And, when checking the property of the domain user, the “user cannot change password” was enabled.
5. Then, when opening the “event viewer” in Windows client, there is lots of error with event ID 3210, the details are as below:
6. At last, the event ID 3210 is also found in the Netlogon debug log file “%windir%\debug\netlogon.log” as below:
With the old NetLogon version, because the VM was not used for more than 30 days, the password for the MSA (management service account) will be expired, and then the VM will not communicate with the Domain Controller, which is a Windows problem.
1. For the new linked-clone VMs
According to the hot fix from Microsoft, in the template for the linked-clone VM, the patch should be installed, and then the new template can be used to create the new VM for usage. The link about the hot fix from Microsoft is here:
After installing the hot fix in the template and then create the VM with it, in the new VM, you will not see the event ID 3210 anymore, and also the version for the Netlogon.dll should be 6.1.7601.22648, and then the problem is resolved.
2. For the old linked-clone VMs
Because of the special feature that the system will restore to the original status after reboot for the linked-clone VM, when you install the hot fix in the VM (not the template), it will not take effect finally, so, we need to install it in the template.
For the VMs in FusionAccess system, we suggest to change the password for the account frequently and keep the network between the VM and the DC stable.