View Cloning Error

I recently did a VMware View (VDI) deployment (using linked clones) for a customer and came across a new error which took me quite a bit of time to get resolved:

Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because you computer account was not found. Please try again later. If this message continues to appear, contact your system administrator for assistance

After deploying the pool, I would randomly receive the above error while attempting to login to the workstation.

Initially, I had thought the issue was related to QuickPrep since QuickPrep does not generate new SID's for the cloned VM's.  But after spending several hours investigating the event logs of my cloned workstations and domain controllers, I was able to determine that this issue (although indicating there was a problem with the computer account) had nothing to do with the VM's SID.  In a domain, a computer's SID is almost irrelevant since domain accounts have SID's based on the domain's SID.  Therefore, with a few exceptions, the only time a SID is really important is in a workgroup scenario where a workgroup might not be able to determine security based on the local accounts SID which was not the case here.

I eventually discovered that although my ESX host had been configured with NTP (Network Time Protocol) support (acquiring its time from the customers domain controllers) time synchronization between the customers domain controllers were not in sync thus producing the above error.  Since I could not find any related posts in the forms, I decided this issue was important enough to merit it's own KB in hopes this article might help someone else.

Time Synchronization is best practice with any environment, especially within a virtual environment.  When a virtual machine is first powered on, it sets the virtual machine's time (in the BIOS of the VM) to that of the time from the running ESX host.  Assuming the virtual machine is part of a Windows domain, Windows will also attempt to synchronize the virtual machines clock with the domain so long as it's current time is within the drift policy of your domains NTP settings.  Therefore, I find it best practice to synchronize each ESX host with the system's domain controllers and that your domain controllers are synchronized with a peer that synchronizes to an outside source.  This will ensure not only accurate time throughout your domain, but that the VM's clock does not skew from the domains time, between the time they boot-up and the time they get logged into the domain. Lets take a quick look at how to configured NTP on ESX.

Configure NTP Settings on ESX

1. Log in to vCenter using the Virtual Infrastructure (VI) client
   
   
2. From the Inventory drop-down, select "Hosts And Clusters"
   
   
   
   
3. Select an ESX host from the inventory and click the "Configuration" tab
   
   
   
   
4. In the Software window, choose the "Time Configuration" option
   
   
   
   
5. Click "Properties" to modify the hosts time configuration
   
   
   
   
6. On the Time Configuration screen, choose "Options"
   
   
   
   
7. From the NTP settings window, Add your domain's domain controllers
   
   
   
   
8. From the General settings window, set the Start-up Policy to "Start automatically" and then click the "Start" service command
   
   
   
   
9. Repeat steps 3-8 for the remaining ESX hosts

Verifying Domain Time Synchronization

1. Open the command prompt from a virtual machine
   
   
2. Run "w32tm /monitor" to verify that all your domain controllers are in sync with each other
   
   

   Z:\>w32tm /monitor DC01.tcpdump.com *** PDC *** [10.10.10.10]: ICMP: 0ms delay. NTP: +0.0000000s offset from DC01.tcpdump.com RefID: (unknown) [207.46.197.32] DC02.tcpdump.com [10.10.10.11]: ICMP: 0ms delay. NTP: +0.0678466s offset from DC01.tcpdump.com RefID: DC01.tcpdump.com [10.10.10.10] Z:\>

   
   
3. Take note of the offset between your domain controllers, if the offset is greater than 1 second, your domain controllers are probably out of sync.  Microsoft has written an excellent article describing how-to configure NTP in the enterprise.  Follow their guide for configuring NTP.

Once your ESX servers and synchronized with your domain and all your domain controllers are synced with each other, after rebooting the affected virtual machine(s), you should have no further issues logging in with View.  Good luck!

Add this page to your favorite website

Comments

Add New Search

Tom Howarth  - Chicken and Egg |29/03/2010 05:26:17 you secenario is fine where you have physical DCs that are getting their time form a known good source, however in a virtual environment your DC's wil be subject to the same risks of drift that all Vitual machine suffer. therefore in this case I find it safer to sychronise my ESX to a network time source IE Core router, with these the drift tolerances are much finer than that supported by Windows. you then sync your DC's that is holding the PDC role to the same source and allow Windows just to manage Windows. Reply | Quote

Raakesh |19/04/2010 21:20:20 You are correct Tom and I did that in our completely virtualized environment. However, drift is still being experienced within application running on VMs, in milliseconds. Please help Reply | Quote

Anonymous |14/11/2011 02:16:55 Reply | Quote

Anonymous |14/11/2011 02:56:19 Reply | Quote

Anonymous |14/11/2011 02:56:39 Reply | Quote

Anonymous |14/11/2011 03:03:00 time.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.tools.startuptime.synchronize.... Reply | Quote

Anonymous  - re: |14/11/2011 02:56:53 Anonymous wrote: Reply | Quote

Write comment
Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

!joomlacomment 4.0 Copyright (C) 2009 Compojoom.com . All rights reserved."