Strange permission errors with Windows Server 2008

Question

Strange permission errors with Windows Server 2008

I just don't know a better way to describe my issue that is driving me nuts. I am trying to establish a test domain with virtual machines on a box that has Win7 with VMwware workstation installed. The purpouse with this domain will be so that we can try and test different situations before they go into the production network.

I build a VM with WinSrv2008R2 and I am using that VM as a template to make other servers for the domain by making clones of it. Now I raise a DC with one clone and a member server with another clone - I add the server to the domain. I am following a standard procedure as always (it is not my first domain). Then I make an admin account and I am adding the admin to be a member of the Domain and Enterprise Admins group.

That admin is admin with full priviledges on the DC.. no problem there. But on the other server has ... somewhat half the privileges and I cant log in via RDP. I tryed with another account. Same issues.

For example (with half the privileges): I can't open the Even Viewer if I go via Start -> Administrative Tools -> Event Viewer. But I can open the Even Viewer via the server manager. You can notice this on the image below. I mean WTF???

enter image description here

I am going crazy, I haven't experienced anything similar in my three years of expertise. I already lost 3 days troubleshooting this. Could this be related with the cloning? Perhaps if I make fresh installs of WinSrv2008 there won't be any problems?

I've had raised test domains as VMs on other occasions before, and there weren't any problems then. This is VMware Workstation 8. I've made clones before, on Workstation 7 it didn't had any problems. Anyone has any ideas?

UPDATE:

This is the info from the event log when I try to access via RDP:

An account failed to log on.

Subject:
    Security ID:        NULL SID
    Account Name:       -
    Account Domain:     -
    Logon ID:       0x0

Logon Type:         3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       pat.coleman
    Account Domain:     lab

Failure Information:
    Failure Reason:     Domain sid inconsistent.
    Status:         0xc000006d
    Sub Status:     0xc000019b

windows-server-2008

active-directory

vmware-workstation

asked on Server Fault Dec 13, 2012 by

Spirit • edited Dec 13, 2012 by

Spirit

2 Answers

When you promote a server to a Domain Controller and it is the first Domain Controller in the domain, the local machine SID is used in the creation of the domain SID. This is really the only time that the local machine SID matters. Since you don't seem to have run sysprep, the machine SID of the clone matches the domain SID of the domain - which causes the weird behavior that you're seeing.

Dismantle the domain and start from scratch, sysprepping each clone before dcpromoing and joining the member servers.

answered on Server Fault Dec 25, 2012 by

MDMarra • edited Dec 25, 2012 by

MDMarra

Run sysprep after you create the clones :)

answered on Server Fault Dec 25, 2012 by

1.618

User contributions licensed under CC BY-SA 3.0