General discussion

Locked

Stale SID??

By tech84 ·
Here's a question for you... we use Power Quest's Drive Image Pro to store images of our Windows NT production computers. Every now and then, something will go wrong and an image will have to be restored. But the newly imaged machine will no longer log in to the domain until it is removed/re-added to the domain. I've always wondered what piece of NT the domain controller is looking at that causes it to reject the machine from logging in. Thanks for your time!

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Stale SID??

by grobledo In reply to Stale SID??

When you use Power Quest Drive Image Pro 3.0 or 4.0 you may change de SID with the utilitie SIDCHNGR.EXE to generate a new SID and new COMPUTERNAME of computer cloned.

The new COMPUTERNAME is missing in the Server Manager for DOMAINS and you may add the new COMPUTERNAME into the DOMAIN. You can do removed/added to the domain or in Server Manager add the news COMPUTERNAME to cloned.

Collapse -

Stale SID??

by grobledo In reply to Stale SID??

Sorry for my english is very poor, but in spanish is "Cuando cloneis PC sino cambiais el SID de los winnt wks 4, un d?a vereis que no os podreis validar en el dominio esto es debido a que dos m?quinas de la misma red poseen el mismo SID y solo deja validarse a la primera y la segunda no vuelve a entrar en el dominio a no ser que apagues la otra maquina o cambies el SID, a todo esto sino fuera asi Microsoft no hubiera sacado para los clientes MS-SELECT una herramienta que se llama SYSPREPTOOL para generar un nuevo SID"

Collapse -

Stale SID??

by tech84 In reply to Stale SID??

Poster rated this answer

Collapse -

Stale SID??

by rkelly In reply to Stale SID??

The answer is obviously not to do with SIDs, as you are just making a copy of an existing machine and then bringing it back down at a later date. Along with the SID your workstations also have a trust related password that is automatically negotiated between the workstation and the PDC. If your workstation is unavailable then your domain controller will negotiate a new password unilaterally, so when you bring your machine down the trust related password is wrong so you are unable to login. these passwords are used as a security feature along with SIDs, as there are many ways to duplicate a SID whilst the password remains hidden.

Richard Kelly
Brainbench MVP Windows 2000 Migration
www.brainbench.com

Collapse -

Stale SID??

by tech84 In reply to Stale SID??

Poster rated this answer

Collapse -

Stale SID??

by S&W Sr. Tech. In reply to Stale SID??

I agree with Tech84 (in part). Assignment of a new SID is definitely a requirement. But you may also have to remove the computer from the domain (via server manager), in order to re-add to same domain. Some cases the PDC doesn't want to give up a computer that's not online, you have to physically remove it.

Collapse -

Stale SID??

by tech84 In reply to Stale SID??

Poster rated this answer

Collapse -

Stale SID??

by mark.smith In reply to Stale SID??

We use Drive Image in my workplace. When I create an Image the last step I do before creating the image is removing the workstation from the Domain. Then I image the workstation. Then when using the image all you have to do is change the computer name (if you need to) and join the Domain. Then your good to go. You don't need to remove and re-add it every time.

I agree with the information you have been given so far. One of the answers describes having to remove workstations from Server Manager. It has been my experience that if you are a member of Domain Admins you can re-add a Workstation to the Domain if for example the trust relationship has been lost, without removing it first from Server Manager. However if you are not a member of Domain Admins, but belong to a group that has rights to add workstations to the Domain than you can only add unique computer names to the network. If the computer name exists in Server Manager you will need someone from Domain Admins to removethe Workstation name from Server Manager for you. Then you can join the Domain because the computer name is now unique.

Collapse -

Stale SID??

by tech84 In reply to Stale SID??

Poster rated this answer

Collapse -

Stale SID??

by aekland In reply to Stale SID??

The reason the image doesn't work is the trust password is changed periodically, I believe every seven days, and is negotiated between the server or workstation and the PDC. If the image has a different password they won't talk and it must be re-established. This is true for all computer accounts. You can see this if you log account changes. You will see the computer name with a $ at the end and that the account has been changed. You do not need to change the name or the sid.

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums