Everyone knows virtualisation is a hot topic. I love the fact I can have a complete test infrastructure without having to keep lots of kit hanging around (you should she what’s in my loft at home!)
I ran into a couple of hiccups last night which I kicked myself for once I’d realised what the problem was so if your a Virtual PC / Server / Hyper V veteran you’ll think I’m a dumbass 🙂 but I also want to make a note of this as I’ll probably forget!
I use my Technet subscription in combination with Virtual PC at home (new hard disc on order and then it’ll be hyper-v all the way!) and I like to create setups similar to how are clients are working. This generally means an SBS virtual machine with a client PC (mostly XP) sometimes with a member server or if I’m just learning about some new software (e.g Exchange 2007 or SharePoint ) it’ll just be a single server
Last night I was trying something and needed a couple of Windows 2003 servers (no sbs here) so I created my first server, ran updated updates, etc then shut it down and took a copy of the virtual machine to save me some installation time and then started the first machine up again, made it a domain controller and added a client PC to the domain (all good so far)
I then started up my second server so I could configure it as a member server
I spotted I wasn’t able to ping the other server or the client.
They could ping the second server but not the other way around
I only had a single network card in each of the systems and set them to local only so didn’t have anything weird and wonderful going on
After a bit of head scratching I ran arp –a and that was when the penny dropped
Virtual PC creates a MAC address for the system when you first create it. As I’d copied the original system the servers had identical MAC addresses. While I thought the first server and the client were able to ping the second server they actually weren’t. It was resolving back to the first server!
Thankfully the fix is pretty easy (it’s in the troubleshooting section of the virtual PC help file)
Two or more guest operating systems have the same Media Access Control (MAC) address.
Cause: If you create an image of a host operating system that includes Virtual PC and virtual machines configuration files (.vmc files) and copy that image to another computer, each virtual machine configuration file included in the image contains a MAC address. The MAC address will not be reset automatically when you place the image on a new physical computer. As a result, the virtual machines that are copied onto the new computer will have the same MAC addresses as the virtual machines on the computer that was used to create the image.
Solution: Edit the .vmc file to remove the MAC address. Find the following line:
<ethernet_card_address type="bytes">0003FFxxxxxx</ethernet_card_address>
Remove the number so the line appears as follows:
<ethernet_card_address type="bytes"></ethernet_card_address>
After you remove the number, Virtual PC will create a new MAC address the next time you start the virtual machine.
After I’d done that I was able to ping everything ok so joined the domain and rebooted
That was when I ran into my second problem
When I tried to logon I got the following error
The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain.
No head scratching here though as the message is self explanatory.
The top of this knowledge base article gives a nice explanation of what my problem was here
During installation of Windows, a machine SID is computed to contain a statistically unique 96-bit number. The machine SID is the prefix of the user account and group account SIDs that are created on the computer. The machine SID is concatenated with the Relative ID (RID) of the account to create the account’s unique identifier.
Similar to the last problem in that I’d caused it by using a duplicated system
But what to do about it?
My initial thoughts were SYSPREP or start from scratch but then I remembered the awesomeness(?) that is sysinternals.com would save my skin again
There is a util on the site called NewSID that does exactly what I was looking for here
There is a big disclaimer on the front page for the utility about Microsoft not supporting images that are prepared using NewSID but this was just a test environment and their warning is generally also talking about disk cloning scenarios
I ran the utility and it even helpfully offered to change the computer name for me as well
I restarted the system, rejoined the domain and was able to carry on!
Latest posts by Andy Parkes (see all)
- Dishley parkrun, Loughborough - August 1, 2023
- Woodgate Valley Country Park parkrun - July 22, 2023
- Abbey Park parkrun - June 8, 2023
just had to create a dev environment in 2003 server and came across the SID problem, thanks for sharing the advice, did the trick and its a nifty wee tool. cheers again.
No problem – glad i could help!