/build/static/layout/Breadcrumb_cap_w.png

ghost imaging and domain trust question

I have 6 laptops that I have ghost images of. Occasionally, every 4-6 weeks, I restore each image to each respective laptop, add any new software/patches/updates, and re-image the laptops and a now newer image. This keeps my laptops in top running condition since they are regularly checked out and people install software, make changes, etc. I call this my 'refresh' process.

Here is my problem. Occasionally when I restore an image and then reboot and try to login to our network, I get a domain trust error. Easy enough to fix because all I have to do is login locally, unjoin the domain, rejoin the domain (and authenticate) and then I'm good to go.
Is this preventable or is this happening because when I restore an image to my laptop that 'image' is several weeks old and somehow the domain sees it as a trust issue? Is there a way to fix this?

0 Comments   [ + ] Show comments

Answers (3)

Posted by: dlernstrom 17 years ago
Senior Yellow Belt
0
I don't believe there is a way around your issue. We use VMWare at our site as part of our test lab. VMWare has the capability of taking a snapshot of a machine and then allowing you to jump to that exact snapshot in a matter of seconds. When we snapshot a machine, if sufficient time goes by without turning on the vm, the domain will not allow it to connect. This seems to be the exact issue you are faced with.

Our workaround is very similar to yours.
Posted by: fosteky 17 years ago
Purple Belt
0
I think that as part of your "refresh" process, since you're not sysprepping, and you're using a computer joined to your domain to make your image that you should get the MS utility NETDOM (can't remember where this is - some Windows Server resource kit) and use it when upgrading the laptop image. Use NETDOM like so:
NETDOM RESET <computer_name> /domain:<your_domain>
This is a way of manually triggering a refresh of the (domain trust token?).

I believe this should work. Every (21?) days PCs quietly negotiate a new security token from the DC, you're capturing this in your image and by the time you use your image the security token (in the image) has become staledated (because the live PC has negotiated a new one).

Hope that helps.

-Actually, it won't help unless you refresh your laptop fleet every 20 days or less. Nevermind. Might help dlernstrom though (refresh your VPCs every 20 days or less - start them, NETDOM them, resnapshot)
Posted by: smason 17 years ago
Orange Belt
0
There are a couple of ways to prevent the secure channel password resets.
I had a problem with my packaging PC when I revert to by base snapshot with VMWare Workstation.
I forget which method I used, but see:
http://support.microsoft.com/default.aspx?scid=kb;en-us;q175468

Edit:
Now I remember. In group policy on my VMWare instances, I set Domain member:Disable machine account password changes to enabled.

Steve
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ