Active Directory Errors for Linked Clones and Instant Clones

Posted on by Arun PC

I had a customer had a Horizon 7.4 system was running perfectly fine for months and he started to get intermittent errors such as these on this Instant Clones and Linked Clones.

trst

Error for Linked Clones which says ” The security database on the server does not have a computer account for this workstation trust relationship”

group policy client

Error on Instant Clone

There are multiple reasons why AD might think the computer account is faulty. Some of the common issues could be the VMware admin reverting to a snapshot with an older password that is different from what is known to AD, or the computer account for the master image is modified in the AD database or external factors such as Anti-virus changing the SID or machine properties or AD having stale entries.

Since both Instant Clones and Linked Clones started to display the error, we started to test Dedicated Desktops for a bunch of users and what we found out this error goes away totally.

This is really picked my interest. The only difference between Dedicated Desktops and Linked Clones or Instant Clones is the cloning process.

The following is how the cloning process differs.

Pool Type Clone Type Impact to SID
Dedicated Clone Sysprep New SID created
Linked Clone Quickprep Old SID reused. No new SID
Instant Clone Cloneprep Old SID reused. No new SID

Assuming that your AD Controllers are in sync and is fully functional, one conclusion from the above that crossed my mind is how about we create a new SID? The only supported way to create a new SID is to run sysprep generalize on the new snapshot and that what we did.

Sysprep_Vista_Generalize

So here are few things we did differently, and testing is in progress.

  • Take the Windows 10 VM out of the domain. This is to make sure the parent VM in unaffected by the default GPOs and remains as clean and pristine as possible.
  • Run Sysprep Generalize to create a new SID for the Windows 10 VM
  • Create folder redirection for Windows Event logs. Since Instant Clones gets deleted on logoff, this will help save logs.
  • Create a snapshot before running VMware Optimization Tool. I usually choose the LoginVSI template as a baseline for optimization.

osot-loginvsi

  • Create Instant Clone VMs from the snapshot.

Hope this was useful.

Published by Arun PC

Technologist, lover of books, father, son, friend. Life long student.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s