Problems to join a virtual machine on Domain.

Similar Messages

• Unable to join the client machine into domain in low banswidth 16kbps

  Hi,<o:p></o:p>
  I'm unable to join the client machine into domain which is in low bandwidth 16 kbps.but i can able join other machine into domain which is having
  more bandwidth,please help me on this issue<o:p></o:p>

  Depending on the version of your domain, you could try an offline join.
  http://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=WS.10).aspx
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.
  I would say that it depends on the client OS (Windows 7 or Windows 8) if offline domain join could be used or not, not that much regarding the level of the domain, you can always use the
  /downlevel switch to target a DC running Windows Server 2003 for example.
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• Unable to join virtual machines to domain controller

  Hello all
  I am studying for MCSE 2012 R2 and have decided to move from VMware Esxi 5.5 to Hyper-V in Server 2012R2.
  I built the host (Server 2012r2) and so far 3 VMs (all are Server 2012R2 VMs) . I promoted one of the VMs to a Domain controller and things appear to have installed with no issue. This is what I have done so far:
  Added Static IP addresses for all VMs
  Configured each VM's DNS setting to use the DC 
  When I try to join one of the virtual servers to the domain controller this is what I get.
  Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wolfpack.local":
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.wolfpack.local
  Common causes of this error include the following:
  - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals.
  This computer is configured to use DNS servers with the following IP addresses:
  10.0.0.14
  - One or more of the following zones do not include delegation to its child zone:
  wolfpack.local
  local
  . (the root zone)
  Phil Balderos

  Hi Phil,
  I have noticed that the domain is wolfpack.local but  two VMs has another DNS suffix "home.network" .
  Please remove it and join it to domain again .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.
  Hello Elton and thank you for the response.
  I was looking at that same setting on my VM and its empty.
  Phil Balderos

• Cannot join Server 2012 machine to domain

  I am trying to join a clean  Server 2012 machine configured with Active Directory Domain Services and DNS features enabled to a domain (alekatest.com) which I have purchased. The Active Directory Domain Services option in Server Manager advises me that
  the server requires promotion to a Domain Controller, but if I select "Add a domain controller to an existing domain" and enter "alekatest.com", and supply Domain Admin  credentials I get a message "Encountered an error contacting
  domain alekatest.com. The server is not operational". The DNS server has address 10.0.0.2.
  When I try and change from workgroup to new domain alekatest.com, it fails with the message "No records found for given DNS query. The query was for the SRV record for _ldap._tcp.dc._msdcs.alekatest.com". The server is connected by Ethernet to
  a wireless router in a home network.
  The ipconfig/all data from the server is:
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : SERVER2012
     Primary Dns Suffix  . . . . . . . :
     Node Type . . . . . . . . . . . . : Broadcast
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
  Ethernet adapter Ethernet:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connecti
     Physical Address. . . . . . . . . : 00-26-B9-82-D5-76
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.0.0.138
     DNS Servers . . . . . . . . . . . : 10.0.0.2
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:386b:2023:f5ff:fffd(Prefer
     Link-local IPv6 Address . . . . . : fe80::386b:2023:f5ff:fffd%14(Preferred)
     Default Gateway . . . . . . . . . : ::
     DHCPv6 IAID . . . . . . . . . . . : 335544320
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-FC-79-E8-00-26-B9-82-D5-76
     NetBIOS over Tcpip. . . . . . . . : Disabled
  Tunnel adapter isatap.{6945E26E-B530-4271-8CF1-AD4BC13AF147}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {74B5ED96-D12C-413B-9ED4-5B6270328AE0}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Reusable ISATAP Interface {A9E91CEE-5350-4ACA-934D-D2AA5188B694}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  I can ping alekatest.com from the server:
  Pinging alekatest.com [203.170.87.12] with 32 bytes of data:
  Reply from 203.170.87.12: bytes=32 time=86ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=109ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=106ms TTL=50
  Reply from 203.170.87.12: bytes=32 time=81ms TTL=50
  and  nslookup alekatest.com returns
  Server:  UnKnown
  Address:  10.0.0.2
  Non-authoritative answer:
  Name:    alekatest.com
  Address:  203.170.87.12
  if I try to return srv records from alekatest.com as follows, no records are returned
  PS C:\Users\Administrator> nslookup
  Default Server:  UnKnown
  Address:  10.0.0.2
  > set q=srv
  > _ldap._tcp.dc._msdcs.alekatest.com
  Server:  UnKnown
  Address:  10.0.0.2
  _ldap._tcp.dc._msdcs.alekatest.com
          primary name server = ns1.crazydomains.com
          responsible mail addr = dns.crazydomains.com
          serial  = 2010010101
          refresh = 7200 (2 hours)
          retry   = 120 (2 mins)
          expire  = 1209600 (14 days)
          default TTL = 3600 (1 hour)
  In order to add an srv record I would appear to need to access the server ns1.crazydomains.com, which I doubt is possible.
  Any help would be much appreciated

  You're confusing DNS Domains and Active Directory Domains. While there are similarities the two are and do completely different things.
  A DNS domain, in your case alekatest.com hosted by crazydomains.com is used to direct people to resources, for instance on the internet, to get to things like your website, email etc. It's not specific to Windows, and generally speaking after purchasing
  it from a 3rd party you control what the DNS records are through that 3rd party.
  An Active Directory domain is what you're referring to when you talk about joining a machine to a domain, setting up users on a domain, controlling access to resources on your network etc. This doesn't require you to purchase a domain from a 3rd party, and
  could potentially be called anything you like.
  So, in terms of your AD server, assuming you don't already have an AD domain configured on another AD controller on the network, when you do the setup you'll need to select the option to create a new domain. You could then set it to use alekatest.com, but
  that isn't recommended as you can get into all kinds of issues with your local and public DNS records conflicting, so unless you know what you're doing and why you're doing it I'd suggest avoiding that. A better idea would be to set the AD domain to something
  like alekatest.local. That would then become the local domain, so for instance your users would login as akekatest\<username> on the domain, and your local machines can then be joined to that domain.
  Once all that is done, if you did need to have local records for alekatest.com pointing to local resources, there's nothing stopping you from adding that zone into DNS Manager on the AD server and configuring the records accordingly, however be aware that
  once you did that your server would assume that it has all the records for the domain. So if you had a website configured on
  www.alekatest.com and had the DNS records for that pointing to your website hosted somewhere else via your domain provider, if you didn't re-create that same record on your local copy of the domain then you'll be unable
  to reach that website from your local network (since your users will be trying to find it locally rather than on the internet).
  Hope that makes sense.

• Strange problem with virtual machines backup (Hyper-V 2012R2)

  Hi
  I have a strange problem with backup of virtual machines in one of my Hyper-V environments. Let me describe how does it looks like: There are two physical servers - HP DL360 G8. They are used as hosts for four virtual machines - domain controllers in two domains.
  Each of them runs one DC in every domain. I've configured backup "inside" every virtual machine (with Windows Server Backup tool), in its operating system, because domain controllers should have their system state, regularly backuped, etc. Backup
  is made on the network share - all machines to the same server as destination. And now the case - two virtual server are backuped as expected - the operation takes 3 - 4 minutes and is always succeded. But in case of two remaining it looks as below:
  - Backup operation starts (is scheduled).
  - Volume shadow copy is made.
  - The first partition of VM starts to be copied. It's Windows 2012 R2 Generation2 VM, so it has EFI, Recovery and C: partition. EFI is as first and at this moment backup stucks for a 2-3 hours! Progress of copying is 0%. After for example 3 hours this partition
  is completed and starts the next (disk C:). And again - it freezes for a few hours and suddenly is pushed. As a result the backup is made successfully, but it takes for example 10 hours.
  Both "dodgy" VMs are on separated hosts. All four of them were installed in the same time. I tried to change destination to locally connected disk, but no result. It's interesting as well, that after rebooting VM, the first backup is made normally,
  but every next has described problem again. In EventLog I can't find any errors, I don't know how to diagnose such case precisely, etc. Have you got idea what can cause such behaviour or where on the server should I look for some hints?
  Thanks
  Marcin

  Hi Marcin,
  >>that after rebooting VM, the first backup is made normally, but every next has described problem again.
  It shouldn't happen .
  To narrow this issue down , Please try to backup an Gen1 VM and check the result .
  Best Regards
  Elton JI
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Virtual Machine Issue

  Good Morning all,
  I am currently in the middle of setting up my personal home domain.
  I currently have the following setup:
  - Server running 2012 R2 and this is my Domain Controller
  - My DNS and DHCP is currently on my Sky broadband router (this is just incase my server gets turned off at some point at least other users in my house will get an ip etc.)
  - On this server I also have the Hyper-V role installed. (I have a Windows 8.1 virtual machine running on this)
  Now my issue.
  I am trying to use the Hyper-V virtual machine as my "test pc" so that I can apply group policies etc and just make sure everything is working as should be. For some reason however I cannot join my domain via the Virtual machine.
  I have turned the firewalls off both the Server and the Virtual Machine, and both can see each other via ping. If I also go to
  \\servername\share I can also see items such as sysvol etc on my Virtual Machine.
  when trying to join the virtual machine to the domain I am getting the following error "An Active Directory Domain Controller (AD DC) for the domain "domainname" could not be contacted. Ensure that the domain name is typed correctly. If the
  name is correct, click details for troubleshooting information"
  I am not really sure where to go from here. I have also manually set the DNS address so that is picks up from the Sky Router.
  Any ideas please. 
  *Added*
  The internet on the virtual machine works fine.

  The major error is in misplacing your DNS. Active Directory should have its own DNS
  (usually sitting on the DC). The reason is simple. In DNS there are
  domain resource records that provide client information about Active Directory objects (to say it simply).
  I do recommend to read something about Active Directory infrastructure. Technet and some books may bring you to correct configuration quickly. Also there are various labs and webcast that bring live learning possibilities.
  http://technet.microsoft.com/en-us/windowsserver/hh534429.aspx
  http://technet.microsoft.com/en-us/virtuallabs?id=f9E0rhsEF74
  http://www.amazon.com/s/?url=search-alias=aps&tag=iteb0b-20&link_code=wql&_encoding=UTF-8&field-keywords=978-1-44932-002-7
  HTH
  Milos

• Java Virtual Machine Errors

  I am running Windows 2000 SP4 on a Compaq PC and have just begun to have problems with the JAVA Virtual Machine. All of a sudden, a message pops up that I need to download the java virtual machine. I have followed the links to download Sun's virtual machine and am still getting the message.
  What am I doing wrong?
  Thanks,
  Kelly

  It varies. When I'm trying to get into our Principal 401k website to upload contributions.....when I'm trying to get to pogo games.....etc.
  I have also tried to download Sun's virtual java machine from Principal Financial Group's website with also no luck. If I go ahead and answer the message I'm getting with download now button, it goes ahead and displays the website correctly "sometimes". I began having these problems when I downloaded the latest windows updates last week if that has anything to do with it.

• RMI server crashing the Virtual Machine

  I am writing an enterprise RMI service at work and it has been crashing at seemingly random points and in-frequently. It is not actually crashing as such, because I have added a shutdown hook and that is getting called before it exits. I know for sure that it is not a system.exit() call because I have prevented all system.exit() calls in the security manager. I also have put in very tight memory management and an extended heap so I don't think its a memory issue either. Frequent calls to freeMemory() show that there is no memory leakage and that everything seems to be being cleaned up correctly.
  I am using the IBM 1.3 virtual machine on a linux box for the server and thus the calls to the garbage collector are working nicely and when requested.
  The crashing is happening at seemingly random points and I have covered all my public methods with try....catch blocks that catch Throwable, and it doesn't seem to be an exception. Code that 19 out of 20 times will run fine, crashes on the 20th run etc.
  What I am wondering is - has anyone had similar problems and do you know how to fix it?
  My other thought is that perhaps it is a problem with the IBM virtual machine, and I am thus going to try running things through the Sun 1.3 virtual machine to see if I get any different results.
  Any insights or help from people developing similar services would be greatly appreciated (this is the first RMI service I have implemented).

  YES!!! I finally solved it..........
  I put the monitoring code into the startup script - incidentally, on linux the shell variable is $? as opposed to $status.
  Then I let it run and this morning it exited again and the error code was 130 - or Control-C.... This made no sense to me as the service was running on a linux box which I was monitoring through a telnet window on my Windows PC. And I know for sure that I wasn't pressing Control-C.
  After talking to someone else at work I found out that they had heaps of problems running a resin server in a similar way (through a telnet window), and in the end it came down to the telnet window was sending things it shouldn't to the resin server and causing all sorts of problems. As soon as they ran it in the background, the problems disappeared.
  So I ran it in the background and the problem has disappeared. Instead, to monitor the service I just did a tail -f on the log file and every half hour or so the tail program running through the telnet window was just dying mysteriously...... ha ha ha ha
  Thanks a lot for your help EJP, I wouldn't have been able to sort it out without your suggestions. And I have learnt a lot more about RMI in tracking this bug down. Only problem is that the clients were here for a demo last week and had it exit once while they were running the client app......arg!!!

• Can Hyper-V host join a domain of a virtual machine domain controller on that same host?

  Learning about Failover Clustering with Hyper-V. I have two hyper-v nodes(servers). I want to add them to a failover cluster, but it said that the nodes must be in a domain to join failover cluster.
  Can I create a domain controller role on a virtual machine hosted on that same node and join that node to the domain?
  Can I just create a role on one of the two nodes along with hyper-v role and join the second node to the domain?

  You can create
  an AD VM and join the Hyper-V host to it in Server 2012 (or Hyper-V Server 2012, the preferred OS for running a Hyper-V Cluster). This did
  not work in any previous version of Windows.
  This would be a really horrible idea for a production environment, but suitable for a lab/training.
  Also, you only need one host/node to form a cluster (though it probably throws errors/warnings if you do)

• Problems PXE booting Gen 2 Virtual Machines after Upgrading to Windows Server 2012 R2

  My Current Setup: 
  I have two virtual machines set up with Hyper V on my Windows Server 2012 Server.
  VM1: Configured to boot from an ISO file and runs Clonezilla server. 
  VM2: Configured to PXE boot using a legacy network adapter, and with a passthrough 250Gb hard disk. 
  These two VMs are connected to an external Virtual Switch, which allows physical machines to PXE boot to the Clonezilla server. 
  For the past few months I have been using this setup for two purposes:
  1. To clone physical machines to the Clonezilla virtual server (as a backup).
  2. To restore those image to the second VM if I find that need to get access to the files on the original image.. 
  This has worked perfectly, except for the fact that the speed of the legacy network adapter on the second VM (which is required to PXE boot) is very slow. But I know this is because of the limitations in how the legacy adapter works... 
  Now my problem:
  I found out that Gen 2 VMs allow you to PXE boot without having use a legacy network adapter, allowing me to image back to the VM faster. So I upgraded the Server to Server 2012 R2 . I then created the same two virtual machines on the R2 server. I can still
  PXE boot the Gen 1 VM to the Clonezilla Server but I cannot get the Gen 2 VMs to PXE boot properly. They get an IP address from the Clonezilla Server but then just stop with the following screen. (note: I have disabled the Secure Boot). 
  Are Gen 2 VMs unable to pull down images from anything other than a WDS Server? 

  Hi J,
  >>Unfortunately WDS is not a solution for us as it is dependent on the PC being part of a domain
  If you would like to make the client not join to the domain, please check the box before “Do not join the client to a domain after an installation.”  In addition, make sure not to set the client to the domain in the unattend file and do not prestage
  the computer in AD. "
  It is quoted from following thread :
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/1026c3a9-0a10-4a58-a48f-5391659a96c8/wds-set-unattend-file-for-workgroup?forum=winserversetup
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• DNS Error while joining the machine to domain.

  I get the below error while joining a new Win7 machine to the domain.
  I can ping and successfully resolve nslookup on both server and client machine.
  Both client and server (2008r2) are virtual machines, with private ip's on LAN...
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
  magic.com:
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
  Common causes of this error include the following:
  - The DNS SRV record is not registered in DNS.
  - One or more of the following zones do not include delegation to its child zone:
  magic.com
  com
  . (the root zone)
  For information about correcting this problem, click Help.
  Looks like some problem with my DNS.
  Also i tried to uninstall/ re-install the DNS role.
  What should be the TCP/IP network configuration???
  System Security analyst at CapG

  I get the below error while joining a new Win7 machine to the domain.
  I can ping and successfully resolve nslookup on both server and client machine.
  Both client and server (2008r2) are virtual machines, with private ip's on LAN...
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain
  magic.com:
  The error was: "DNS name does not exist."
  (error code 0x0000232B RCODE_NAME_ERROR)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.magic.com
  Common causes of this error include the following:
  - The DNS SRV record is not registered in DNS.
  - One or more of the following zones do not include delegation to its child zone:
  magic.com
  com
  . (the root zone)
  For information about correcting this problem, click Help.
  Looks like some problem with my DNS.
  Also i tried to uninstall/ re-install the DNS role.
  What should be the TCP/IP network configuration???
  System Security analyst at CapG
  Also something to look in, i do not have the usual folders below 'Forward lookup zone', i.e, Sites, Home, tcp etc..
  I beleive these are required. I am not sure.!!. I did re-install the role, no change :-(
  System Security analyst at CapG

• Problematic issues in installing backup domain controller on Virtual Machine

  Hello,<o:p></o:p>
  I have a physical domain controller - windows Server 2012 R2 Standard installed
  in my domain environment and this is a first root domain controller.
  I have also Hyper-V Server 2012 R2 installed and joined in that domain. 
  Now I want to install an additional (Backup) domain controller as a virtual
  machine hosted on Hyper-V Server. So while promoting VM as a DC all actions and
  steps go well but the problem arise when I press the install button at the end
  of the promotion - installation gets stuck in the process of writing some
  configuration files on first DC and also in the process of replication. Unfortunately
  VM does not promote as a DC and it goes to restart.
  The error event log with - NETLOGON source is logged on the virtual machine as
  well.
  Do you have some suggestions with this issue, or experience how to resolve this..
  Thanks a lot in advance,
  GMG
  <o:p></o:p>

  Now I want to install an additional (Backup) domain controller
  There is no backup DC. All DCs are RW except RODCs.
  I would recommend first checking the health status of the existing DC using
  dcdiag command. Also, please check the IP settings in use: Please make sure that the existing DC has its primary IP address in use and that public DNS servers are set as forwarders and not in IP settings of the DC. For the new DC, please make sure
  that it points to the existing DC as primary DNS server and once promoted you can see the recommendations here to update the configuration: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Please also disable temporary all security software in use on the DCs and make sure that needed ports for AD replication and authentication are not blocked or filtered between the DCs.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Windows domain controller in a virtual machine: how dangerous is saving its state for a short period of time?

  I have a Windows Server 2012 R2 virtualization cluster. All the hosts are connected to an external storage system, and virtual machines' files are stored on external volumes (CSVs). All the hosts and virtual machines are a part of the same AD domain
  (mixed Windows Server 2012 RTM / 2008 R2 domain controllers). All the domain controllers are running in the virtual machines on the hosts of this cluster.
  To prevent problems when all the hosts are turned off and then on simultaneously (for example, because of a power failure) all the domain controller VM files has been placed on local disks of the virtualization hosts (not on the Cluster Shared
  Volumes). As Hyper-V services don't depend on other Windows Server services (except its networking components), it means that my domain controllers can always start, providing the virtualization host can start at all. However, it also means
  that those DCs cannot be (quickly) migrated to other hosts while their current hosts are being rebooted. So if I need to reboot a virtualization host to install new updates, for example, I have to shut down the corresponding DC, reboot the host
  and wait for the DC to finish cold boot and come back online. It means some interruption of service for our users, which, in turn, requires me to perform the reboots late in night.
  The downtime can be significantly decreased by saving the state of the VM in which the DC is running. However, all the articles I've found on the Internet strongly recommend against it. I'm trying to understand why this recommendation was issued in the first
  place. However, I'm unable to find a clear explanation. I've found some statements that saving state of a DC can cause serious AD replication problems because of tombstoning, and that the password of a DC computer account may be changed
  while the DC itself stays in the saved state, which could prevent the DC from connecting to the domain after its state has been restored. However, those considerations are non-significant when we discuss a short-time
  (5 to 10 minutes) saved state.
  I work with AD and virtualization long time, and I fail to see any danger in saving state of a DC for several minutes. In my opinion, after its state has been restored it would simply replicate all the AD changes from other DCs, and that's all.
  What's your opinion?
  Evgeniy Lotosh
  MSCE: Server infractructire, MCSE: Messaging

  Hello,
  as stated in "http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(v=ws.10).aspx"
  Operational Considerations for Virtualized Domain Controllers
  Domain controllers that are running on virtual machines have operational restrictions that do not apply to domain controllers that are running on physical machines. When you use a virtualized domain controller, there are some virtualization software features
  and practices that you should not use:
  Do not pause, stop, or store the
  saved state of a domain controller
  in a virtual machine for time periods longer than the tombstone lifetime of the forest and then resume from the paused or saved state.
  This may sound as it is supported to store it for shorter times and use it.
  BUT recommendation also from the Hyper-V Program manager in
  http://blogs.msdn.com/b/virtual_pc_guy/archive/2008/11/24/the-domain-controller-dilemma.aspx recommends against using them.
  Also best practices
  http://blogs.technet.com/b/vikasma/archive/2008/07/24/hyper-v-best-practices-quick-tips-2.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• 2012 Virtual Machine Black Screens Whenever Promoting to Domain Controller

  I have a brand new 2012 cluster with 2 hyper-v host nodes running Server 2012 (not R2). I have successfully spun up several virtual machines from templates via VMM 2012R2. 
  I added the AD DS role today to my DC01 server running server 2012 (not R2). Then I promoted it to a domain controller. When it came back up I got the login screen as normal and logged in. Upon login I only see a black screen. I can click ctr-alt-del and
  get the typical menu, but only logout responds. Everything else such as Task Manager just goes back to the black screen. Connecting via remote eventvwr and checking logs and events shows the DC Promo was successful; I can verify replication to other DC's etc.
  I don't see any problems with this server other than I can't see it after login. RDPing in provides the black screen as well. I am able to log in via safe mode and can see the desktop, but am not sure how to troubleshoot from there. I verified that integration
  services were latest and greatest before I promo'd.
  I de-promo'd it via server manager on another server 2012 server, then removed the roles and deleted it. I just created a new server and did the same process, only used a remote server manager for DCpromo this time. After reboot I have the identical issue
  with a black screen.
  Can anyone help?
  Peter

  Hi Peter,
  Based on your description, the following thread also focused on this kind of issue and can be referred to for troubleshooting.
  Server 2012 Black Screen on Login
  http://community.spiceworks.com/topic/406717-server-2012-black-screen-on-login
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Hope it helps.
  Best regards,
  Frank Shen

• Setting up Time Sync when all domain controllers are virtual machines?

  We have 2 existing server 2008 domain controllers on 2008 Hyper-V.  We plan to set up a third domain controller in a new AD site at a remote site that will be Server 2012 R2 on 2012R2 Hyper-V.
  PDC role DC is on one of the DCs in the original site.
  How should time syncing be set?
  From what I've read, all Hyper-V time synchronization between the virtual domain controllers and their Hyper-V host should be disabled.
  So, do we set up the PDC virtual machine to sync to an external site source and then expect the other 3 domain controllers to automatically sync with the time of the PDC?
  What happens with this process during a PDC reboot or if that PDC role domain controller becomes unavailable for any other reason? Does one of the other DCs then take over the role of domain time source even through they don't have access to the external
  time source?
  Should we also turn off Hyper-V time syncing for every Hyper-V guest that is a member of our domain (since they should also be getting their time from a domain controller) or only turn off the Hyper-V time sync for the domain controllers alone?

  We have 2 existing server 2008 domain controllers on 2008 Hyper-V.  We plan to set up a third domain controller in a new AD site at a remote site that will be Server 2012 R2 on 2012R2 Hyper-V.
  PDC role DC is on one of the DCs in the original site.
  How should time syncing be set?
  Simply make sure that time sync is disabled on your Hyper-V VM. For time configuration in AD domain, I have documented that here: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx
  From what I've read, all Hyper-V time synchronization between the virtual domain controllers and their Hyper-V host should be disabled.
  So, do we set up the PDC virtual machine to sync to an external site source and then expect the other 3 domain controllers to automatically sync with the time of the PDC?
  They don't take over the role of PDC. The downtime of your PDC should not take a long time. That is why it is important to regularly monitor the health status of your DCs using SCOM or third party tools. The one I usually recommend is
  Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html. The solution allows you also to trackchanges
  in your AD domain.
  Should we also turn off Hyper-V time syncing for every Hyper-V guest that is a member of our domain
  (since they should also be getting their time from a domain controller) or only turn off the Hyper-V time sync for the domain controllers alone?
  I would recommend turning off the Hyper-V time sync on all your Hyper-V VMs that are domain-joined.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile