If you have in your infrastructure the following situations:
  • A converted domain controller does not synchronize.
  • The DNS services on a converter domain controller does not bind to the network interface.
  • The local domain database file (NTDS.DIT ) is corrupted in the new virtual machine.
  • The domain controller becomes tombstoned in Active Directory and will not synchronize.
  • Synchronization is unreliable with other domain controllers.
  • Newly created or removed objects changed on the virtual machine or source reappear in Active Directory.
  • The update or serial number changes unexpectedly on the domain controller.
  • Kerberos authentication or trust failures.
  • DNS lookup failures.
  • You see these errors:

    • LSASS.EXE – System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1.
    • Event ID: 1103
      Description: “The windows directory services database could not be initialized and returned error 1032. Unrecoverable error, the directory can’t continue.”
    • Event ID 2042: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
It is not a recommended practice to snapshot a virtual machine running as a Domain Controller. If the VM is running a Windows Domain Controller, then snapshots are not supported by Microsoft.
But, if you still want to do it, here is the best practices recommend by VMware:
A virtual machine created from an active domain controller may exhibit unexpected behavior. Domain controllers are very sensitive to hardware changes. When a physical server is virtualized, the hardware presented to the operating system may be very different. Also, it is possible that a virtualized domain controller and an identical physical domain controller may be running simultaneously, which may result in unpredictable replication issues across Active Directory or even a tombstone condition. If you are using Windows NT, these changes may prevent the directory or DNS servers from binding to the network connection.
Follow one of these solutions depending on your environment:

Windows 2000, 2003, and 2008 Servers

  • Ensure another domain controller is online on the network and properly synchronized. If one is not available, provision a new domain controller as a virtual machine and promote it. Demote the domain controller usingdcpromo. Set any static IP addresses to DHCP prior to conversion. When converted, power off the source server, reassign any static IP addresses, and promote the virtualized server.
  • Install the Microsoft loopback adapter and assign it an unused static IP address. Set any static IP addresses of the physical network adapters to DHCP, prior to conversion. Power down the source server, then boot it using the Converter boot CD. Cold clone the server. If a cold clone is not possible, start the server in Directory Recovery mode and perform a hot conversion. Failure to use Directory Recovery mode may result in an incomplete and corrupted copy of NTDS.DIT . After the conversion completes, you can remove the Microsoft loopback adapter and restore the static IP addresses to the new virtual network cards.
  • Decommission the existing domain controller using dcpromo, and provision a new domain controller in a fresh installation of Windows Server in a new virtual machine. Do not perform the conversion at all, but use the source server’s host name and IP address. (recommended)

Notes:

  • Always start using the new virtual machine as soon as possible after decommissioning the physical or source server. Failure to do so leads to a tombstone condition.
  • Never use the customization option in the Conversion Wizard. Using this process destroys the server on the destination.
  • Ensure that the source server is powered off or decommissioned before starting the new virtual machine with the network cards connected.
  • If the server to be virtualized holds any FSMO roles, transfer the roles to an existing and running domain controller. If a problem happens during the conversion process, you can provision new domain controllers in Active Directory and perform other AD operations without having to seize roles from the unavailable domain controller.

Windows NT

Converting a Windows NT domain controller is a complex process that may be trouble prone. VMware does not recommend converting a Windows NT domain controller, whenever possible.
Warning: The following conversion process upgrades any NTFS file system on the destination to version 3.0 (NTFS5). Do not perform these steps if you require disk utilities that are not compatible with newer NTFS file systems. To avoid NTFS upgrade, perform a hot clone to convert a stand-alone server. Do not hot clone a domain controller as this may lead to an inconsistent copy of NTDS.DIT on the destination.
To convert a Windows NT domain controller:
Note: This process may take several hours to complete. You should plan a maintenance window accordingly to perform the conversion.
  1. Verify that you have the latest version of VMware Converter. Older versions do not support all Windows NT Fault Tolerant disk types. Use VMware Converter version 3.0.3 or later.
  2. Ensure that the server is running Windows NT Service Pack 4 or later (Service Pack 6a is recommended).

    To determine this, click Start > Run, type winver, and click OK.

    Do not proceed any further if the service pack requirement is not met.

  3. Create a Rescue Diskette.

    To create a Rescue Diskette, click Start > Run, type rdisk, and click OK.

    If there is a problem with the new virtual machine, you may be able to repair the problem using the Rescue Diskette.

  4. Ensure that you have a complete and working backup of the server, especially if the Windows NT server is a Primary Domain Controller (PDC).
  5. Ensure another domain controller is available to service user logins.

    Note: If you are taking a PDC server offline, you cannot join any other DCs to the domain until it is online again as a virtual machine.

  6. Install the Microsoft loopback adapter and assign it an unused static IP address.
  7. Set any static IP addresses of the physical network adapters to DHCP.
  8. Properly shut down the source server by navigating to Start > Shutdown > Shutdown the computer. Power off the server with its physical power switch.
  9. Boot the Converter cold clone CD.

    Warning
    : The Converter cold clone CD upgrades the NTFS version on the disk on the destination virtual machine to version 3.0 (NTFS5). This may prevent disk check (chkdsk ) and defrag utilities (Diskeeper) from working on the volume. For more information, see Windows NT 4.0 CHKDSK Refuses to Check NTFS 3.0/3.1 Volumes (http://support.microsoft.com/kb/196707).

    Warning: Performing a hot clone of a Windows NT server may result in a corrupted NTDS.DIT on the destination virtual machine. Do not hot clone a Windows NT domain controller.

  10. Perform the conversion to a new virtual machine and power off the source server.

    Warning
    : Do not power on the server again for any reason after the new virtual machine is powered on with a network connection. Doing so may break synchronization with other domain controllers.

  11. Review the virtual hardware settings on the new virtual machine:

    • Adjust the number of virtual NICs.
    • Remove any unnecessary devices such as USB controllers, COM ports, or floppy drives.

  12. Power on the new virtual machine with the network card disconnected.
  13. Click Start > Settings > Control Panel > Add / Remove Programs.
  14. Remove any unnecessary programs used to install or support device drivers, such a RAID management tools, network teaming or management software, wireless card management software, and video and sound drivers.

    Caution: Do not restart if prompted by an uninstall program.

  15. Restart the virtual machine properly.
  16. Remove any additional devices or device drivers that were used to support hardware on the physical server. Use the Control Panel to remove any necessary devices especially COM ports, SCSI controllers, video, and network cards.

    Do not remove the following devices:

    • Buslogic SCSI controller
    • IDE CD-ROM ATAPI controller
    • AMD PCNET network card

  17. Restart the virtual machine properly.
  18. Attempt to install the VMware Tools. If you are missing the CD-ROM drive in the virtual machine or if you are unable to get the network adapter installed or working, see After converting a physical server running Windows NT the CD-ROM or networking does not work on the VM (1002278).
  19. Restart the virtual machine properly.
  20. Assign the static IP addresses used on the source server to the new virtual network adapters, if applicable.
  21. Restart the virtual machine properly.
  22. Ensure that the DNS and directory services are started and bound to a valid adapter and start correctly.
  23. Remove the Microsoft loopback adapter.
  24. Restart the virtual machine properly.
  25. Review the server’s Event Logs and ensure that the necessary services are starting correctly without failures.

    To view the Event Log, click Start > Run, type eventvwr, and click OK.

    Note
    : Some failures may be due to device drivers or services still being installed. You may need to manually disable or remove these services in the Control Panel to prevent these errors.

  26. Shut down the virtual machine properly and then connect the network cards in the virtual device settings.
  27. Start the virtual machine normally.
  28. Ensure the DNS and directory services are started and bound to a valid adapter and start correctly.
  29. Check the Event Logs for any remaining errors and correct as needed.

Notes:

  • Avoid converting Windows NT domain controllers, if possible.
  • Before attempting conversion, always be sure another domain controller is online and properly synchronized.
  • Never use the customization option in the Conversion Wizard. Using this process destroys the server on the destination.
  • Always ensure that the source server is powered off or decommissioned before starting the new virtual machine with the network cards connected.
more information on VMware KB
Advertisements