Duplicate/Identical SID - SnapDeploy Image of Domain Controller
Good day All:
I've been using SnapDeploy for several years (without any duplicate SID errors/alarms), but I've recently started doing something new: I'm snap-deploying Server20xx images that will become MS AD DS domain controllers.
In addition to the usual customizations, the images are prepped with the Windows Optional feature of MS AD DS Services installed, BUT NOT YET CONFIGURED.
PS C:\> Install-WindowsOptionalFeature -FeatureName AD-Domain-Services -IncludeManagementTools
Then after deploying two images, I complete the domain creation on one, and go to join the other to the new domain and receive the error below.
Is it possible that some sort of Domain Controller services-specific SID is being assigned to these hosts, that SYSPREP (executed by SnapDeploy agent) is not able to detect/remove/alter?
~Brian
FYI on the same "build environment" where I use online image capture for SnapDeploy, I also build OVA/OVF Appliance images for use as VM Templates
(but I sysprep manually the image to shut down the VM before export'ing with ovftool.exe)
In testing a pair of those OVAs deployed, this problem doesn't exist.
So this is definitely something about the SnapDeploy is using SYSPREP.
Results of GIDs when using a OVA that has been manually sysprepp'd:
I will compare to the SnapDeploy results later today.
I confirm two systems deployed from the same SnapDeploy image (.tib/.tibx) are confirmed to have duplicate USER and SYSTEM SIDs:
~BAS
Hello Brian.
I suggest you raising a ticket with our support at https://kb.acronis.com/content/8153
This specific scenario requires more details and maybe a session with you to check everything in details.
Best regards.
While I'm waiting on that support contract renewal process, results of another test:
I tried creating user "Administrator" during the manual deployment (from WinPE/USB Media) of .TIBX file; same result, Machine and Administrator user SID are unchanged, even if I tell SnapDeploy to re-create that user.
Brian A. Seklecki wrote:While I'm waiting on that support contract renewal process, results of another test:
I tried creating user "Administrator" during the manual deployment (from WinPE/USB Media) of .TIBX file; same result, Machine and Administrator user SID are unchanged, even if I tell SnapDeploy to re-create that user.
Hello! Could you please tell me the reference number of the ticket so I can update it?
Best regards.
> can yo
We're still working on it.
Can an Acronis authorized reseller sell us an Support Contract extension for a perpetual license that has expired?
Or do we have to purchase that directly from Acronis?
Update:
I just noticed, while making documentation, and lookimng at the text closely on a screenshot, that during a manual deployment (how I'm testing; from standalone bootable media), that it explicitly says:
"Security Identifier: Left security identifier as in Master Image"
(This is after the SID Checkbox is grey'ed out/uncheckable)
PS it is the same for Win10 and WinSvr2016 (OS Kernel image v1607 and beyond up to 21H2)
Brian A. Seklecki wrote:> can yoWe're still working on it.
Can an Acronis authorized reseller sell us an Support Contract extension for a perpetual license that has expired?
Or do we have to purchase that directly from Acronis?
Hello!
Please refer to this KB with more details about the maintenance: https://kb.acronis.com/content/20218
Best regards.
Update -- I now have a valid support contract restored on some Server and Workstation licenses. I will open a formal ticket attached to those.
| Case ID: | 06245214 |
|---|
Brian A. Seklecki wrote:Update -- I now have a valid support contract restored on some Server and Workstation licenses. I will open a formal ticket attached to those.
Case ID: 06245214
Hello!
You can expect a reply from our support as soon as possible.
Best regards.
For the purposes of the archives: Customer Service and I determined that I was mistaken in my assumption that ONLINE CAPTURE would result (somehow, silently, magically) in a SYSPREP process.
That is not the case.
To avoid duplicate SID, do not use online capture, but instead use offline capture once the golden image (VM. PM etc.) has been SYSPREPPED manually.
Brian A. Seklecki wrote:For the purposes of the archives: Customer Service and I determined that I was mistaken in my assumption that ONLINE CAPTURE would result (somehow, silently, magically) in a SYSPREP process.
That is not the case.
To avoid duplicate SID, do not use online capture, but instead use offline capture once the golden image (VM. PM etc.) has been SYSPREPPED manually.
Thanks for updating the thread and sharing the feedback of the troubleshooting steps.
Best regards.