UCSD - Trouble Shooting Tips for Windows VM joining the Domain

Version 4

    Here are a few steps to investigate on why a Windows VM possible does not join a domain:

     

    (Thank you Phani, Michael D. and Rob G. for the contributions)

     

     

    1) Check the VMware tools or customization log within the guest OS ? It should tell you what was happening…


     

    2) For domain membership, domain name and DNS server (name resolution) is the key apart from license key and admin credentials...

     


    3) Other way to check for the sake of troubleshooting is, do manual customization through vCenter and check if it works.

        Sometimes if vCenter has a bug, we (UCSD) inherit that too..

     

    4) When cloning from an existing VM or if Template was created from existing VM (where a license was already present).

    Every time you put in a new key this increments Windows ‘rearm counter’ ->  https://www.vcloudnine.de/windows-guest-customization-fails-after-cloning-a-vm/

    To get around this, converted the template back to a VM, run slmgr.vbs to wipe out any stale licenses and converted it back to template. Guest customizations then started to work completely.

     

    5) Does the Time Zone on the template conflict with the domain controller?


    6) Did you try deploying other 2012 templates and get same results?


    7) What happened when manually deploying VM and inputting same credentials and default KMS Key?


    8) Did you double check that you are using the DOMAIN\administrator w/ correct password (vs. local administrator account and/or password) to join the domain?

    **Changing a hostname and IP address only requires local credentials, whereas joining the DOMAIN requires the AD account)

     

    9) After machine boots up – Did you check if the KMS key that you put into the UCSD System policy is even being applied correctly to the Machine? (Or does it show an existing one)


    10) What do the Windows Event logs on this Windows machine say?

     

    11) Check the logs on the machine and the domain controller to find and understand the error.  Possible problems.

     

    12) Not a “Domain admin”, a regular user can add up to 10 machines to a domain, on the 11th it will fail.  This could be why it used to work (guessing here) and no longer works.

     

    13) DNS not setup properly, if the machine can’t resolve the domain name then it can’t join the domain (obvious I know)

     

         Network issue, if the machine can’t reach the domain controller then it can’t join the domain (another obvious one but you never know)


    14) The Service Deliver Policy contains the default KMS key for the windows instance (2008 is different from 2012 and datacenter is different from enterprise)


         Screen Shot 2016-10-27 at 11.20.36 AM.png


    Keys can be found here:


         Screen Shot 2016-10-27 at 11.23.32 AM.png