I have 6 laptops that I have ghost images of. Occasionally, every 4-6 weeks, I restore each image to each respective laptop, add any new software/patches/updates, and re-image the laptops and a now newer image. This keeps my laptops in top running condition since they are regularly checked out and people install software, make changes, etc. I call this my 'refresh' process.

Here is my problem. Occasionally when I restore an image and then reboot and try to login to our network, I get a domain trust error. Easy enough to fix because all I have to do is login locally, unjoin the domain, rejoin the domain (and authenticate) and then I'm good to go.
Is this preventable or is this happening because when I restore an image to my laptop that 'image' is several weeks old and somehow the domain sees it as a trust issue? Is there a way to fix this?
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


I don't believe there is a way around your issue. We use VMWare at our site as part of our test lab. VMWare has the capability of taking a snapshot of a machine and then allowing you to jump to that exact snapshot in a matter of seconds. When we snapshot a machine, if sufficient time goes by without turning on the vm, the domain will not allow it to connect. This seems to be the exact issue you are faced with.

Our workaround is very similar to yours.
Answered 04/10/2007 by: dlernstrom
Senior Yellow Belt

Please log in to comment
I think that as part of your "refresh" process, since you're not sysprepping, and you're using a computer joined to your domain to make your image that you should get the MS utility NETDOM (can't remember where this is - some Windows Server resource kit) and use it when upgrading the laptop image. Use NETDOM like so:
NETDOM RESET <computer_name> /domain:<your_domain>
This is a way of manually triggering a refresh of the (domain trust token?).

I believe this should work. Every (21?) days PCs quietly negotiate a new security token from the DC, you're capturing this in your image and by the time you use your image the security token (in the image) has become staledated (because the live PC has negotiated a new one).

Hope that helps.

-Actually, it won't help unless you refresh your laptop fleet every 20 days or less. Nevermind. Might help dlernstrom though (refresh your VPCs every 20 days or less - start them, NETDOM them, resnapshot)
Answered 04/11/2007 by: fosteky
Purple Belt

Please log in to comment
There are a couple of ways to prevent the secure channel password resets.
I had a problem with my packaging PC when I revert to by base snapshot with VMWare Workstation.
I forget which method I used, but see:

Now I remember. In group policy on my VMWare instances, I set Domain member:Disable machine account password changes to enabled.

Answered 04/24/2007 by: smason
Orange Belt

Please log in to comment