I was working on a two node w2k8 R2 cluster running in VMware ESX 5.1, running SQL 2008 and a bunch of other services, the disks were local and also RDMs out to iSCSI NetApp disks. The system had been running for about three months, but started acting weird… yep just weird.
You could logon with a domain cache credential, but there was no ‘LogonServer’ but when you did you get a temporary profile.
Services that had a domain service account that needed a profile would fail.
A local logon with Administrator would fail with a ‘the Group Policy service failed the logon. Access is denied’.
The issue turned out to be the first server was cloned to the second server and both had the same SID. This caused account and domain connection issues and looked like file corruption, virus issues, and got progressively worse, to the point you could not add/remove programs due to ‘appdata’ issues and finally the two servers we cut loose and rebuilt.
I have also been told of SQL server and FIM Portal 2010 that all have problem with this, so maybe a worthwhile check from time to time access environments… A quick powershell would be handy
Article on fixing Windows profiles.
http://www.sysprobs.com/fix-temporary-profile-windows-7
Why SIDs should matter. http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx
No comments:
Post a Comment