cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Test Restore - Group Policy Aborted

RHollawayPGH
Level 3

‎02-17-2009 10:13 AM

N00b here.....

 

Just did a test recovery to very similar hardware, once the server was online, I could only log in locally and not to the domain. The event log recorded group policy aborted and my domain controller recorded this event:

 

Message: ID=5722 Source=NETLOGON Type=1 Message=The session setup from the computer "COMPUTERNAME" failed to authenticate. The name(s) of the account(s) referenced in the security database is "COMPUTERNAME$." The following error occurred: Access is denied.

 

Any help is mucho appreciated!

tia,

RandyH

0 Kudos
3 REPLIES 3

marcogsp
Level 6

‎02-19-2009 07:11 PM

Sounds like a conflicting SID issue, but the fact that you can logon as the local administrator is a good sign.  After doing so, join the system to a workgroup temporarily, and reboot.  Then logon again as the local administrator, and rejoin your domain.  That will reset the SID and you should be able to logon to the domain, after rebooting again.

 

If you are testing in a lab environment, this will not be such a big deal.  If the original system was taken offline temporarily and the test restore was done in a production environment, then this is a problem.  If the restored system has grabbed a new SID, then the original system will have SID issues too when brought online.

0 Kudos

RHollawayPGH
Level 3

‎02-20-2009 04:41 AM

This was done in production.  The original system was taking offine, while the test system was brought online. Because group policy was aborting, I quickly shut down the test system and brought the original system online.  I didn't experience any issues with the original system once back online.

 

How then should I test a system recovery with a production server?

 

Thank you!!

0 Kudos

marcogsp
Level 6

‎02-20-2009 05:55 AM

With the recovered system disconnected from the network, install and run sysprep for the service pack level of your OS. This should be done with the local administrator account.   If this system has a static IP address, changing it would be best to avoid conflicts with the production server.  Sysprep will strip out the SID and prepare the system for deployment.  Then you can attach the system to the network and go through the mini set up.  Rename the system during the mini set up to avoid conflicts with the production server.  If successful, you should be able to run both systems simultaneously to compare how well the restoration went.

 

It is possible to have the sysprep.ini file take care of the renaming and IP info.  You can also set it up to have the system join the domain.  I usually elect not to automatically join domain, prefering to do it  manually.  I'd rather not have an administrator account and password existing in plain text format on the system, despite the fact that the sysprep.ini file disappears after deployment.

0 Kudos