How do I troubleshoot an Active Directory virtualized machine?
- Datto SIRIS
- Datto ALTO
The following procedure reconfigures the IP address of a virtualized Windows server. It applies to environments with a single domain controller (such as a Small Business Server) where the virtual machine is the domain controller responsible for Active Directory.
As a result of migrating into a virtual environment, the virtualization might encounter IP conflict errors. These result from a duplicate network adapter hidden in the Windows Device Manager.
The following Microsoft TechNet article explains this issue in detail:
Connecting via VNC
To perform the troubleshooting steps in this article, you must allow the VNC window popup in the browser you are using to connect to the Datto device. Once you bring up the VM with the steps below, it will be necessary to connect to it with VNC.
This procedure also uses safe mode and Directory Services Restore Mode (DSRM).
1. Verify that the Datto appliance is backing up all volumes holding Active Directory data. Missing database files can cause a STOP: c00002e2 error. The database file ntds.dit commonly causes this. If you discover that a volume holding Active Directory data was excluded from the backup, include the volume, and then start a backup from the Protect tab of the appliance GUI.
2. Try to virtualize with each storage controller. In some instances, if the VM is using an incorrect storage controller, the restore will boot to a 2e2 error.
Figure 2: Try the virtualization with each storage controller
3. If you are experiencing a 2e2 error message on the offsite server, boot into DSRM mode (on the domain controller) and change the date to the date of the restored point. For example, if it is July 10th 2:00pm EST, and you are booting on July 22nd, boot into DSRM and change the date back to July 10th at any point before 2:00pm EST.
Booting up the Virtual Machine on the Datto in Directory Services Restore Mode
1. Start a local virtualization with networking enabled. If the production machine is still live on the network, use the Firewalled on a private subnet or the Firewalled on a private subnet, with no Internet access option.
2. While the VM is booting, use the connect to VNC option by clicking on the preview window.
3. When the VNC connection is up, click restart to restart the virtualization.
4. The virtual machine will start to boot on the screen. Immediately press F8 to get to the Advanced Boot Options screen. If access fails, power down the VM and repeat the previous step.
Figure 3: The Advanced Boot Options screen in safe mode on a Windows 7 VM
6. From this screen, select Directory Services Restore Mode.
Once you are booted into the server:
1. Select Start, then select Programs.
2. Navigate to Accessories and select Command Prompt.
3. At the command prompt, enter the following commands, pressing enter after each one:
4. In Device Manager, click View, then select Show Hidden Devices.
5. Navigate to Network Adapters.
6. Any grayed-out or faintly outlined devices can be safely removed. Right click on them and select Uninstall.
When using Active Directory domain controllers (DCs):
1. When the restored domain controller boots for the first time, immediately press F8 on the keyboard.
2. Select AD Restore Mode. This ensures the Active Directory will not run.
3. Once complete, perform all the steps above and ensure that the correct IP address is configured to the LAN interface. This can take up to two reboots. If this is not done properly, and the server boots normally, it will sit at the Preparing Network Connections stage for a long time, and then still possibly fail. This solution can also be used to remove all other devices not present on the new server.
Verify Drive Letter Assignments
1. After booting into the server, verify that all required drive letters for the VM are assigned properly in Disk Management.
2. You can change the assigned drive letter of any disk shown by right-clicking the drive's entry and selecting Change Drive Letter and Paths.
If the VM is unable to boot after performing the above steps, try the following:
Attempt differential merge:
- Force a differential merge for the protected system.
- When completed, force a screenshot for the resulting backup.
- If the issue persists, check the production system's filesystems from an administrator-level command prompt with chkdsk /r.
- Repeat Step 1 and Step 2 of this section.
- If the issue persists, proceed to the next section of this article.