SID and linked clones

Bernd_Nowak · ‎03-09-2010

Hi all,

we have vmware view 4.0 and are more or less satisfied with the linked clone feature and use it. Recently we have discovered that we can't access the admin shares on the linked clones (C$ for example). I checked the firewall status as well as the original master and according to this it should work. I searched here and in the knowledge base but could not find any hint what it could be.

Then I recalled that having a clone of XP without NewSID or sysprep there's a problem with accessing the shares on the clones. So I downloaded PSTools and run psgetsid on a clone and on the original master and not to my suprise the tool revealed the same SID for both. Have I done something wrong (Start Master, apply changes, release ip, shutdown master and make linked clones from the choosen snapshot) ?

It's no show stopping error but something which is a bit annoying. Computer accounts are created in AD and if I wish destroyed. Strange

Oh, and master OS is Windows XP Pro SP3.

casperinmd · ‎03-09-2010

Food for thought, SID duplication is fine, no need to ever change a SID when cloning. Here is a blog from Mark that wrote the sid changer back in teh day for systernals.

http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx

I know this doesn't help your scenario, but keep this in mind when troubleshooting. Also, I can browse my c$ share on a persistent linked clone. Can you access it on your master image?

Bernd_Nowak · ‎03-10-2010

Thanks for the link. For sure interesting stuff but the real interesting stuff can be read in the comments which somehow seems to indicate that when using same SIDs strange things can happen.

As to your question. I started the master yesterday and checked access to the admin shares. All well. While the master was running I checked the SID with psgetsid on the master as well as on one of the linked clones. So this was how I discovered that this might be the main problem.

Have you checked the SIDs from master and linked clones? Can you verify if it's normal to have the same SID on the master as well as on the clones?

I have checked and seen that there's an update for vmware view 4.0.0 to vmware view 4.0.1 but I have to change vsphere (ESX), vcenter as well and fromsome of the KB articles posted on the vmware site I don't feel that I should apply this updates. However I read the change logs and in the resolved section no word about SID problems.

Regardless of the admin shares problem we have seen some problems with AD domain groups nested into local groups on those clones which according to all of the comments to your link might happen when having duplicate SIDs.

Just to clarify. I have a windows XP pro SP3 host with VMware View Agent installed. I use ipconfig /release and shut down this master. Then I create a snapshot of it. We have reduced number of snapshots to only 2 after we had some trouble. Then I use VMware View Admin to create a new desktop pool with llinked clones and a 😧 partition for user data. No problems with refresh or recompose. Is something in the way I do this wrong?

casperinmd · ‎03-10-2010

I verified the same SID on my master image and my persistent linked clones.

I to use persistent linked clones with user data disks, and I shut down my master by doing ipconfig /release then shutting down. I am using 4.0.1 though, not sure if that matters. Also we are using Windows 7 VM's.

We do embed an AD group into the local Administrators group via group policy, and that seems to work fine for us. Is the access to your VM shares broken on all VM's or a couple only?

Bernd_Nowak · ‎03-10-2010

Not sure if it's because Windows 7 or Windows XP

We only have a small amount of licenses (20) at the moment for VMware View to iron out all the small, nasty bugs and failures. With those little licenses we use 15 for the small linked clone pool. Unfortunately we can't recompose because it would be needed that the users have to logout.