My previous network was an RM network.... I've never had to use sysprep before! If anyone has a guide for Sysprep beyond the microsoft KB article which is conjested, and not overly explanatory I'd appreciate it. I have 3 new laptops that arrived last week I can do a FULL new setup on the way I like it
Just for info, NewSid was retired when Mark Russinovich (creator) decided that duplicate SIDs do not cause any issues on a network and the software was in effect pointless.Originally Posted by ahuxham
Read his blog post regarding this here
Try here:-
Deploying Windows XP
Assumes XP OS
Not sure I agree on the duplicate SID's not affecting PC's in 20 years consulting I've had a few "odd" issues resolved by sysprepping workstations.....
The time isnt different on the DC's is it? i know this can cause problems with replications, just an idea before digging into things to deep.
Nope, but nice try! I've had that once before...
yeah i used to have it at my old place, on a really old viglen dc that was running at 100% 24/7 and didn't have enough time to update the time!!
This page links to Microsoft pages that no longer exist...
It won't do any harm trying the newsid - it's on the Admin Bar below btw if you can't find a link. I still use it when Ghosting and using forget to sysprep - old habits die hard as they say....
Perhaps, than why all the fuss coming from Microsoft regarding the practice? Why does Sysprep ensure this is done?
I find it hard to believe that software was just created to resolve an issue that doesn't exist, wouldn't you research the issue before writing the software? I can only assume this was done, and they wrote the software to combat this.
Alot of sysinternals stuff has been "cleared up" by Microsoft. I remember watching a speech from the last DEF CON Conference how and why these tools were bought up
I still Sysprep machines, plus it's great when deploying an image. I always specify the computer name manually, but then it joins the domain automatically, then restarts ready to use. It saves a lot of time!
Oh you positively *have* to use sysprep when imaging as it does a hell of a lot more than just change SIDs. Don't sysprep and you will feel the pain.
The retirement of NewSid is down to the fact that after investigation, Mark Russinovich found that there was no case where two machine machines having the same SID caused any issues.
Read the blog, NewSid was written purely on the faith that it was neccessary for two machines on a network to have different SIDs. After investigation it was found not to be the case.Perhaps, than why all the fuss coming from Microsoft regarding the practice? Why does Sysprep ensure this is done?
I find it hard to believe that software was just created to resolve an issue that doesn't exist, wouldn't you research the issue before writing the software? I can only assume this was done, and they wrote the software to combat this.
Alot of sysinternals stuff has been "cleared up" by Microsoft. I remember watching a speech from the last DEF CON Conference how and why these tools were bought up
If you read all the comments under the blog you will see one by one peoples concerns about different scenarios are addressed .
Just wondering what the outcome was of the server re-boots......!!
I'd be very surprised if it's anything at all to do with the SID.It's your post, no such thing as off topic
Anywho, Duplicate SID's will do this. I do believe sysinternals made a program called "NewSID" which is discontinued (as Microsoft now own the company), however I'm sure someone somewhere has the software.
Just run it on your machines and see if this alleviates the problems you are experiencing, saves you having to sysprep the machines, less work = better in my opinion.
The reason that NewSID is being (has been?) discontinued is because it's not necessary - Mark Russinovich (who write NewSID) has a blog post about this - Mark's Blog : The Machine SID Duplication Myth
Given that replication isn't working properly between the 2 DCs I think you need to establish which of the DCs are holding which FSMO roles. Move them all to the machine you want to be "correct" and once that's done wait an hour or so for things to settle down (not needed if the FSMO roles are all on your main DC)
Once you've got that sorted, run dcpromo on the other server; this will stop it being a DC and leave the first server as the only DC. That may fix all the problems - if machines are trying to authenticate against DC2 but for some reason it's not being found or its database is not in sync then moving to a single DC will fix the problems.
Check that your one DC points to itself for DNS - the network card properties MUST NOT refer to any DNS other than itself (you resolve external names by setting the DNS service itself to either use root hints or to forward to your ISP DNS). Do another dcdiag - you may well still see frs errors but check the times - they should be before you wiped the other DC settings (nothing to replicate in a single DC setup!)
Once you're confident that your one DC is running OK you can promote the other one. First of all, make sure that it is pointing to your other DC for DNS; again, there must be no reference to external DNS Run dcpromo and follow the prompts to make it a DC in an existing domain.
Finally, check the DHCP settings - again, they must not give out any DNS other than that of your main DC. (It's a really common mistake to have clients getting 2 DNS addresses, one is the internal DNS, the second is external. It looks like a good idea but IT'S WRONG!!) (apologies for shouting; it's just such a common mistake!!)
BJG (26th January 2010)
Just double checking, have you checked your switches (assuming that they are managed ones) to see if there are any excessive broadcasts or loops in your network. Also have you made sure that there aren't any rouge DHCP/DNS servers on your network? Eg external print servers, something along the lines of these that are mis-configured.
-Ken
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
