This week I’ve made a template for Windows 2008 Standard x86 for deployment of new VM’s to our ESX Servers. Sysprep is now done through an XML-file instead of the usual INF file.
To use it, you first have to install the Windows Automated Installation Kit and use the Windows System Image Manager. It’s more advanced than the good old sysprep.
What I wanted was a base install which could be created from the VMWare template, given a name an joined to a domain. Then you can change the IP-adress afterwards.
After creating a new VM, installed VMWare Tools and ran sysprep, I tested the startup. The VM booted, asked for language and computer name. Punched in a new computer name and got the logon prompt.
When I tried logging in as the domain administrator I got an error “the security database on the server does not have a computer account for this workstation trust relationship”
After looking through the event log (security) I saw that there was a failure audit for Winlogon, and when I looked at the name logged it was different than the one I gave the machine during the mini-setup.
I found that the name I gave the machine was applied after the computer actually was joined to the domain, so it got an auto-generated name in Active Directory
Since I then tried to log on from a computer with a name changed only locally through OOBE there was a security mismatch.
I ran sysprep again and this time I checked what the machine name was in AD (you can find it in the Computers special container) and gave the same in the Welcome Wizard and voila! Success!
I’ve tried to find out why this happens, but it seems it’s meant to be this way. No way in the current version of WAIK to give the computer a name before it’s added to the domain, so I’m stuck with adding it to a workgroup and change the name/ join domain afterwards. Sorry Microsoft, but this is a step back…
According to some posts on the web, this is by design and you should use something like netdom or a script to change the computername and join the domain, but why the f… did they add the option to the Answer file?!?!?