creating a virtual server from my production DC

[4johnny]

So I made a system state backup and complete C: drive backup of my win2003 DC. I then created a virtual machine of win2003, named it the same as my DC, ran all updates, and preceded to restore C: and system state in directory service restore mode. I then booted normally and had an issue with dhcp DB which I ran this command (jetpack dhcp.mdb tmp.mdb) which fixed that issue. Now the event logs look relatively clear, DNS and DHCP open fine and look good. I then brought an xp client virtual PC online and it got a dhcp address from the virtual DC and is able to ping it. However, when I try to make this client join the domain, it cannot find the domain (cannot find resource record ldap._tcp.dc._msdcs.my company). When I look in DNS I can see the record (at least i think i can because i can drill down through that path backwards) but the client cannot find it.

Not sure what is missing from this virtual DC that I created but i was hoping to make an exact replica in the virtual world.

 

[ITPangaeaArchitect]

ok so 1. restoration of a hardware based DC to a VM is not supportable 2. DHCP should never be run on a DC 3. If you are running on VMWare, you are unsupportable..DCs are only supported running on MS virtual server, and even then, only if the OS is win2003 SP1 and above...

so on to your problem...what happens if you do a port query against tcp and udp 53 against the DC IP address? What about a telnet <DC IP> 53?

oh the most important question...why is this being done? Test lab?

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 

[4johnny]

Yes, I heard that running DHCP server on a DC is not recommended for security reasons. I am running MS virtual server2005r2 in a lab environment and my server is win2003sp2. I am doing this for testing and learning.
I ran the following commands from my XP client virtual machine on same network as server:

c:\>portqry -n dc01 -p udp -e 53
c:\>portqry -n dc01 -p -e 53

and both commands returned:

UDP port 53 (domain service): LISTENING
TCP port 53 (domain service): LISTENING

also tried the command:

microsoft telnet> open dc01 53 and it just hangs with the message
connecting to dc01...

Hopefully I did these commands correctly.

thanks

 

[ITPangaeaArchitect]

ok so the telnet service is disabled (this is by default, no problem there)
portqry was done correctly too

i would walk through

http://support.microsoft.com/kb/263532

and

http://support.microsoft.com/kb/249694

to be sure no steps were missed...just replace the words "different hardware" in these articles with "a VM instance" in your brain and you should be good to go through the articles

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 

[markdmac]

Get yourself a copy of ShadowProtect from StorageCraft and you can do a hardware independent restore without problem and into a VM with ease.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.