Technology Toolbox

Your technology Sherpa for the Microsoft platform

Jeremy Jameson - Founder and Principal



Resolving Issues After Applying Hyper-V Snapshot

This post originally appeared on my MSDN blog:

Since I no longer work for Microsoft, I have copied it here in case that blog ever goes away.

This morning I rolled back one of my development VMs to a snapshot I created about a month ago. When I subsequently tried to login with my domain credentials, I encountered the following error:

The trust relationship between this workstation and the primary domain failed.

I did a quick Internet search for this error and found the following KB article:

Trust Relationship Between Workstation and Domain Fails

While you could follow the instructions in KB 162797 to resolve this error (removing the computer from the domain and then adding it back), there's a much easier way to resolve the error:

How to use Netdom.exe to reset machine account passwords of a Windows Server domain controller

Don't be put off by the title of this KB article. You just need to read a little bit into it:

[...] This procedure is most frequently used on domain controllers, but also applies to any Windows machine account.

To resolve the error after applying an old Hyper-V snapshot on a VM joined to a domain:

  1. Login to the VM using a local administrator account.
  2. Open an administrator command prompt and run the following command:
    netdom resetpwd /s:{server} /ud:{DOMAIN\user} /pd:*
    For example:
    netdom resetpwd /s:XAVIER1 /ud:TECHTOOLBOX\jjameson /pd:*
    XAVIER1 is one of the domain controllers in my home lab (TECHTOOLBOX).
  3. Logout and log back in using a domain account.

Note that this issue doesn't always occur when rolling back a snapshot. It depends on how old the snapshot is (specifically whether or not the machine account password has changed in the domain since the snapshot was taken).

One of the other things I've learned about using snapshots with a domain-joined VM is that you should be sure to enable the Time synchronization service on the VM. I typically disable this service on domain-joined VMs (since the time is synchronized from the domain controller). However, when using snapshots, the latency in waiting for the time to synchronize after applying a snapshot can quickly become unbearable (especially if you are frequently applying a snapshot).


No comments posted yet.

Add Comment

Optional, but recommended (especially if you have a Gravatar). Note that your email address will not appear with your comment.
If URL is specified, it will be included as a link with your name.

To prevent spam from being submitted, please select the following fruit: Cherries

Please add 2 and 1 and type the answer here: