Fix trust relationship at sites with smart card restrictions

So I know there are lots of articles out there which tell you  how to fix the trust relationship between a machine and AD. However, in sites where smart cart authentication is enforced for admin accounts, it is very difficult to do that easily. I tried many methods and this is the one which works quickest for me:

This assumes that you have two accounts. one admin and one non admin.

  1. Delete AD computer account of that machine
  2. Add AD account for the machine, let your non admin account be able add machine to domain
  3. Go to the machine and on an “administrative command  prompt” type this command:
  4. netdom resetpwd /s:domain-controller-name /ud:non-admin account /pd:*
  5. You will be prompted for a password. Type the non admin account’s password
  6. Reboot (not strictly needed)
  7. Done!

This is just one way of many other ways to do this.

How to fix replica which has stopped syncing

So the status of your Hyper-V replica shows that replication health is critical and if I click resume replication, it says replicating changes >> and after a few moments >> failed.
There is no other option to fix this issue. Try these steps:

(I use Hyper-V manager for this procedure)

1. From the primary site, remove replication using “remove replication” option.
This will leave the replica VM on the DR site intact.

2. Now, on the DR site, remove replication.

If you look at this replica VM inside VMM, you will see that now it has become a regular VM. It looks like a regular server instead of a server with a shadow behind it. (you may have to refresh VMM)

3. On the primary site, right click on the VM and choose enable replication.

4. Go through the wizard, (next-next) until you come to the “Choose initial replication” page. On that page, choose the option “Use an existing virtual machine on the replica server…”

5. Click finish and it shows “sending initial replica (progress percentage).

Don’t worry, it is not really all the data, it is synchronizing with the data already there at the DR site.

That’s it folks! I hope it helps someone.

How to re-sync replication with an old initial replica on USB drive

I ran into a situation where a large VM had its replication enabled, and the initial replication (IR) sent to a USB drive. Then IR was imported on the DR site. Everything was fine but later on, for one reason or another, the replica was deleted. At this point you have the option of recreating another IR to a USB drive, sending that USB drive to your DR site, importing the new IR again. All that, of course, will take quite a lot of time.

The alternative is to import the same old IR on the USB drive (assuming it is still there at the DR site) and letting the replication sync up the changed bits.

Here is how to do that.

Continue reading “How to re-sync replication with an old initial replica on USB drive”

When pre-staging a computer account for HV replica broker does not work

While creating a Hyper-V replica broker in my HV cluster, I came across a problem. No matter what workaround I tried, my broker wont work. I tried pre-staging the computer account etc, as mentioned here but for my particular environment, it did not work. I read this:

“https://blogs.technet.microsoft.com/askpfeplat/2012/12/09/why-adding-hyper-v-replica-connection-broker-fails-in-failover-cluster-manager/”

and this

https://social.technet.microsoft.com/Forums/en-US/36ab7df9-a202-4493-a4a4-57b9cc8370b8/hyperv-replica-broker-stuck-in-failed-status?forum=winserverhyperv

 

Here is how I resolved it :

  1. I deleted the pre-staged computer account in AD, (which I had created manually, earlier for the replica broker)
  2. Configured the role in FCM, no errors while creation
  3. After that… yes, I got errors in the log (ignore for a minute)
  4. Then I recreated the AD computer name by hand and gave full control over that new account to the cluster’s computer account
  5. Went to FCM > cluster name > roles
  6. Noticed the HV replica role there (but it was in red, stopped)
  7. clicked “start role” on the right side action menu
  8. The role came online in a few seconds.
  9. Done!

Now I can even ping the virtual IP address of this Hyper-V replica broker role!

I guess, for whatever reason, (at least in some environments) FCM cannot really use a “pre-staged” account for this role.


Error 20552 in VMM after restoring database

So after scratching my heard for the most part of two hours, I found out the solution to my problem. The problem started happening after I had to restore the DB of my VMM 2012 R2 onto a new installation. I kept on getting Error 20552 when refreshing any server in VMM.

I finally resolved it by re-entering the password for the “run as account” for the VMM service in control panel.

PS: I had tried resetting the password inside VMM’s settings > Security > run as account > my host admin account. But that was not taking, throwing an error saying that the account was not found in the domain or something 🙁