Re: XEN preventing W2K3 Server from joining AD domain?

To: Doug Sampson <dougs%dawnsign.com@localhost>
Subject: Re: XEN preventing W2K3 Server from joining AD domain?
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Sat, 18 Dec 2010 00:22:37 +0100

On 17.12.2010 23:38, Doug Sampson wrote:
> I'm no tcpdump expert but I went ahead and tried. Results as follows:
> 
> xen# tcpdump -ni wm0 src or dst 192.168.101.4 and ether host
> 00:16:3e:00:00:13
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on wm0, link-type EN10MB (Ethernet), capture size 96 bytes
> 14:22:05.674037 IP 192.168.101.43.57510 > 192.168.101.4.53: 4464+ SRV?
> _ldap._tcp.dc._msdcs.dawnsign.com. (51)
> 14:22:05.674670 IP 192.168.101.4.53 > 192.168.101.43.57510: 4464*
[...]

Well, can't see anything suspicious, it seems to get the _ldap SRV
record and connect to DS. Hmm.

> I am not sure how to interpret this. This is the tcpdump dump of my
> attempt to join the domU Win server to the AD domain. 192.168.101.4 is
> the AD server and 192.168.101.43 is the domU Win guest.
> 
> On a separate issue, I noticed that after the initial bootup of the domU
> Win guest, time synchronization no longer works. The time is within 5
> minutes of the AD server's time so it shouldn't be a factor.

It's in the range, correct. 5 min is the max default value for
authenticators to be valid. Be sure that the default wasn't lowered,
it's a "joke" I sometimes encountered :)

> But I am at
> this point suspecting the virtual network interface as being the
> culprit. But, again, I am unsure as to how to go about diagnosing it.
> 
> Are there other vif types besides ioemu that I could look into? I see
> that Windows detected and installed the Realtek RTL8139 driver for the
> virtual interface. Is this the correct driver to use? I googled for
> various vif types but couldn't locate any.
> 
> Any additional assistance you could provide would be greatly
> appreciated.

Xen uses qemu-dm to emulate devices, and many commands from vanilla qemu
work from within config files. Try:

vif = [ 'mac=00:16:3e:00:00:13, bridge=bridge0, type=ioemu, model=e1000' ]

(or any "model" you want -- see qemu(1))


BTW, is there anything in the event logs for the virtualized Windows server?

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

References:
- XEN preventing W2K3 Server from joining AD domain?
  - From: Doug Sampson
- Re: XEN preventing W2K3 Server from joining AD domain?
  - From: Jean-Yves Migeon
- RE: XEN preventing W2K3 Server from joining AD domain?
  - From: Doug Sampson

Prev by Date: XEN preventing W2K3 Server from joining AD domain?
Next by Date: Re: update_va_mapping failing on recent core i7 980X
Previous by Thread: RE: XEN preventing W2K3 Server from joining AD domain?
Next by Thread: RE: XEN preventing W2K3 Server from joining AD domain?
Indexes:

Home | Main Index | Thread Index | Old Index